On 02/03/2026 2:50 pm, Jan Beulich wrote: > On 28.02.2026 00:16, Andrew Cooper wrote: >> FRED doesn't use Supervisor Shadow Stack tokens. This means that: >> >> 1) memguard_guard_stack() should not write Supervisor Shadow Stack Tokens. >> 2) cpu_has_bug_shstk_fracture is no longer relevant when deciding whether or >> not to enable Shadow Stacks in the first place. >> >> Signed-off-by: Andrew Cooper <[email protected]> > Reviewed-by: Jan Beulich <[email protected]>
Thanks. >> The SDM explicitly points out the shstk fracture vs FRED case, yet PTL >> enumerates CET-SSS (immunity to shstk fracture). I can only assume that >> there >> are other Intel CPUs with FRED but without CET-SSS. > Isn't CET-SSS still relevant to OSes not using FRED (much like you do for > the fred=no case)? Yes, CET-SSS is relevant outside of FRED mode. I just don't see the point of the note if all FRED systems will enumerate CET-SSS. ~Andrew
