[v6 PATCH 20/21] x86: Enable User-Mode Instruction Prevention

Ricardo Neri ricardo.neri-calderon at linux.intel.com
Tue Mar 7 18:32:53 CST 2017 

User_mode Instruction Prevention (UMIP) is enabled by setting/clearing a
bit in %cr4.

It makes sense to enable UMIP at some point while booting, before user
spaces come up. Like SMAP and SMEP, is not critical to have it enabled
very early during boot. This is because UMIP is relevant only when there is
a userspace to be protected from. Given the similarities in relevance, it
makes sense to enable UMIP along with SMAP and SMEP.

UMIP is enabled by default. It can be disabled by adding clearcpuid=514
to the kernel parameters.

Cc: Andy Lutomirski <luto at kernel.org>
Cc: Andrew Morton <akpm at linux-foundation.org>
Cc: H. Peter Anvin <hpa at zytor.com>
Cc: Borislav Petkov <bp at suse.de>
Cc: Brian Gerst <brgerst at gmail.com>
Cc: Chen Yucong <slaoub at gmail.com>
Cc: Chris Metcalf <cmetcalf at mellanox.com>
Cc: Dave Hansen <dave.hansen at linux.intel.com>
Cc: Fenghua Yu <fenghua.yu at intel.com>
Cc: Huang Rui <ray.huang at amd.com>
Cc: Jiri Slaby <jslaby at suse.cz>
Cc: Jonathan Corbet <corbet at lwn.net>
Cc: Michael S. Tsirkin <mst at redhat.com>
Cc: Paul Gortmaker <paul.gortmaker at windriver.com>
Cc: Peter Zijlstra <peterz at infradead.org>
Cc: Ravi V. Shankar <ravi.v.shankar at intel.com>
Cc: Shuah Khan <shuah at kernel.org>
Cc: Vlastimil Babka <vbabka at suse.cz>
Cc: Tony Luck <tony.luck at intel.com>
Cc: Paolo Bonzini <pbonzini at redhat.com>
Cc: Liang Z. Li <liang.z.li at intel.com>
Cc: Alexandre Julliard <julliard at winehq.org>
Cc: Stas Sergeev <stsp at list.ru>
Cc: x86 at kernel.org
Cc: linux-msdos at vger.kernel.org
Signed-off-by: Ricardo Neri <ricardo.neri-calderon at linux.intel.com>
---
 arch/x86/Kconfig             | 10 ++++++++++
 arch/x86/kernel/cpu/common.c | 16 +++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index cc98d5a..b7f1226 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1735,6 +1735,16 @@ config X86_SMAP
 
 	  If unsure, say Y.
 
+config X86_INTEL_UMIP
+	def_bool y
+	depends on CPU_SUP_INTEL
+	prompt "Intel User Mode Instruction Prevention" if EXPERT
+	---help---
+	  The User Mode Instruction Prevention (UMIP) is a security
+	  feature in newer Intel processors. If enabled, a general
+	  protection fault is issued if the instructions SGDT, SLDT,
+	  SIDT, SMSW and STR are executed in user mode.
+
 config X86_INTEL_MPX
 	prompt "Intel MPX (Memory Protection Extensions)"
 	def_bool n
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 58094a1..9f59eb5 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -311,6 +311,19 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
 	}
 }
 
+static __always_inline void setup_umip(struct cpuinfo_x86 *c)
+{
+	if (cpu_feature_enabled(X86_FEATURE_UMIP) &&
+	    cpu_has(c, X86_FEATURE_UMIP))
+		cr4_set_bits(X86_CR4_UMIP);
+	else
+		/*
+		 * Make sure UMIP is disabled in case it was enabled in a
+		 * previous boot (e.g., via kexec).
+		 */
+		cr4_clear_bits(X86_CR4_UMIP);
+}
+
 /*
  * Protection Keys are not available in 32-bit mode.
  */
@@ -1080,9 +1093,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
 	/* Disable the PN if appropriate */
 	squash_the_stupid_serial_number(c);
 
-	/* Set up SMEP/SMAP */
+	/* Set up SMEP/SMAP/UMIP */
 	setup_smep(c);
 	setup_smap(c);
+	setup_umip(c);
 
 	/*
 	 * The vendor-specific functions might have changed features.
-- 
2.9.3

More information about the wine-devel mailing list