diff options
| author | Ricardo Neri <ricardo.neri-calderon@linux.intel.com> | 2017-11-05 21:27:54 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2017-11-08 05:16:23 -0500 |
| commit | aa35f896979d9610bb11df485cf7bb6ca241febb (patch) | |
| tree | 6fa78d36c09390a81334bfdbfa92478a9cb71209 | |
| parent | c6a960bbf6a36572a06bde866d94a7338c7f256a (diff) | |
x86/umip: Enable User-Mode Instruction Prevention at runtime
User-Mode Instruction Prevention (UMIP) is enabled by setting/clearing a
bit in %cr4.
It makes sense to enable UMIP at some point while booting, before user
spaces come up. Like SMAP and SMEP, is not critical to have it enabled
very early during boot. This is because UMIP is relevant only when there is
a user space to be protected from. Given these similarities, UMIP can be
enabled along with SMAP and SMEP.
At the moment, UMIP is disabled by default at build time. It can be enabled
at build time by selecting CONFIG_X86_INTEL_UMIP. If enabled at build time,
it can be disabled at run time by adding clearcpuid=514 to the kernel
parameters.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Chen Yucong <slaoub@gmail.com>
Cc: Chris Metcalf <cmetcalf@mellanox.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Huang Rui <ray.huang@amd.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: ricardo.neri@intel.com
Link: http://lkml.kernel.org/r/1509935277-22138-10-git-send-email-ricardo.neri-calderon@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
| -rw-r--r-- | arch/x86/Kconfig | 10 | ||||
| -rw-r--r-- | arch/x86/kernel/cpu/common.c | 25 |
2 files changed, 34 insertions, 1 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4ae940a0ed3b..e19fa9f7079a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -1802,6 +1802,16 @@ config X86_SMAP | |||
| 1802 | 1802 | ||
| 1803 | If unsure, say Y. | 1803 | If unsure, say Y. |
| 1804 | 1804 | ||
| 1805 | config X86_INTEL_UMIP | ||
| 1806 | def_bool n | ||
| 1807 | depends on CPU_SUP_INTEL | ||
| 1808 | prompt "Intel User Mode Instruction Prevention" if EXPERT | ||
| 1809 | ---help--- | ||
| 1810 | The User Mode Instruction Prevention (UMIP) is a security | ||
| 1811 | feature in newer Intel processors. If enabled, a general | ||
| 1812 | protection fault is issued if the instructions SGDT, SLDT, | ||
| 1813 | SIDT, SMSW and STR are executed in user mode. | ||
| 1814 | |||
| 1805 | config X86_INTEL_MPX | 1815 | config X86_INTEL_MPX |
| 1806 | prompt "Intel MPX (Memory Protection Extensions)" | 1816 | prompt "Intel MPX (Memory Protection Extensions)" |
| 1807 | def_bool n | 1817 | def_bool n |
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index cdf79ab628c2..47f8a85be11c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c | |||
| @@ -329,6 +329,28 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) | |||
| 329 | } | 329 | } |
| 330 | } | 330 | } |
| 331 | 331 | ||
| 332 | static __always_inline void setup_umip(struct cpuinfo_x86 *c) | ||
| 333 | { | ||
| 334 | /* Check the boot processor, plus build option for UMIP. */ | ||
| 335 | if (!cpu_feature_enabled(X86_FEATURE_UMIP)) | ||
| 336 | goto out; | ||
| 337 | |||
| 338 | /* Check the current processor's cpuid bits. */ | ||
| 339 | if (!cpu_has(c, X86_FEATURE_UMIP)) | ||
| 340 | goto out; | ||
| 341 | |||
| 342 | cr4_set_bits(X86_CR4_UMIP); | ||
| 343 | |||
| 344 | return; | ||
| 345 | |||
| 346 | out: | ||
| 347 | /* | ||
| 348 | * Make sure UMIP is disabled in case it was enabled in a | ||
| 349 | * previous boot (e.g., via kexec). | ||
| 350 | */ | ||
| 351 | cr4_clear_bits(X86_CR4_UMIP); | ||
| 352 | } | ||
| 353 | |||
| 332 | /* | 354 | /* |
| 333 | * Protection Keys are not available in 32-bit mode. | 355 | * Protection Keys are not available in 32-bit mode. |
| 334 | */ | 356 | */ |
| @@ -1147,9 +1169,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) | |||
| 1147 | /* Disable the PN if appropriate */ | 1169 | /* Disable the PN if appropriate */ |
| 1148 | squash_the_stupid_serial_number(c); | 1170 | squash_the_stupid_serial_number(c); |
| 1149 | 1171 | ||
| 1150 | /* Set up SMEP/SMAP */ | 1172 | /* Set up SMEP/SMAP/UMIP */ |
| 1151 | setup_smep(c); | 1173 | setup_smep(c); |
| 1152 | setup_smap(c); | 1174 | setup_smap(c); |
| 1175 | setup_umip(c); | ||
| 1153 | 1176 | ||
| 1154 | /* | 1177 | /* |
| 1155 | * The vendor-specific functions might have changed features. | 1178 | * The vendor-specific functions might have changed features. |