All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Cc: Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	X86 ML <x86@kernel.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Andy Lutomirski <luto@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Borislav Petkov <bp@suse.de>, Brian Gerst <brgerst@gmail.com>,
	Chen Yucong <slaoub@gmail.com>,
	Chris Metcalf <cmetcalf@mellanox.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Fenghua Yu <fenghua.yu@intel.com>, Huang Rui <ray.huang@amd.com>,
	Jiri Slaby <jslaby@suse.cz>, Jonathan Corbet <corbet@lwn.net>,
	"Michael S . Tsirkin" <mst@redhat.com>,
	Paul Gortmaker <paul.gortmaker@windriver.com>,
	Peter Zijlstra <peterz@infradead.org>,
	"Ravi V . Shankar" <ravi.v.shankar@intel.com>,
	Shuah Khan <shuah@kernel.org>, Vlastimil Babka <vbabka@suse.cz>
Subject: Re: [PATCH 1/4] x86/cpufeature: Add User-Mode Instruction Prevention definitions
Date: Tue, 8 Nov 2016 07:32:29 -0800	[thread overview]
Message-ID: <CALCETrXGFm8pFzn3qCr_k7n=9OUiKtFXRT0bg6TebnrxkTeMRQ@mail.gmail.com> (raw)
In-Reply-To: <1478585533-19406-2-git-send-email-ricardo.neri-calderon@linux.intel.com>

On Mon, Nov 7, 2016 at 10:12 PM, Ricardo Neri
<ricardo.neri-calderon@linux.intel.com> wrote:
> User-Mode Instruction Prevention (UMIP) is a security feature present in
> new Intel Processors. If enabled, it prevents the execution of certain
> instructions if the Current Privilege Level (CPL) is greater than 0. If
> these instructions were executed while in CPL > 0, user space applications
> could have access to system-wide settings such as the global and local
> descriptor tables, the task register and the interrupt descriptor table.
>
> These are the instructions covered by UMIP:
> * SGDT - Store Global Descriptor Table
> * SIDT - Store Interrupt Descriptor Table
> * SLDT - Store Local Descriptor Table
> * SMSW - Store Machine Status Word
> * STR - Store Task Register
>
> If any of these instructions is executed with CPL > 0, a general protection
> exception is issued when UMIP is enbled.
>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: Chen Yucong <slaoub@gmail.com>
> Cc: Chris Metcalf <cmetcalf@mellanox.com>
> Cc: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: Fenghua Yu <fenghua.yu@intel.com>
> Cc: Huang Rui <ray.huang@amd.com>
> Cc: Jiri Slaby <jslaby@suse.cz>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
> ---
>  arch/x86/include/asm/cpufeatures.h          | 1 +
>  arch/x86/include/asm/disabled-features.h    | 8 +++++++-
>  arch/x86/include/uapi/asm/processor-flags.h | 2 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 5f0931b..81ef3bbe 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -282,6 +282,7 @@
>  #define X86_FEATURE_AVIC       (15*32+13) /* Virtual Interrupt Controller */
>
>  /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 16 */
> +#define X86_FEATURE_UMIP       (16*32+ 2) /* User Mode Instruction Protection */
>  #define X86_FEATURE_PKU                (16*32+ 3) /* Protection Keys for Userspace */
>  #define X86_FEATURE_OSPKE      (16*32+ 4) /* OS Protection Keys Enable */
>
> diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
> index 85599ad..4707445 100644
> --- a/arch/x86/include/asm/disabled-features.h
> +++ b/arch/x86/include/asm/disabled-features.h
> @@ -16,6 +16,12 @@
>  # define DISABLE_MPX   (1<<(X86_FEATURE_MPX & 31))
>  #endif
>
> +#ifdef CONFIG_X86_INTEL_UMIP

^^^^^

What's this?

Let's try to do this with a minimum of configuration.

  reply	other threads:[~2016-11-08 15:32 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-08  6:12 [PATCH 0/4] x86: enable User-Mode Instruction Prevention Ricardo Neri
2016-11-08  6:12 ` [PATCH 1/4] x86/cpufeature: Add User-Mode Instruction Prevention definitions Ricardo Neri
2016-11-08 15:32   ` Andy Lutomirski [this message]
2016-11-09  4:25     ` Ricardo Neri
2016-11-09 11:02       ` Andy Lutomirski
2016-11-10  3:24         ` Ricardo Neri
2016-11-10  8:58           ` Borislav Petkov
2016-11-11  4:08             ` Ricardo Neri
2016-11-11 10:22               ` Borislav Petkov
2016-11-12  1:24                 ` Ricardo Neri
2016-11-11 18:06               ` Dave Hansen
2016-11-10 17:09           ` Dave Hansen
2016-11-08  6:12 ` [PATCH 2/4] x86: Prepare vm86 tasks to handle User-Mode Instruction Prevention Ricardo Neri
2016-11-08 16:01   ` Andy Lutomirski
2016-11-08 17:00     ` Peter Zijlstra
2016-11-09  4:26       ` Ricardo Neri
2016-11-08  6:12 ` [PATCH 3/4] x86: Enable " Ricardo Neri
2016-11-08  6:12 ` [PATCH 4/4] selftests/x86: Add tests for " Ricardo Neri
2016-11-08 13:16 ` [PATCH 0/4] x86: enable " Peter Zijlstra
2016-11-08 15:34   ` Andy Lutomirski
2016-11-08 16:52     ` Thomas Gleixner
2016-11-09  4:26       ` Ricardo Neri
2016-11-09  4:31     ` Ricardo Neri
2016-11-09 11:05       ` Andy Lutomirski
2016-11-10  6:46         ` Ricardo Neri
2016-11-10  6:46           ` Ricardo Neri
2016-11-10  8:52           ` Stas Sergeev
2016-11-10  8:52             ` Stas Sergeev
2016-11-11  4:14             ` Ricardo Neri
2016-11-11  4:14               ` Ricardo Neri
2016-11-11 20:51               ` Stas Sergeev
2016-11-11 20:51                 ` Stas Sergeev
2016-11-12  1:29                 ` Ricardo Neri
2016-11-12  1:29                   ` Ricardo Neri
2016-11-14 10:59           ` One Thousand Gnomes
2016-11-14 10:59             ` One Thousand Gnomes
2016-11-14 18:36             ` Harald Arnesen
2016-11-14 18:36               ` Harald Arnesen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrXGFm8pFzn3qCr_k7n=9OUiKtFXRT0bg6TebnrxkTeMRQ@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=akpm@linux-foundation.org \
    --cc=bp@suse.de \
    --cc=brgerst@gmail.com \
    --cc=cmetcalf@mellanox.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=jslaby@suse.cz \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=mst@redhat.com \
    --cc=paul.gortmaker@windriver.com \
    --cc=peterz@infradead.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=ray.huang@amd.com \
    --cc=ricardo.neri-calderon@linux.intel.com \
    --cc=shuah@kernel.org \
    --cc=slaoub@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=vbabka@suse.cz \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.