[PATCH v2] x86/Kconfig: Rename UMIP config parameter

[PATCH v2] x86/Kconfig: Rename UMIP config parameter

[Moger, Babu]

AMD 2nd generation EPYC processors support the UMIP (User-Mode
Instruction Prevention) feature. So, rename X86_INTEL_UMIP to
generic X86_UMIP and modify the text to cover both Intel and AMD.

Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v2:
  Learned that for the hardware that support UMIP, we dont need to
  emulate. Removed the emulation related code and just submitting
  the config changes.

 arch/x86/Kconfig                         |    8 ++++----
 arch/x86/include/asm/disabled-features.h |    2 +-
 arch/x86/include/asm/umip.h              |    4 ++--
 arch/x86/kernel/Makefile                 |    2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d6e1faa28c58..821b7cebff31 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1880,13 +1880,13 @@ config X86_SMAP
 
 	  If unsure, say Y.
 
-config X86_INTEL_UMIP
+config X86_UMIP
 	def_bool y
-	depends on CPU_SUP_INTEL
-	prompt "Intel User Mode Instruction Prevention" if EXPERT
+	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
+	prompt "User Mode Instruction Prevention" if EXPERT
 	---help---
 	  The User Mode Instruction Prevention (UMIP) is a security
-	  feature in newer Intel processors. If enabled, a general
+	  feature in newer x86 processors. If enabled, a general
 	  protection fault is issued if the SGDT, SLDT, SIDT, SMSW
 	  or STR instructions are executed in user mode. These instructions
 	  unnecessarily expose information about the hardware state.
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index a5ea841cc6d2..8e1d0bb46361 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -22,7 +22,7 @@
 # define DISABLE_SMAP	(1<<(X86_FEATURE_SMAP & 31))
 #endif
 
-#ifdef CONFIG_X86_INTEL_UMIP
+#ifdef CONFIG_X86_UMIP
 # define DISABLE_UMIP	0
 #else
 # define DISABLE_UMIP	(1<<(X86_FEATURE_UMIP & 31))
diff --git a/arch/x86/include/asm/umip.h b/arch/x86/include/asm/umip.h
index db43f2a0d92c..aeed98c3c9e1 100644
--- a/arch/x86/include/asm/umip.h
+++ b/arch/x86/include/asm/umip.h
@@ -4,9 +4,9 @@
 #include <linux/types.h>
 #include <asm/ptrace.h>
 
-#ifdef CONFIG_X86_INTEL_UMIP
+#ifdef CONFIG_X86_UMIP
 bool fixup_umip_exception(struct pt_regs *regs);
 #else
 static inline bool fixup_umip_exception(struct pt_regs *regs) { return false; }
-#endif  /* CONFIG_X86_INTEL_UMIP */
+#endif  /* CONFIG_X86_UMIP */
 #endif  /* _ASM_X86_UMIP_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 3578ad248bc9..52ce1e239525 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -134,7 +134,7 @@ obj-$(CONFIG_EFI)			+= sysfb_efi.o
 obj-$(CONFIG_PERF_EVENTS)		+= perf_regs.o
 obj-$(CONFIG_TRACING)			+= tracepoint.o
 obj-$(CONFIG_SCHED_MC_PRIO)		+= itmt.o
-obj-$(CONFIG_X86_INTEL_UMIP)		+= umip.o
+obj-$(CONFIG_X86_UMIP)			+= umip.o
 
 obj-$(CONFIG_UNWINDER_ORC)		+= unwind_orc.o
 obj-$(CONFIG_UNWINDER_FRAME_POINTER)	+= unwind_frame.o

Re: [PATCH v2] x86/Kconfig: Rename UMIP config parameter

[Borislav Petkov]

On Mon, Nov 04, 2019 at 08:50:51PM +0000, Moger, Babu wrote:
> AMD 2nd generation EPYC processors support the UMIP (User-Mode
> Instruction Prevention) feature. So, rename X86_INTEL_UMIP to
> generic X86_UMIP and modify the text to cover both Intel and AMD.
> 
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v2:
>   Learned that for the hardware that support UMIP, we dont need to
>   emulate. Removed the emulation related code and just submitting
>   the config changes.
> 
>  arch/x86/Kconfig                         |    8 ++++----
>  arch/x86/include/asm/disabled-features.h |    2 +-
>  arch/x86/include/asm/umip.h              |    4 ++--
>  arch/x86/kernel/Makefile                 |    2 +-
>  4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index d6e1faa28c58..821b7cebff31 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1880,13 +1880,13 @@ config X86_SMAP
>  
>  	  If unsure, say Y.
>  
> -config X86_INTEL_UMIP
> +config X86_UMIP
>  	def_bool y
> -	depends on CPU_SUP_INTEL
> -	prompt "Intel User Mode Instruction Prevention" if EXPERT
> +	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
		   ^^^

What's the dependency on X86 for?

Aren't the CPU_SUP_* things enough?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH v2] x86/Kconfig: Rename UMIP config parameter

[Sean Christopherson]

On Mon, Nov 04, 2019 at 08:50:51PM +0000, Moger, Babu wrote:
> AMD 2nd generation EPYC processors support the UMIP (User-Mode
> Instruction Prevention) feature. So, rename X86_INTEL_UMIP to
> generic X86_UMIP and modify the text to cover both Intel and AMD.

There's a similar comment in the umip.c documentation that needs to be
updated, and a grammatical error that can be opportunistically fixed, i.e.

 * The feature User-Mode Instruction Prevention present in recent Intel
 * processor

to 

 * The feature User-Mode Instruction Prevention present in recent x86
 * processors


IMO, the whole opening paragraph of the umip.c docs is weirdly worded and
could be rewritten to something similar to the Kconfig help text, e.g.

 * User-Mode Instruction Prevention is a security feature present in recent x86
 * processors that, when enabled, prevents a group of instructions (SGDT, SIDT,
 * SLDT, SMSW and STR) from being run in user mode by issuing a general
 * protection fault if the instruction is executed with CPL > 0.

> 
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v2:
>   Learned that for the hardware that support UMIP, we dont need to
>   emulate. Removed the emulation related code and just submitting
>   the config changes.
> 
>  arch/x86/Kconfig                         |    8 ++++----
>  arch/x86/include/asm/disabled-features.h |    2 +-
>  arch/x86/include/asm/umip.h              |    4 ++--
>  arch/x86/kernel/Makefile                 |    2 +-
>  4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index d6e1faa28c58..821b7cebff31 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1880,13 +1880,13 @@ config X86_SMAP
>  
>  	  If unsure, say Y.
>  
> -config X86_INTEL_UMIP
> +config X86_UMIP
>  	def_bool y
> -	depends on CPU_SUP_INTEL
> -	prompt "Intel User Mode Instruction Prevention" if EXPERT
> +	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
> +	prompt "User Mode Instruction Prevention" if EXPERT
>  	---help---
>  	  The User Mode Instruction Prevention (UMIP) is a security

Maybe opportunistically drop "The"?

> -	  feature in newer Intel processors. If enabled, a general
> +	  feature in newer x86 processors. If enabled, a general
>  	  protection fault is issued if the SGDT, SLDT, SIDT, SMSW
>  	  or STR instructions are executed in user mode. These instructions
>  	  unnecessarily expose information about the hardware state.
> diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
> index a5ea841cc6d2..8e1d0bb46361 100644
> --- a/arch/x86/include/asm/disabled-features.h
> +++ b/arch/x86/include/asm/disabled-features.h
> @@ -22,7 +22,7 @@
>  # define DISABLE_SMAP	(1<<(X86_FEATURE_SMAP & 31))
>  #endif
>  
> -#ifdef CONFIG_X86_INTEL_UMIP
> +#ifdef CONFIG_X86_UMIP
>  # define DISABLE_UMIP	0
>  #else
>  # define DISABLE_UMIP	(1<<(X86_FEATURE_UMIP & 31))
> diff --git a/arch/x86/include/asm/umip.h b/arch/x86/include/asm/umip.h
> index db43f2a0d92c..aeed98c3c9e1 100644
> --- a/arch/x86/include/asm/umip.h
> +++ b/arch/x86/include/asm/umip.h
> @@ -4,9 +4,9 @@
>  #include <linux/types.h>
>  #include <asm/ptrace.h>
>  
> -#ifdef CONFIG_X86_INTEL_UMIP
> +#ifdef CONFIG_X86_UMIP
>  bool fixup_umip_exception(struct pt_regs *regs);
>  #else
>  static inline bool fixup_umip_exception(struct pt_regs *regs) { return false; }
> -#endif  /* CONFIG_X86_INTEL_UMIP */
> +#endif  /* CONFIG_X86_UMIP */
>  #endif  /* _ASM_X86_UMIP_H */
> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> index 3578ad248bc9..52ce1e239525 100644
> --- a/arch/x86/kernel/Makefile
> +++ b/arch/x86/kernel/Makefile
> @@ -134,7 +134,7 @@ obj-$(CONFIG_EFI)			+= sysfb_efi.o
>  obj-$(CONFIG_PERF_EVENTS)		+= perf_regs.o
>  obj-$(CONFIG_TRACING)			+= tracepoint.o
>  obj-$(CONFIG_SCHED_MC_PRIO)		+= itmt.o
> -obj-$(CONFIG_X86_INTEL_UMIP)		+= umip.o
> +obj-$(CONFIG_X86_UMIP)			+= umip.o
>  
>  obj-$(CONFIG_UNWINDER_ORC)		+= unwind_orc.o
>  obj-$(CONFIG_UNWINDER_FRAME_POINTER)	+= unwind_frame.o
> 

RE: [PATCH v2] x86/Kconfig: Rename UMIP config parameter

[Moger, Babu]

> -----Original Message-----
> From: Borislav Petkov <bp@alien8.de>
> Sent: Monday, November 4, 2019 3:48 PM
> To: Moger, Babu <Babu.Moger@amd.com>
> Cc: tglx@linutronix.de; mingo@redhat.com; hpa@zytor.com;
> pbonzini@redhat.com; rkrcmar@redhat.com; sean.j.christopherson@intel.com;
> vkuznets@redhat.com; wanpengli@tencent.com; jmattson@google.com;
> x86@kernel.org; joro@8bytes.org; luto@kernel.org; zohar@linux.ibm.com;
> yamada.masahiro@socionext.com; nayna@linux.ibm.com; linux-
> kernel@vger.kernel.org; kvm@vger.kernel.org
> Subject: Re: [PATCH v2] x86/Kconfig: Rename UMIP config parameter
> 
> On Mon, Nov 04, 2019 at 08:50:51PM +0000, Moger, Babu wrote:
> > AMD 2nd generation EPYC processors support the UMIP (User-Mode
> > Instruction Prevention) feature. So, rename X86_INTEL_UMIP to
> > generic X86_UMIP and modify the text to cover both Intel and AMD.
> >
> > Signed-off-by: Babu Moger <babu.moger@amd.com>
> > ---
> > v2:
> >   Learned that for the hardware that support UMIP, we dont need to
> >   emulate. Removed the emulation related code and just submitting
> >   the config changes.
> >
> >  arch/x86/Kconfig                         |    8 ++++----
> >  arch/x86/include/asm/disabled-features.h |    2 +-
> >  arch/x86/include/asm/umip.h              |    4 ++--
> >  arch/x86/kernel/Makefile                 |    2 +-
> >  4 files changed, 8 insertions(+), 8 deletions(-)
> >
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index d6e1faa28c58..821b7cebff31 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kconfig
> > @@ -1880,13 +1880,13 @@ config X86_SMAP
> >
> >  	  If unsure, say Y.
> >
> > -config X86_INTEL_UMIP
> > +config X86_UMIP
> >  	def_bool y
> > -	depends on CPU_SUP_INTEL
> > -	prompt "Intel User Mode Instruction Prevention" if EXPERT
> > +	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
> 		   ^^^
> 
> What's the dependency on X86 for?
> 
> Aren't the CPU_SUP_* things enough?

Yes. It should be good enough. Will update.
> 
> --
> Regards/Gruss,
>     Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette

RE: [PATCH v2] x86/Kconfig: Rename UMIP config parameter

[Moger, Babu]

> -----Original Message-----
> From: Sean Christopherson <sean.j.christopherson@intel.com>
> Sent: Monday, November 4, 2019 3:49 PM
> To: Moger, Babu <Babu.Moger@amd.com>
> Cc: tglx@linutronix.de; mingo@redhat.com; bp@alien8.de; hpa@zytor.com;
> pbonzini@redhat.com; rkrcmar@redhat.com; vkuznets@redhat.com;
> wanpengli@tencent.com; jmattson@google.com; x86@kernel.org;
> joro@8bytes.org; luto@kernel.org; zohar@linux.ibm.com;
> yamada.masahiro@socionext.com; nayna@linux.ibm.com; linux-
> kernel@vger.kernel.org; kvm@vger.kernel.org
> Subject: Re: [PATCH v2] x86/Kconfig: Rename UMIP config parameter
> 
> On Mon, Nov 04, 2019 at 08:50:51PM +0000, Moger, Babu wrote:
> > AMD 2nd generation EPYC processors support the UMIP (User-Mode
> > Instruction Prevention) feature. So, rename X86_INTEL_UMIP to
> > generic X86_UMIP and modify the text to cover both Intel and AMD.
> 
> There's a similar comment in the umip.c documentation that needs to be
> updated, and a grammatical error that can be opportunistically fixed, i.e.
> 
>  * The feature User-Mode Instruction Prevention present in recent Intel
>  * processor
> 
> to
> 
>  * The feature User-Mode Instruction Prevention present in recent x86
>  * processors
> 
Sure.
> 
> IMO, the whole opening paragraph of the umip.c docs is weirdly worded and
> could be rewritten to something similar to the Kconfig help text, e.g.
> 
>  * User-Mode Instruction Prevention is a security feature present in recent x86
>  * processors that, when enabled, prevents a group of instructions (SGDT, SIDT,
>  * SLDT, SMSW and STR) from being run in user mode by issuing a general
>  * protection fault if the instruction is executed with CPL > 0.

Sure. Will update it. Will add as patch #2 as this is separate from config file.

> 
> >
> > Signed-off-by: Babu Moger <babu.moger@amd.com>
> > ---
> > v2:
> >   Learned that for the hardware that support UMIP, we dont need to
> >   emulate. Removed the emulation related code and just submitting
> >   the config changes.
> >
> >  arch/x86/Kconfig                         |    8 ++++----
> >  arch/x86/include/asm/disabled-features.h |    2 +-
> >  arch/x86/include/asm/umip.h              |    4 ++--
> >  arch/x86/kernel/Makefile                 |    2 +-
> >  4 files changed, 8 insertions(+), 8 deletions(-)
> >
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index d6e1faa28c58..821b7cebff31 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kconfig
> > @@ -1880,13 +1880,13 @@ config X86_SMAP
> >
> >  	  If unsure, say Y.
> >
> > -config X86_INTEL_UMIP
> > +config X86_UMIP
> >  	def_bool y
> > -	depends on CPU_SUP_INTEL
> > -	prompt "Intel User Mode Instruction Prevention" if EXPERT
> > +	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
> > +	prompt "User Mode Instruction Prevention" if EXPERT
> >  	---help---
> >  	  The User Mode Instruction Prevention (UMIP) is a security
> 
> Maybe opportunistically drop "The"?
Sure.
> 
> > -	  feature in newer Intel processors. If enabled, a general
> > +	  feature in newer x86 processors. If enabled, a general
> >  	  protection fault is issued if the SGDT, SLDT, SIDT, SMSW
> >  	  or STR instructions are executed in user mode. These instructions
> >  	  unnecessarily expose information about the hardware state.
> > diff --git a/arch/x86/include/asm/disabled-features.h
> b/arch/x86/include/asm/disabled-features.h
> > index a5ea841cc6d2..8e1d0bb46361 100644
> > --- a/arch/x86/include/asm/disabled-features.h
> > +++ b/arch/x86/include/asm/disabled-features.h
> > @@ -22,7 +22,7 @@
> >  # define DISABLE_SMAP	(1<<(X86_FEATURE_SMAP & 31))
> >  #endif
> >
> > -#ifdef CONFIG_X86_INTEL_UMIP
> > +#ifdef CONFIG_X86_UMIP
> >  # define DISABLE_UMIP	0
> >  #else
> >  # define DISABLE_UMIP	(1<<(X86_FEATURE_UMIP & 31))
> > diff --git a/arch/x86/include/asm/umip.h b/arch/x86/include/asm/umip.h
> > index db43f2a0d92c..aeed98c3c9e1 100644
> > --- a/arch/x86/include/asm/umip.h
> > +++ b/arch/x86/include/asm/umip.h
> > @@ -4,9 +4,9 @@
> >  #include <linux/types.h>
> >  #include <asm/ptrace.h>
> >
> > -#ifdef CONFIG_X86_INTEL_UMIP
> > +#ifdef CONFIG_X86_UMIP
> >  bool fixup_umip_exception(struct pt_regs *regs);
> >  #else
> >  static inline bool fixup_umip_exception(struct pt_regs *regs) { return false; }
> > -#endif  /* CONFIG_X86_INTEL_UMIP */
> > +#endif  /* CONFIG_X86_UMIP */
> >  #endif  /* _ASM_X86_UMIP_H */
> > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> > index 3578ad248bc9..52ce1e239525 100644
> > --- a/arch/x86/kernel/Makefile
> > +++ b/arch/x86/kernel/Makefile
> > @@ -134,7 +134,7 @@ obj-$(CONFIG_EFI)			+= sysfb_efi.o
> >  obj-$(CONFIG_PERF_EVENTS)		+= perf_regs.o
> >  obj-$(CONFIG_TRACING)			+= tracepoint.o
> >  obj-$(CONFIG_SCHED_MC_PRIO)		+= itmt.o
> > -obj-$(CONFIG_X86_INTEL_UMIP)		+= umip.o
> > +obj-$(CONFIG_X86_UMIP)			+= umip.o
> >
> >  obj-$(CONFIG_UNWINDER_ORC)		+= unwind_orc.o
> >  obj-$(CONFIG_UNWINDER_FRAME_POINTER)	+= unwind_frame.o
> >