diff options
| author | Ricardo Neri <[email protected]> | 2017-11-13 22:29:42 -0800 |
|---|---|---|
| committer | Ingo Molnar <[email protected]> | 2017-11-14 08:38:08 +0100 |
| commit | 796ebc81b9931bfa293b4ca38ae28c21a363f4d0 (patch) | |
| tree | 43e07b5a5ff2d3057d1724380c64a78ec7040acc | |
| parent | b29c6ef7bb1257853c1e31616d84f55e561cf631 (diff) | |
x86/umip: Select X86_INTEL_UMIP by default
UMIP does cause any performance penalty to the vast majority of x86 code
that does not use the legacy instructions affected by UMIP.
Also describe UMIP more accurately and explain the behavior that can be
expected by the (few) applications that use the affected instructions.
Suggested-by: Ingo Molnar <[email protected]>
Signed-off-by: Ricardo Neri <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Paolo Bonzini <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Ravi V. Shankar <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Tony Luck <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/1510640985-18412-2-git-send-email-ricardo.neri-calderon@linux.intel.com
[ Spelling fixes, rewrote the changelog. ]
Signed-off-by: Ingo Molnar <[email protected]>
| -rw-r--r-- | arch/x86/Kconfig | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f08977d82ca0..a0623f0668ab 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1805,14 +1805,20 @@ config X86_SMAP If unsure, say Y. config X86_INTEL_UMIP - def_bool n + def_bool y depends on CPU_SUP_INTEL prompt "Intel User Mode Instruction Prevention" if EXPERT ---help--- The User Mode Instruction Prevention (UMIP) is a security feature in newer Intel processors. If enabled, a general - protection fault is issued if the instructions SGDT, SLDT, - SIDT, SMSW and STR are executed in user mode. + protection fault is issued if the SGDT, SLDT, SIDT, SMSW + or STR instructions are executed in user mode. These instructions + unnecessarily expose information about the hardware state. + + The vast majority of applications do not use these instructions. + For the very few that do, software emulation is provided in + specific cases in protected and virtual-8086 modes. Emulated + results are dummy. config X86_INTEL_MPX prompt "Intel MPX (Memory Protection Extensions)" |