RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 17:07:35 +00:00
Code Issues Activity Actions

Kernel: Enable x86 UMIP (User Mode Instruction Prevention) if supported

Browse source 
This prevents code running outside of kernel mode from using the
following instructions:

* SGDT - Store Global Descriptor Table
* SIDT - Store Interrupt Descriptor Table
* SLDT - Store Local Descriptor Table
* SMSW - Store Machine Status Word
* STR - Store Task Register

There's no need for userspace to be able to use these instructions so
let's just disable them to prevent information leakage.
This commit is contained in:
Andreas Kling 2020-01-01 13:02:32 +01:00
parent 5aeaab601e
commit 9c0836ce97
5 changed files with 23 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Arch/i386/CPU.cpp
View file

@ -549,6 +549,7 @@ bool g_cpu_supports_pae;
bool g_cpu_supports_pge;
bool g_cpu_supports_smep;
bool g_cpu_supports_sse;
bool g_cpu_supports_umip;
void detect_cpu_features()
{
@ -562,4 +563,5 @@ void detect_cpu_features()
CPUID extended_features(0x7);
g_cpu_supports_smep = (extended_features.ebx() & (1 << 7));
g_cpu_supports_umip = (extended_features.ecx() & (1 << 2));
}