Kernel: Enable x86 UMIP (User Mode Instruction Prevention) if supported

This prevents code running outside of kernel mode from using the following instructions: * SGDT - Store Global Descriptor Table * SIDT - Store Interrupt Descriptor Table * SLDT - Store Local Descriptor Table * SMSW - Store Machine Status Word * STR - Store Task Register There's no need for userspace to be able to use these instructions so let's just disable them to prevent information leakage.
2025-05-31 11:38:11 +00:00 · 2020-01-01 13:02:32 +01:00 · 2020-01-01 13:02:32 +01:00 · 9c0836ce97
commit 9c0836ce97
parent 5aeaab601e
5 changed files with 23 additions and 1 deletions
--- a/Kernel/init.cpp
+++ b/Kernel/init.cpp
@ -258,6 +258,14 @@ extern "C" [[noreturn]] void init(u32 physical_address_for_kernel_page_tables)
        kprintf("x86: SSE support enabled\n");
    }

+    if (g_cpu_supports_umip) {
+        asm volatile(
+            "mov %cr4, %eax\n"
+            "orl $0x800, %eax\n"
+            "mov %eax, %cr4\n");
+        kprintf("x86: UMIP support enabled\n");
+    }
+
    RTC::initialize();
    PIC::initialize();
    gdt_init();