Kernel: Enable x86 UMIP (User Mode Instruction Prevention) if supported

This prevents code running outside of kernel mode from using the following instructions: * SGDT - Store Global Descriptor Table * SIDT - Store Interrupt Descriptor Table * SLDT - Store Local Descriptor Table * SMSW - Store Machine Status Word * STR - Store Task Register There's no need for userspace to be able to use these instructions so let's just disable them to prevent information leakage.
2025-07-26 07:47:37 +00:00 · 2020-01-01 13:02:32 +01:00 · 2020-01-01 13:02:32 +01:00 · 9c0836ce97
commit 9c0836ce97
parent 5aeaab601e
5 changed files with 23 additions and 1 deletions
--- a/Userland/crash.cpp
+++ b/Userland/crash.cpp
@ -10,7 +10,7 @@

 static void print_usage_and_exit()
 {
-    printf("usage: crash -[AsdiamfMFTtSxyX]\n");
+    printf("usage: crash -[AsdiamfMFTtSxyXU]\n");
    exit(0);
 }

@ -98,6 +98,7 @@ int main(int argc, char** argv)
        WriteToFreedMemoryStillCachedByMalloc,
        ReadFromFreedMemoryStillCachedByMalloc,
        ExecuteNonExecutableMemory,
+        TriggerUserModeInstructionPrevention,
    };
    Mode mode = SegmentationViolation;

@ -136,6 +137,8 @@ int main(int argc, char** argv)
        mode = WriteToFreedMemoryStillCachedByMalloc;
    else if (String(argv[1]) == "-X")
        mode = ExecuteNonExecutableMemory;
+    else if (String(argv[1]) == "-U")
+        mode = TriggerUserModeInstructionPrevention;
    else
        print_usage_and_exit();

@ -320,6 +323,13 @@ int main(int argc, char** argv)
        }).run(run_type);
    }

+    if (mode == TriggerUserModeInstructionPrevention || mode == TestAllCrashTypes) {
+        Crash("Trigger x86 User Mode Instruction Prevention", []() {
+            asm volatile("str %eax");
+            return Crash::Failure::DidNotCrash;
+        }).run(run_type);
+    }
+
    return 0;
 }