Intel User-Mode Instruction Prevention Support Revised For The Linux Kernel
An Intel engineer over the weekend sent out the latest patches for implementing the company's User-Mode Instruction Prevention (UMIP) support within the Linux kernel.
User-Mode Instruction Prevention appears to be on track for upcoming Cannonlake processors and prevents certain instructions from being executed if the ring level is greater than zero. These instructions include the store task register, store machine status word, store global descriptor table, and store interrupt descriptor table. To fend off possible escalation attacks, Intel's UMIP security feature will prevent these instructions from being executed outside of the highest level privileges.
UMIP is the feature Intel and Wine developers worked through earlier this year to avoid breaking older Wine code.
More details on UMIP and these patches that are now up to their eleventh revision for the Linux kernel can be found via the kernel mailing list. The patches are likely too late to be readied for Linux 4.15, but hopefully for 4.16 so that it can be out in time for Cannonlake's desktop launch next year.
User-Mode Instruction Prevention appears to be on track for upcoming Cannonlake processors and prevents certain instructions from being executed if the ring level is greater than zero. These instructions include the store task register, store machine status word, store global descriptor table, and store interrupt descriptor table. To fend off possible escalation attacks, Intel's UMIP security feature will prevent these instructions from being executed outside of the highest level privileges.
UMIP is the feature Intel and Wine developers worked through earlier this year to avoid breaking older Wine code.
More details on UMIP and these patches that are now up to their eleventh revision for the Linux kernel can be found via the kernel mailing list. The patches are likely too late to be readied for Linux 4.15, but hopefully for 4.16 so that it can be out in time for Cannonlake's desktop launch next year.
3 Comments