Intel User-Mode Instruction Prevention Support Revised For The Linux Kernel
Written by Michael Larabel in Intel on 6 November 2017 at 05:25 AM EST. 3 Comments
INTEL --
An Intel engineer over the weekend sent out the latest patches for implementing the company's User-Mode Instruction Prevention (UMIP) support within the Linux kernel.

User-Mode Instruction Prevention appears to be on track for upcoming Cannonlake processors and prevents certain instructions from being executed if the ring level is greater than zero. These instructions include the store task register, store machine status word, store global descriptor table, and store interrupt descriptor table. To fend off possible escalation attacks, Intel's UMIP security feature will prevent these instructions from being executed outside of the highest level privileges.

UMIP is the feature Intel and Wine developers worked through earlier this year to avoid breaking older Wine code.

More details on UMIP and these patches that are now up to their eleventh revision for the Linux kernel can be found via the kernel mailing list. The patches are likely too late to be readied for Linux 4.15, but hopefully for 4.16 so that it can be out in time for Cannonlake's desktop launch next year.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week