Intel User-Mode Instruction Prevention Support Revised For The Linux Kernel
Written by Michael Larabel in Intel on 6 November 2017 at 05:25 AM EST. 3 Comments
An Intel engineer over the weekend sent out the latest patches for implementing the company's User-Mode Instruction Prevention (UMIP) support within the Linux kernel.

User-Mode Instruction Prevention appears to be on track for upcoming Cannonlake processors and prevents certain instructions from being executed if the ring level is greater than zero. These instructions include the store task register, store machine status word, store global descriptor table, and store interrupt descriptor table. To fend off possible escalation attacks, Intel's UMIP security feature will prevent these instructions from being executed outside of the highest level privileges.

UMIP is the feature Intel and Wine developers worked through earlier this year to avoid breaking older Wine code.

More details on UMIP and these patches that are now up to their eleventh revision for the Linux kernel can be found via the kernel mailing list. The patches are likely too late to be readied for Linux 4.15, but hopefully for 4.16 so that it can be out in time for Cannonlake's desktop launch next year.
Related News
About The Author
Author picture

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter or contacted via

Popular News This Week