From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S941306AbcKQGwS (ORCPT ); Thu, 17 Nov 2016 01:52:18 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:33831 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S938562AbcKQGwR (ORCPT ); Thu, 17 Nov 2016 01:52:17 -0500 Date: Thu, 17 Nov 2016 07:52:13 +0100 From: Ingo Molnar To: Jan Beulich Cc: mingo@elte.hu, tglx@linutronix.de, hpa@zytor.com, linux-kernel@vger.kernel.org, Ricardo Neri , Andy Lutomirski , Borislav Petkov , Stas Sergeev Subject: Re: [PATCH] x86: add UMIP support Message-ID: <20161117065213.GA10358@gmail.com> References: <582C8CE3020000780011F475@prv-mh.provo.novell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <582C8CE3020000780011F475@prv-mh.provo.novell.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Jan Beulich wrote: > This is a small aid to security, hiding in particular the kernel address > information otherwise available through SGDT/SIDT. > > Signed-off-by: Jan Beulich > --- > Main question here is whether to limit this to 64-bit (or at least > !CONFIG_VM86) for the time being, or to disable it while running VM86 > mode code: Such code isn't unlikely to use SMSW (and one of SGDT/SIDT) > to figure out whether it's running on an i286 or i386, as the EFLAGS > based method recommended by Intel's SDM can't be relied upon there. > --- > Documentation/kernel-parameters.txt | 4 ++++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/uapi/asm/processor-flags.h | 2 ++ > arch/x86/kernel/cpu/common.c | 16 +++++++++++++++- > 4 files changed, 22 insertions(+), 1 deletion(-) Note that similar patches have been submitted a week ago: https://lkml.org/lkml/2016/11/8/68 Thanks, Ingo