Bug 12367 - CONFIG_X86_INTEL_UMIP is not enabled on x86_64
Summary: CONFIG_X86_INTEL_UMIP is not enabled on x86_64
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: x86_64 All
: Will affect most users Security
Assignee: Peter Müller
QA Contact: Arne.F
URL:
Keywords:
Depends on:
Blocks: KERNSEC
  Show dependency treegraph
 
Reported: 2020-04-14 15:26 UTC by Peter Müller
Modified: 2022-07-11 13:12 UTC (History)
1 user (show)

See Also:
peter.mueller: needinfo+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-04-14 15:26:18 UTC 
Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: High
> 
> The User Mode Instruction Prevention (UMIP) is a security feature in newer
> Intel processors. If enabled a general protection fault is issued if the SGDT
> SLDT SIDT SMSW or STR instructions are executed in user mode. These
> instructions unnecessarily expose information about the hardware state.

Not sure if we want or can even enable this (what about x86_64 on AMD?).
Comment 1 Peter Müller 2020-06-09 17:31:58 UTC 
https://patchwork.ipfire.org/patch/3175/
Comment 2 Peter Müller 2022-07-11 13:12:08 UTC 
This has been fixed in https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c062c7700f77407c364dcacb8ee88a2ec14d610e a long time ago.