From eb4ec8d4b0d5d596c67dc2baf935df30e27fbb71 Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Tue, 12 Aug 2025 23:40:35 -0400
Subject: kernel/amd64: Ensure CR4.UMIP is set by default

To prevent user programs from performing any operations related to
system memory structures (such as the GDT, TSS, etc), we will always set
CR4.UMIP if possible to improve the security of Hyra.

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 sys/include/arch/amd64/cpu.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sys/include/arch/amd64/cpu.h')

diff --git a/sys/include/arch/amd64/cpu.h b/sys/include/arch/amd64/cpu.h
index b02ed5f..3dadebd 100644
--- a/sys/include/arch/amd64/cpu.h
+++ b/sys/include/arch/amd64/cpu.h
@@ -44,6 +44,7 @@
 /* Feature bits */
 #define CPU_FEAT_SMAP  BIT(0)
 #define CPU_FEAT_SMEP  BIT(1)
+#define CPU_FEAT_UMIP  BIT(2)
 
 /* CPU vendors */
 #define CPU_VENDOR_OTHER    0x00000000
-- 
cgit v1.2.3