x86/umip: Select X86_INTEL_UMIP by default

[linux-block.git] / arch / x86 / Kconfig

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f08977d82ca0dd2cb49ee4798b45245fa1b5999c..a0623f0668ab1dec21f4cee255cb004e357a4ae6 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1805,14 +1805,20 @@ config X86_SMAP
          If unsure, say Y.
 
 config X86_INTEL_UMIP
-       def_bool n
+       def_bool y
        depends on CPU_SUP_INTEL
        prompt "Intel User Mode Instruction Prevention" if EXPERT
        ---help---
          The User Mode Instruction Prevention (UMIP) is a security
          feature in newer Intel processors. If enabled, a general
-         protection fault is issued if the instructions SGDT, SLDT,
-         SIDT, SMSW and STR are executed in user mode.
+         protection fault is issued if the SGDT, SLDT, SIDT, SMSW
+         or STR instructions are executed in user mode. These instructions
+         unnecessarily expose information about the hardware state.
+
+         The vast majority of applications do not use these instructions.
+         For the very few that do, software emulation is provided in
+         specific cases in protected and virtual-8086 modes. Emulated
+         results are dummy.
 
 config X86_INTEL_MPX
        prompt "Intel MPX (Memory Protection Extensions)"