Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751031AbbGaFME (ORCPT <rfc822;w@1wt.eu>);
	Fri, 31 Jul 2015 01:12:04 -0400
Received: from mail-la0-f48.google.com ([209.85.215.48]:33264 "EHLO
	mail-la0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750786AbbGaFMD (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 31 Jul 2015 01:12:03 -0400
MIME-Version: 1.0
In-Reply-To: <20150731042205.GB32117@nazgul.tnic>
References: <20150724111621.34713023@gandalf.local.home> <20150724152637.GC3612@1wt.eu>
 <20150724153054.GK19282@twins.programming.kicks-ass.net> <CA+55aFz0=bVcRs2M3etVqU3+tgz2ZPJDsTiUieWpshVuiR_utg@mail.gmail.com>
 <20150724195509.GM2859@worktop.programming.kicks-ass.net> <CA+55aFzzrLY-0D+dK=EyKA+kZTiqzpEwFhJURbR76-7EuLhojA@mail.gmail.com>
 <20150724205119.GM19282@twins.programming.kicks-ass.net> <CALCETrX3L8W666xO15dU+mygFrk6mKJSEWCZ5K_A5SLBxAPZ0Q@mail.gmail.com>
 <55BA45A2.8050909@redhat.com> <CALCETrXDORrTifXjkf06QyhEDUumR8NBiAq5Tw_JLTt=iCB=Xw@mail.gmail.com>
 <20150731042205.GB32117@nazgul.tnic>
From: Andy Lutomirski <luto@amacapital.net>
Date: Thu, 30 Jul 2015 22:11:40 -0700
Message-ID: <CALCETrX4wrVhXToC9oqo3Ma+smKf_8bhHD-D2FGxj3iGZ=ag6g@mail.gmail.com>
Subject: Re: Dealing with the NMI mess
To: Borislav Petkov <bp@alien8.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Peter Zijlstra <peterz@infradead.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Willy Tarreau <w@1wt.eu>, Steven Rostedt <rostedt@goodmis.org>,
        X86 ML <x86@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>, Brian Gerst <brgerst@gmail.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1329
Lines: 32

On Thu, Jul 30, 2015 at 9:22 PM, Borislav Petkov <bp@alien8.de> wrote:
> On Thu, Jul 30, 2015 at 02:22:06PM -0700, Andy Lutomirski wrote:
>> Great.  There's an opcode that invokes an interrupt gate that's not
>> marked as allowing unprivileged access, and that opcode doesn't appear
>> in the SDM.  It appears in the APM opcode map with no explanation at
>> all.
>>
>> Thanks, CPU vendors.
>
> Here's something better:
>
> http://www.rcollins.org/secrets/opcodes/ICEBP.html

This instruction is awesome.  Binutils can disassemble it (it's called
"icebp") but it can't assemble it.  KVM has special handling for it on
VMX and actually reports it to QEMU on SVM (complete with a defined
ABI).  We have an asm macro so we can assemble it for 32-bit but not
64-bit, despite the fact that it works on 64-bit.

The kernel instruction decoder can't decode it.

Fortunately, it looks like the vm86 case is correct (or as correct as
any of the vm86 junk can be), although I haven't tested it.  I bet
that icebp is like int3 in that it punches through vm86 mode instead
of sending #GP.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/