Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp990564ybk; Wed, 20 May 2020 17:59:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxaIhzhD5UfdgnNz5Ko/dekAapml15kaicI/CS72Dhkvk9ol06UHpTwjLfhIG7L8we6fc+S X-Received: by 2002:a17:906:2b96:: with SMTP id m22mr1529750ejg.330.1590022768828; Wed, 20 May 2020 17:59:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590022768; cv=none; d=google.com; s=arc-20160816; b=ZMWRuNoKHSB/frIEhegejsyPvwW8KasrWtsnFmSKGkP+6C+MR6RLSt5kgI8RDq+xGL 4xSeyaMruL2PcbkZQwOD3pU637ep+PVZTyD5DiJhYHZ5iscp4dmN6IiaTJyPJcWGh8Kf JpMMeiwMvlF7jXcLKpLThQgRfL308zeFmleLCXwNoGsZduyFoQZQId6yf7znKdwWcDRn OBAWrw29RGjra/8V7iCij04xatWKi6trSDEbNFIFDzA6hbUNyRztY+FXgQZWrJUw+aB7 VCv2zuUpnYDsNhul1XNU+l02FzO/OEwpqUIaEefBOFPmN/y+1pIlrlfSqLtCm27NO6sw H30w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=VfazDHQVZRl27OaSXZmNUZFXri8T1sFJsPws9mVfWak=; b=wqfMLaXtOXA/Y1NoXlwI9Jwp1CcQMQVKvEVq7i8RiX0g3qVbvLV8n7xrFP5oir8tdu WZLexRS4AQeDId7eyUXloge3Xug5wIcHp6/uZmiY2wI9DJH/rpeqMFwg0VLbveBPyVrQ fk0B2AJ1zexitay+/zVC+QRLOw6q143w3C6+5GZr7hZHRmI4strngu/xBBR3VHadfu9x ZPtOOjFZRT4PT7ouL9okRO7Z6QI6q7VC5AuFkr5Ho53m59dj/R3exW7EZ6dbVMBItw6o m2SIqgJUF9mX0RnP2vkMiBMjBc+VJflcLn4WEic7Zw8OlUkzpEGsud+tYSA+ML6bgopg UCEQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a2si2501895edl.517.2020.05.20.17.59.06; Wed, 20 May 2020 17:59:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727997AbgEUAzt (ORCPT + 99 others); Wed, 20 May 2020 20:55:49 -0400 Received: from mga04.intel.com ([192.55.52.120]:10627 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726870AbgEUAzs (ORCPT ); Wed, 20 May 2020 20:55:48 -0400 IronPort-SDR: 8duFuZPEofp/DftbcS+JS7mWFuMCyFKUzT+exsqs5owTlKw8M5F/x7a/Zg33N+KbeX6EM1iTIv QMXsXzPN9A+Q== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2020 17:55:48 -0700 IronPort-SDR: 2H7CgkH+KoPTW4LUsgiGxEVueOh0IlvIteLGhf1tdBUrkQ1JEAx/go+VdIZAH9K5F/AmHzWA3G jj4jQer82PyQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,416,1583222400"; d="scan'208";a="255163730" Received: from ranerica-svr.sc.intel.com ([172.25.110.23]) by fmsmga008.fm.intel.com with ESMTP; 20 May 2020 17:55:47 -0700 Date: Wed, 20 May 2020 17:56:05 -0700 From: Ricardo Neri To: Andy Lutomirski Cc: Brendan Shanks , Andreas Rammhold , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , "H. Peter Anvin" , "Eric W. Biederman" , Sergey Senozhatsky , Babu Moger , Kefeng Wang , Jason Yan , LKML Subject: Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction Message-ID: <20200521005605.GA11955@ranerica-svr.sc.intel.com> References: <20200519143815.cpsd2xfx2kl3khsq@wrt> <2330FAB4-A6CE-49E7-921C-B7D55763BDED@codeweavers.com> <20200519194320.GA25138@ranerica-svr.sc.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 19, 2020 at 05:54:53PM -0700, Andy Lutomirski wrote: > On Tue, May 19, 2020 at 12:43 PM Ricardo Neri > wrote: > > > > On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote: > > > > > > > On May 19, 2020, at 7:38 AM, Andreas Rammhold wrote: > > > > > > > > Hi, > > > > > > > > I've been running into a weird problem with UMIP on a current Ryzen > > > > 3900x with kernel 5.6.11 where a process receives a page fault after the > > > > kernel handled the SLDT (or SIDT) instruction (emulation). > > > > > > > > The program I am running is run through WINE in 32bit mode and tries to > > > > figure out if it is running in a VMWare machine by comparing the results > > > > of SLDT against well known constants (basically as shown in the > > > > [example] linked below). > > > > > > > > In dmesg I see the following log lines: > > > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. > > > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. > > > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. > > > > > > > > Following that the process terminates with a page fault: > > > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). > > > > > > > > Assembly at that address: > > > >> 0x0000000000437415: sldt 0xffffffe8(%ebp) > > > > > > > > Running the same executable on the exact same kernel (and userland) but > > > > on a Intel i7-8565U doesn't crash at this point. I am guessing the > > > > emulation is supposed to do something different on AMD CPUs? > > > > I am surprised you don't see it on the Intel processor. Maybe it does > > not have UMIP. Do you see umip when you do > > > > $ grep umip /proc/cpuinfo > > > > ? > > > > > > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. > > > > > > Hi Andreas, > > > > > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > > > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > > > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > > > Can you share more information about the application you’re running? > > > > > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. > > > > I have a patch for this already that I wrote for testing purposes: > > > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > > > Perhaps it can be used as a starting point? Not sure what the spoofing > > value should be, though. Perhaps 0? > > Possibly SLDT should return nonzero if there's an LDT. I guess the value should be in the same hole of the x86_64 memory map, right? Currently sgdt and sidt return 0xfffffffffffe0000 and 0xffffffffffff0000, respectively. Thanks and BR, Ricardo