Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp37491ybg; Mon, 8 Jun 2020 15:47:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwAw4KIQ+l36C3DPZ+vU7G/qEurWiTCm5PBDzPqZ08btSx5nSuouXmvSIvbwE6H2rb7JOJf X-Received: by 2002:aa7:de08:: with SMTP id h8mr23440309edv.164.1591656434272; Mon, 08 Jun 2020 15:47:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591656434; cv=none; d=google.com; s=arc-20160816; b=pSMww1UwdBRDL4w5W/+qA5EI/5hJzbWC+xTK2sOsfL0sEWKFco08OMGyBhmt0r63vg rx2fG/2u5IG7UX3BlYRu4vQs3jQGjNDynWcURJtYbsbrOEliUHFjn9cPwosooM4VK0Ys HZyvGqhxQbuQzU6fJsWOI/42ny1XVbaOtkGkuEB4itn7llUY3C0guBIV/gSrQ//wgvgf iN8yclxakZakP5b81tBGuSbpNJWKnmaMzS3828xWNCK1LfCSXND5MNERp0OEUYoYARbi Rxn8w3RHsb2S2wBPGQaH7AzRHqkZe+PqCEIeL32qxtbDojtqbr+wgsdIllq1DhJCSOol wgcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=SK/bJp3BIMRifQIcn0vlilfkReFXQUZN2KbNTvSxsvo=; b=zp1nL8efEG0YXn3ITXdDOIi5QyMgW28yQJWNvFXaMtgH4K4sDUX2cYOLSvZZ5Ld+LM k+ei+I2yvL3pmwr3eOHhY5fyxWFEC+2j+elxDiFOuyFZT/yP1MH62jwfEtn/we2cJBF5 UKyLMCDqbUnpVHM+9I/wW5+Q4oJBlg5oGZD8Xn24WVX8XngRsE+1MLyQeYNMmEbpXxuO iKbAVxLnH6G20F+Vvk4FaZq7rUrxUQH7G2tLgJAGWlgZsIEKeK2HMLoXqBRhTHyyqS8p QBUercrshe1X2hQWM1TfCq9k80ozQJxmOeB0baQZqZXbqygkIG4oW0zGfgx83GAqSemv iF0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@codeweavers.com header.s=6377696661 header.b=cL+QJMZ5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codeweavers.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n10si9917845ejj.375.2020.06.08.15.46.49; Mon, 08 Jun 2020 15:47:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@codeweavers.com header.s=6377696661 header.b=cL+QJMZ5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codeweavers.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726765AbgFHWoh (ORCPT + 99 others); Mon, 8 Jun 2020 18:44:37 -0400 Received: from mail.codeweavers.com ([50.203.203.244]:57792 "EHLO mail.codeweavers.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726734AbgFHWog (ORCPT ); Mon, 8 Jun 2020 18:44:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codeweavers.com; s=6377696661; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SK/bJp3BIMRifQIcn0vlilfkReFXQUZN2KbNTvSxsvo=; b=cL+QJMZ5fuutY9vVv734NHtG71 FV593HQhXx79pvYX/btGAHyuXJ0fZk9c1N2whgefGL+MBtsuTuo6I20wjtUbCp+/xL8aOPn3aiLGe ypo8M/ScpUpmA8W9+q12xfFGIHpRLey0m9HkADTJwJDXmETgXO3CZ0ZrV0fxHF6TXfhA=; Received: from cpe-107-184-2-226.socal.res.rr.com ([107.184.2.226] helo=zen.bslabs.net) by mail.codeweavers.com with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jiQVM-0004n1-RC; Mon, 08 Jun 2020 17:44:34 -0500 From: Brendan Shanks To: linux-kernel@vger.kernel.org Cc: ricardo.neri-calderon@linux.intel.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org, ebiederm@xmission.com, andi@notmuch.email, Babu.Moger@amd.com, Brendan Shanks Subject: [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions Date: Mon, 8 Jun 2020 15:44:24 -0700 Message-Id: <20200608224424.7259-1-bshanks@codeweavers.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -25.8 X-Spam-Report: Spam detection software, running on the system "mail.codeweavers.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add emulation/spoofing of SLDT and STR for both 32- and 64-bit processes. Wine users have found a small number of Windows apps using SLDT that were crashing when run on UMIP-enabled systems. Reported-by: Andreas Rammhold Originally-by: Ricardo Neri Signed-off-by: Brendan Shanks --- Content analysis details: (-25.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -20 USER_IN_WHITELIST From: address is in the user's white-list -6.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.5 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.7 AWL AWL: Adjusted score from AWL reputation of From: address Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add emulation/spoofing of SLDT and STR for both 32- and 64-bit processes. Wine users have found a small number of Windows apps using SLDT that were crashing when run on UMIP-enabled systems. Reported-by: Andreas Rammhold Originally-by: Ricardo Neri Signed-off-by: Brendan Shanks --- v3: Use (GDT_ENTRY_TSS * 8) for task register selector instead of harcoding 0x40. arch/x86/kernel/umip.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c index 8d5cbe1bbb3b..166c579b0273 100644 --- a/arch/x86/kernel/umip.c +++ b/arch/x86/kernel/umip.c @@ -244,16 +244,35 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst, *data_size += UMIP_GDT_IDT_LIMIT_SIZE; memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE); - } else if (umip_inst == UMIP_INST_SMSW) { - unsigned long dummy_value = CR0_STATE; + } else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT || + umip_inst == UMIP_INST_STR) { + unsigned long dummy_value; + + if (umip_inst == UMIP_INST_SMSW) + dummy_value = CR0_STATE; + else if (umip_inst == UMIP_INST_STR) + dummy_value = GDT_ENTRY_TSS * 8; + else if (umip_inst == UMIP_INST_SLDT) + { +#ifdef CONFIG_MODIFY_LDT_SYSCALL + down_read(¤t->mm->context.ldt_usr_sem); + if (current->mm->context.ldt) + dummy_value = GDT_ENTRY_LDT * 8; + else + dummy_value = 0; + up_read(¤t->mm->context.ldt_usr_sem); +#else + dummy_value = 0; +#endif + } /* - * Even though the CR0 register has 4 bytes, the number + * For these 3 instructions, the number * of bytes to be copied in the result buffer is determined * by whether the operand is a register or a memory location. * If operand is a register, return as many bytes as the operand * size. If operand is memory, return only the two least - * siginificant bytes of CR0. + * siginificant bytes. */ if (X86_MODRM_MOD(insn->modrm.value) == 3) *data_size = insn->opnd_bytes; @@ -261,7 +280,6 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst, *data_size = 2; memcpy(data, &dummy_value, *data_size); - /* STR and SLDT are not emulated */ } else { return -EINVAL; } @@ -383,10 +401,6 @@ bool fixup_umip_exception(struct pt_regs *regs) umip_pr_warn(regs, "%s instruction cannot be used by applications.\n", umip_insns[umip_inst]); - /* Do not emulate (spoof) SLDT or STR. */ - if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT) - return false; - umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n"); if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size, -- 2.26.2