linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions
@ 2020-06-08 22:44 Brendan Shanks
  2020-06-09  0:38 ` Ricardo Neri
  0 siblings, 1 reply; 3+ messages in thread
From: Brendan Shanks @ 2020-06-08 22:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: ricardo.neri-calderon, tglx, mingo, bp, hpa, x86, ebiederm, andi,
	Babu.Moger, Brendan Shanks

Add emulation/spoofing of SLDT and STR for both 32- and 64-bit
processes.

Wine users have found a small number of Windows apps using SLDT that
were crashing when run on UMIP-enabled systems.

Reported-by: Andreas Rammhold <andi@notmuch.email>
Originally-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Signed-off-by: Brendan Shanks <bshanks@codeweavers.com>
---

v3: Use (GDT_ENTRY_TSS * 8) for task register selector instead of
harcoding 0x40.

 arch/x86/kernel/umip.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
index 8d5cbe1bbb3b..166c579b0273 100644
--- a/arch/x86/kernel/umip.c
+++ b/arch/x86/kernel/umip.c
@@ -244,16 +244,35 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst,
 		*data_size += UMIP_GDT_IDT_LIMIT_SIZE;
 		memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE);
 
-	} else if (umip_inst == UMIP_INST_SMSW) {
-		unsigned long dummy_value = CR0_STATE;
+	} else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT ||
+		   umip_inst == UMIP_INST_STR) {
+		unsigned long dummy_value;
+
+		if (umip_inst == UMIP_INST_SMSW)
+			dummy_value = CR0_STATE;
+		else if (umip_inst == UMIP_INST_STR)
+			dummy_value = GDT_ENTRY_TSS * 8;
+		else if (umip_inst == UMIP_INST_SLDT)
+		{
+#ifdef CONFIG_MODIFY_LDT_SYSCALL
+			down_read(&current->mm->context.ldt_usr_sem);
+			if (current->mm->context.ldt)
+				dummy_value = GDT_ENTRY_LDT * 8;
+			else
+				dummy_value = 0;
+			up_read(&current->mm->context.ldt_usr_sem);
+#else
+			dummy_value = 0;
+#endif
+		}
 
 		/*
-		 * Even though the CR0 register has 4 bytes, the number
+		 * For these 3 instructions, the number
 		 * of bytes to be copied in the result buffer is determined
 		 * by whether the operand is a register or a memory location.
 		 * If operand is a register, return as many bytes as the operand
 		 * size. If operand is memory, return only the two least
-		 * siginificant bytes of CR0.
+		 * siginificant bytes.
 		 */
 		if (X86_MODRM_MOD(insn->modrm.value) == 3)
 			*data_size = insn->opnd_bytes;
@@ -261,7 +280,6 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst,
 			*data_size = 2;
 
 		memcpy(data, &dummy_value, *data_size);
-	/* STR and SLDT  are not emulated */
 	} else {
 		return -EINVAL;
 	}
@@ -383,10 +401,6 @@ bool fixup_umip_exception(struct pt_regs *regs)
 	umip_pr_warn(regs, "%s instruction cannot be used by applications.\n",
 			umip_insns[umip_inst]);
 
-	/* Do not emulate (spoof) SLDT or STR. */
-	if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT)
-		return false;
-
 	umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n");
 
 	if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size,
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions
  2020-06-08 22:44 [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions Brendan Shanks
@ 2020-06-09  0:38 ` Ricardo Neri
  2020-06-09  0:54   ` Ricardo Neri
  0 siblings, 1 reply; 3+ messages in thread
From: Ricardo Neri @ 2020-06-09  0:38 UTC (permalink / raw)
  To: Brendan Shanks
  Cc: linux-kernel, tglx, mingo, bp, hpa, x86, ebiederm, andi, Babu.Moger

On Mon, Jun 08, 2020 at 03:44:24PM -0700, Brendan Shanks wrote:
> Add emulation/spoofing of SLDT and STR for both 32- and 64-bit
> processes.
> 
> Wine users have found a small number of Windows apps using SLDT that
> were crashing when run on UMIP-enabled systems.
> 
> Reported-by: Andreas Rammhold <andi@notmuch.email>
> Originally-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
> Signed-off-by: Brendan Shanks <bshanks@codeweavers.com>
> ---
> 
> v3: Use (GDT_ENTRY_TSS * 8) for task register selector instead of
> harcoding 0x40.
> 
>  arch/x86/kernel/umip.c | 32 +++++++++++++++++++++++---------
>  1 file changed, 23 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> index 8d5cbe1bbb3b..166c579b0273 100644
> --- a/arch/x86/kernel/umip.c
> +++ b/arch/x86/kernel/umip.c
> @@ -244,16 +244,35 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst,
>  		*data_size += UMIP_GDT_IDT_LIMIT_SIZE;
>  		memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE);
>  
> -	} else if (umip_inst == UMIP_INST_SMSW) {
> -		unsigned long dummy_value = CR0_STATE;
> +	} else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT ||
> +		   umip_inst == UMIP_INST_STR) {
> +		unsigned long dummy_value;
> +
> +		if (umip_inst == UMIP_INST_SMSW)
> +			dummy_value = CR0_STATE;
> +		else if (umip_inst == UMIP_INST_STR)
> +			dummy_value = GDT_ENTRY_TSS * 8;
> +		else if (umip_inst == UMIP_INST_SLDT)
> +		{

This brace should go in the previous line. Also, if you use braces in
the last part of the conditional you should probably use them in the
previous ones. I guess in this case it woudln't improve readability.
Instead, you can probably have a switch instead of the three ifs. That
probably does improve readability and solves the dilemma of needing to
put braces in all the one-line conditionals.

BTW, you should also delete the comment at the top of the file saying
that str and sldt will not be emulated:

diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
index 166c579b0273..0984a55eb8c0 100644
--- a/arch/x86/kernel/umip.c
+++ b/arch/x86/kernel/umip.c
@@ -45,9 +45,6 @@
  * value that, lies close to the top of the kernel memory. The limit for the GDT
  * and the IDT are set to zero.
  *
- * Given that SLDT and STR are not commonly used in programs that run on WineHQ
- * or DOSEMU2, they are not emulated.
- *
  * The instruction smsw is emulated to return the value that the register CR0
  * has at boot time as set in the head_32.
  *

Thanks and BR,
Ricardo

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions
  2020-06-09  0:38 ` Ricardo Neri
@ 2020-06-09  0:54   ` Ricardo Neri
  0 siblings, 0 replies; 3+ messages in thread
From: Ricardo Neri @ 2020-06-09  0:54 UTC (permalink / raw)
  To: Brendan Shanks
  Cc: linux-kernel, tglx, mingo, bp, hpa, x86, ebiederm, andi, Babu.Moger

On Mon, Jun 08, 2020 at 05:38:12PM -0700, Ricardo Neri wrote:
> On Mon, Jun 08, 2020 at 03:44:24PM -0700, Brendan Shanks wrote:
> > Add emulation/spoofing of SLDT and STR for both 32- and 64-bit
> > processes.
> > 
> > Wine users have found a small number of Windows apps using SLDT that
> > were crashing when run on UMIP-enabled systems.
> > 
> > Reported-by: Andreas Rammhold <andi@notmuch.email>
> > Originally-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
> > Signed-off-by: Brendan Shanks <bshanks@codeweavers.com>
> > ---
> > 
> > v3: Use (GDT_ENTRY_TSS * 8) for task register selector instead of
> > harcoding 0x40.
> > 
> >  arch/x86/kernel/umip.c | 32 +++++++++++++++++++++++---------
> >  1 file changed, 23 insertions(+), 9 deletions(-)
> > 
> > diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> > index 8d5cbe1bbb3b..166c579b0273 100644
> > --- a/arch/x86/kernel/umip.c
> > +++ b/arch/x86/kernel/umip.c
> > @@ -244,16 +244,35 @@ static int emulate_umip_insn(struct insn *insn, int umip_inst,
> >  		*data_size += UMIP_GDT_IDT_LIMIT_SIZE;
> >  		memcpy(data, &dummy_limit, UMIP_GDT_IDT_LIMIT_SIZE);
> >  
> > -	} else if (umip_inst == UMIP_INST_SMSW) {
> > -		unsigned long dummy_value = CR0_STATE;
> > +	} else if (umip_inst == UMIP_INST_SMSW || umip_inst == UMIP_INST_SLDT ||
> > +		   umip_inst == UMIP_INST_STR) {
> > +		unsigned long dummy_value;
> > +
> > +		if (umip_inst == UMIP_INST_SMSW)
> > +			dummy_value = CR0_STATE;
> > +		else if (umip_inst == UMIP_INST_STR)
> > +			dummy_value = GDT_ENTRY_TSS * 8;
> > +		else if (umip_inst == UMIP_INST_SLDT)
> > +		{
> 
> This brace should go in the previous line. Also, if you use braces in
> the last part of the conditional you should probably use them in the
> previous ones. I guess in this case it woudln't improve readability.
> Instead, you can probably have a switch instead of the three ifs. That
> probably does improve readability and solves the dilemma of needing to
> put braces in all the one-line conditionals.
> 
> BTW, you should also delete the comment at the top of the file saying
> that str and sldt will not be emulated:
> 
> diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> index 166c579b0273..0984a55eb8c0 100644
> --- a/arch/x86/kernel/umip.c
> +++ b/arch/x86/kernel/umip.c
> @@ -45,9 +45,6 @@
>   * value that, lies close to the top of the kernel memory. The limit for the GDT
>   * and the IDT are set to zero.
>   *
> - * Given that SLDT and STR are not commonly used in programs that run on WineHQ
> - * or DOSEMU2, they are not emulated.
> - *
>   * The instruction smsw is emulated to return the value that the register CR0
>   * has at boot time as set in the head_32.

... And also explain that the emulated values for str and sldt are the
simply the values that Linux assigns programatically.

Thanks and BR,
Ricardo

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-09  0:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-08 22:44 [PATCH v3] x86/umip: Add emulation/spoofing for SLDT and STR instructions Brendan Shanks
2020-06-09  0:38 ` Ricardo Neri
2020-06-09  0:54   ` Ricardo Neri

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).