From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754728AbdCIBNJ (ORCPT <rfc822;w@1wt.eu>);
        Wed, 8 Mar 2017 20:13:09 -0500
Received: from mga07.intel.com ([134.134.136.100]:14459 "EHLO mga07.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752378AbdCIBNH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 8 Mar 2017 20:13:07 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.36,266,1486454400"; 
   d="scan'208";a="1120254786"
Message-ID: <1489021909.131264.30.camel@ranerica-desktop>
Subject: Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
To: Stas Sergeev <stsp@list.ru>
Cc: Andy Lutomirski <luto@amacapital.net>, Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Brian Gerst <brgerst@gmail.com>, Chris Metcalf <cmetcalf@mellanox.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>, Liang Z Li <liang.z.li@intel.com>,
        Masami Hiramatsu <mhiramat@kernel.org>, Huang Rui <ray.huang@amd.com>,
        Jiri Slaby <jslaby@suse.cz>, Jonathan Corbet <corbet@lwn.net>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Paul Gortmaker <paul.gortmaker@windriver.com>,
        Vlastimil Babka <vbabka@suse.cz>, Chen Yucong <slaoub@gmail.com>,
        Alexandre Julliard <julliard@winehq.org>,
        Fenghua Yu <fenghua.yu@intel.com>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Shuah Khan <shuah@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        X86 ML <x86@kernel.org>, linux-msdos@vger.kernel.org,
        wine-devel@winehq.org
Date: Wed, 08 Mar 2017 17:11:49 -0800
In-Reply-To: <bef08268-238b-c5e9-1737-a2675f453b8e@list.ru>
References: <20170308003254.27833-1-ricardo.neri-calderon@linux.intel.com>
         <79ba0fff-4c01-2bfa-06cb-5cfc98dd710c@list.ru>
         <CALCETrX4D13Q4LRxGrQzXQCWvaRpq7sG0ws8CpB_bM4rKQ4W_A@mail.gmail.com>
         <997ba581-ecfa-b773-a48e-85b92a439836@list.ru>
         <CALCETrX87_RyEscDLLscNaE33=FEpzW0JVphZaWoJSBL5VhN0w@mail.gmail.com>
         <bef08268-238b-c5e9-1737-a2675f453b8e@list.ru>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.10.4-0ubuntu2 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2017-03-08 at 19:53 +0300, Stas Sergeev wrote:
> 08.03.2017 19:46, Andy Lutomirski пишет:
> >> No no, since I meant prot mode, this is not what I need.
> >> I would never need to disable UMIP as to allow the
> >> prot mode apps to do SLDT. Instead it would be good
> >> to have an ability to provide a replacement for the dummy
> >> emulation that is currently being proposed for kernel.
> >> All is needed for this, is just to deliver a SIGSEGV.
> > That's what I meant.  Turning off FIXUP_UMIP would leave UMIP on but
> > turn off the fixup, so you'd get a SIGSEGV indicating #GP (or a vm86
> > GP exit).
> But then I am confused with the word "compat" in
> your "COMPAT_MASK0_X86_UMIP_FIXUP" and
> "sys_adjust_compat_mask(int op, int word, u32 mask);"
> 
> Leaving UMIP on and only disabling a fixup doesn't
> sound like a compat option to me. I would expect
> compat to disable it completely.

I guess that the _UMIP_FIXUP part makes it clear that emulation, not
UMIP is disabled, allowing the SIGSEGV be delivered to the user space
program.

Would having a COMPAT_MASK0_X86_UMIP_FIXUP to disable emulation and a
COMPAT_MASK0_X86_UMIP to disable UMIP make sense?

Also, wouldn't having a COMPAT_MASK0_X86_UMIP to disable UMIP defeat its
purpose? Applications could simply use this compat mask to bypass UMIP
and gain access to the instructions it protects.

Thanks and BR,
Ricardo

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Subject: Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention
Date: Wed, 08 Mar 2017 17:11:49 -0800
Message-ID: <1489021909.131264.30.camel@ranerica-desktop>
References: <20170308003254.27833-1-ricardo.neri-calderon@linux.intel.com>
         <79ba0fff-4c01-2bfa-06cb-5cfc98dd710c@list.ru>
         <CALCETrX4D13Q4LRxGrQzXQCWvaRpq7sG0ws8CpB_bM4rKQ4W_A@mail.gmail.com>
         <997ba581-ecfa-b773-a48e-85b92a439836@list.ru>
         <CALCETrX87_RyEscDLLscNaE33=FEpzW0JVphZaWoJSBL5VhN0w@mail.gmail.com>
         <bef08268-238b-c5e9-1737-a2675f453b8e@list.ru>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Return-path: <linux-msdos-owner@vger.kernel.org>
In-Reply-To: <bef08268-238b-c5e9-1737-a2675f453b8e@list.ru>
Sender: linux-msdos-owner@vger.kernel.org
List-ID: <linux-msdos.vger.kernel.org>
Content-Type: text/plain; charset="utf-8"
To: Stas Sergeev <stsp@list.ru>
Cc: Andy Lutomirski <luto@amacapital.net>, Ingo Molnar <mingo@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>, Peter Zijlstra <peterz@infradead.org>, Andrew Morton <akpm@linux-foundation.org>, Brian Gerst <brgerst@gmail.com>, Chris Metcalf <cmetcalf@mellanox.com>, Dave Hansen <dave.hansen@linux.intel.com>, Paolo Bonzini <pbonzini@redhat.com>, Liang Z Li <liang.z.li@intel.com>, Masami Hiramatsu <mhiramat@kernel.org>, Huang Rui <ray.huang@amd.com>, Jiri Slaby <jslaby@suse.cz>, Jonathan Corbet <corbet@lwn.net>, "Michael S. Tsirkin" <mst@redhat.com>, Paul Gortmaker <paul.gortmaker@windriver.com>, Vlastimil Babka <vbabka@suse.cz>, Chen Yucong <>

On Wed, 2017-03-08 at 19:53 +0300, Stas Sergeev wrote:
> 08.03.2017 19:46, Andy Lutomirski пишет:
> >> No no, since I meant prot mode, this is not what I need.
> >> I would never need to disable UMIP as to allow the
> >> prot mode apps to do SLDT. Instead it would be good
> >> to have an ability to provide a replacement for the dummy
> >> emulation that is currently being proposed for kernel.
> >> All is needed for this, is just to deliver a SIGSEGV.
> > That's what I meant.  Turning off FIXUP_UMIP would leave UMIP on but
> > turn off the fixup, so you'd get a SIGSEGV indicating #GP (or a vm86
> > GP exit).
> But then I am confused with the word "compat" in
> your "COMPAT_MASK0_X86_UMIP_FIXUP" and
> "sys_adjust_compat_mask(int op, int word, u32 mask);"
> 
> Leaving UMIP on and only disabling a fixup doesn't
> sound like a compat option to me. I would expect
> compat to disable it completely.

I guess that the _UMIP_FIXUP part makes it clear that emulation, not
UMIP is disabled, allowing the SIGSEGV be delivered to the user space
program.

Would having a COMPAT_MASK0_X86_UMIP_FIXUP to disable emulation and a
COMPAT_MASK0_X86_UMIP to disable UMIP make sense?

Also, wouldn't having a COMPAT_MASK0_X86_UMIP to disable UMIP defeat its
purpose? Applications could simply use this compat mask to bypass UMIP
and gain access to the instructions it protects.

Thanks and BR,
Ricardo