From: Borislav Petkov <bp@suse.de>
To: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Brian Gerst <brgerst@gmail.com>,
Chris Metcalf <cmetcalf@mellanox.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Huang Rui <ray.huang@amd.com>, Jiri Slaby <jslaby@suse.cz>,
Jonathan Corbet <corbet@lwn.net>,
"Michael S. Tsirkin" <mst@redhat.com>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Vlastimil Babka <vbabka@suse.cz>, Chen Yucong <slaoub@gmail.com>,
Alexandre Julliard <julliard@winehq.org>,
Stas Sergeev <stsp@list.ru>, Fenghua Yu <fenghua.yu@intel.com>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Shuah Khan <shuah@kernel.org>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-msdos@vger.kernel.org, wine-devel@winehq.org,
Tony Luck <tony.luck@intel.com>
Subject: Re: [PATCH v7 21/26] x86: Add emulation code for UMIP instructions
Date: Thu, 8 Jun 2017 20:38:19 +0200 [thread overview]
Message-ID: <20170608183819.c766klw2mxs7loo5@pd.tnic> (raw)
In-Reply-To: <20170505181724.55000-22-ricardo.neri-calderon@linux.intel.com>
On Fri, May 05, 2017 at 11:17:19AM -0700, Ricardo Neri wrote:
> The feature User-Mode Instruction Prevention present in recent Intel
> processor prevents a group of instructions from being executed with
> CPL > 0. Otherwise, a general protection fault is issued.
This is one of the best opening paragraphs of a commit message I've
read this year! This is how you open: short, succinct, to the point, no
marketing bullshit. Good!
> Rather than relaying this fault to the user space (in the form of a SIGSEGV
> signal), the instructions protected by UMIP can be emulated to provide
> dummy results. This allows to conserve the current kernel behavior and not
> reveal the system resources that UMIP intends to protect (the global
> descriptor and interrupt descriptor tables, the segment selectors of the
> local descriptor table and the task state and the machine status word).
>
> This emulation is needed because certain applications (e.g., WineHQ and
> DOSEMU2) rely on this subset of instructions to function.
>
> The instructions protected by UMIP can be split in two groups. Those who
s/who/which/
> return a kernel memory address (sgdt and sidt) and those who return a
ditto.
> value (sldt, str and smsw).
>
> For the instructions that return a kernel memory address, applications
> such as WineHQ rely on the result being located in the kernel memory space.
> The result is emulated as a hard-coded value that, lies close to the top
> of the kernel memory. The limit for the GDT and the IDT are set to zero.
Nice.
> Given that sldt and str are not used in common in programs supported by
You wanna say "in common programs" here? Or "not commonly used in programs" ?
> WineHQ and DOSEMU2, they are not emulated.
>
> The instruction smsw is emulated to return the value that the register CR0
> has at boot time as set in the head_32.
>
> Care is taken to appropriately emulate the results when segmentation is
> used. This is, rather than relying on USER_DS and USER_CS, the function
"That is,... "
> insn_get_addr_ref() inspects the segment descriptor pointed by the
> registers in pt_regs. This ensures that we correctly obtain the segment
> base address and the address and operand sizes even if the user space
> application uses local descriptor table.
Btw, I could very well use all that nice explanation in umip.c too so
that the high-level behavior is documented.
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: Chen Yucong <slaoub@gmail.com>
> Cc: Chris Metcalf <cmetcalf@mellanox.com>
> Cc: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: Fenghua Yu <fenghua.yu@intel.com>
> Cc: Huang Rui <ray.huang@amd.com>
> Cc: Jiri Slaby <jslaby@suse.cz>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Cc: Tony Luck <tony.luck@intel.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Liang Z. Li <liang.z.li@intel.com>
> Cc: Alexandre Julliard <julliard@winehq.org>
> Cc: Stas Sergeev <stsp@list.ru>
> Cc: x86@kernel.org
> Cc: linux-msdos@vger.kernel.org
> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
> ---
> arch/x86/include/asm/umip.h | 15 +++
> arch/x86/kernel/Makefile | 1 +
> arch/x86/kernel/umip.c | 245 ++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 261 insertions(+)
> create mode 100644 arch/x86/include/asm/umip.h
> create mode 100644 arch/x86/kernel/umip.c
>
> diff --git a/arch/x86/include/asm/umip.h b/arch/x86/include/asm/umip.h
> new file mode 100644
> index 0000000..077b236
> --- /dev/null
> +++ b/arch/x86/include/asm/umip.h
> @@ -0,0 +1,15 @@
> +#ifndef _ASM_X86_UMIP_H
> +#define _ASM_X86_UMIP_H
> +
> +#include <linux/types.h>
> +#include <asm/ptrace.h>
> +
> +#ifdef CONFIG_X86_INTEL_UMIP
> +bool fixup_umip_exception(struct pt_regs *regs);
> +#else
> +static inline bool fixup_umip_exception(struct pt_regs *regs)
> +{
> + return false;
> +}
Let's save some header lines:
static inline bool fixup_umip_exception(struct pt_regs *regs) { return false; }
those trunks take too much space as it is.
> +#endif /* CONFIG_X86_INTEL_UMIP */
> +#endif /* _ASM_X86_UMIP_H */
> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> index 4b99423..cc1b7cc 100644
> --- a/arch/x86/kernel/Makefile
> +++ b/arch/x86/kernel/Makefile
> @@ -123,6 +123,7 @@ obj-$(CONFIG_EFI) += sysfb_efi.o
> obj-$(CONFIG_PERF_EVENTS) += perf_regs.o
> obj-$(CONFIG_TRACING) += tracepoint.o
> obj-$(CONFIG_SCHED_MC_PRIO) += itmt.o
> +obj-$(CONFIG_X86_INTEL_UMIP) += umip.o
>
> ifdef CONFIG_FRAME_POINTER
> obj-y += unwind_frame.o
> diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> new file mode 100644
> index 0000000..c7c5795
> --- /dev/null
> +++ b/arch/x86/kernel/umip.c
> @@ -0,0 +1,245 @@
> +/*
> + * umip.c Emulation for instruction protected by the Intel User-Mode
> + * Instruction Prevention. The instructions are:
> + * sgdt
> + * sldt
> + * sidt
> + * str
> + * smsw
> + *
> + * Copyright (c) 2017, Intel Corporation.
> + * Ricardo Neri <ricardo.neri@linux.intel.com>
> + */
> +
> +#include <linux/uaccess.h>
> +#include <asm/umip.h>
> +#include <asm/traps.h>
> +#include <asm/insn.h>
> +#include <asm/insn-eval.h>
> +#include <linux/ratelimit.h>
> +
> +/*
> + * == Base addresses of GDT and IDT
> + * Some applications to function rely finding the global descriptor table (GDT)
That formulation reads funny.
> + * and the interrupt descriptor table (IDT) in kernel memory.
> + * For x86_32, the selected values do not match any particular hole, but it
> + * suffices to provide a memory location within kernel memory.
> + *
> + * == CRO flags for SMSW
> + * Use the flags given when booting, as found in head_32.S
> + */
> +
> +#define CR0_STATE (X86_CR0_PE | X86_CR0_MP | X86_CR0_ET | X86_CR0_NE | \
> + X86_CR0_WP | X86_CR0_AM)
Why not pull those up in asm/processor-flags.h or so and share the
definition instead of duplicating it?
> +#define UMIP_DUMMY_GDT_BASE 0xfffe0000
> +#define UMIP_DUMMY_IDT_BASE 0xffff0000
> +
> +enum umip_insn {
> + UMIP_SGDT = 0, /* opcode 0f 01 ModR/M reg 0 */
> + UMIP_SIDT, /* opcode 0f 01 ModR/M reg 1 */
> + UMIP_SLDT, /* opcode 0f 00 ModR/M reg 0 */
> + UMIP_SMSW, /* opcode 0f 01 ModR/M reg 4 */
> + UMIP_STR, /* opcode 0f 00 ModR/M reg 1 */
Let's stick to a single spelling: ModRM.reg=0, etc.
Better yet, use the SDM format:
UMIP_SGDT = 0, /* 0F 01 /0 */
UMIP_SIDT, /* 0F 01 /1 */
...
> +};
> +
> +/**
> + * __identify_insn() - Identify a UMIP-protected instruction
> + * @insn: Instruction structure with opcode and ModRM byte.
> + *
> + * From the instruction opcode and the reg part of the ModRM byte, identify,
> + * if any, a UMIP-protected instruction.
> + *
> + * Return: an enumeration of a UMIP-protected instruction; -EINVAL on failure.
> + */
> +static int __identify_insn(struct insn *insn)
static enum umip_insn __identify_insn(...
But frankly, that enum looks pointless to me - it is used locally only
and you can just as well use plain ints.
> +{
> + /* By getting modrm we also get the opcode. */
> + insn_get_modrm(insn);
> +
> + /* All the instructions of interest start with 0x0f. */
> + if (insn->opcode.bytes[0] != 0xf)
> + return -EINVAL;
> +
> + if (insn->opcode.bytes[1] == 0x1) {
> + switch (X86_MODRM_REG(insn->modrm.value)) {
> + case 0:
> + return UMIP_SGDT;
> + case 1:
> + return UMIP_SIDT;
> + case 4:
> + return UMIP_SMSW;
> + default:
> + return -EINVAL;
> + }
> + }
> + /* SLDT AND STR are not emulated */
> + return -EINVAL;
> +}
> +
> +/**
> + * __emulate_umip_insn() - Emulate UMIP instructions with dummy values
> + * @insn: Instruction structure with ModRM byte
> + * @umip_inst: Instruction to emulate
> + * @data: Buffer onto which the dummy values will be copied
> + * @data_size: Size of the emulated result
> + *
> + * Emulate an instruction protected by UMIP. The result of the emulation
> + * is saved in the provided buffer. The size of the results depends on both
> + * the instruction and type of operand (register vs memory address). Thus,
> + * the size of the result needs to be updated.
> + *
> + * Result: 0 if success, -EINVAL on failure to emulate
> + */
> +static int __emulate_umip_insn(struct insn *insn, enum umip_insn umip_inst,
> + unsigned char *data, int *data_size)
> +{
> + unsigned long dummy_base_addr;
> + unsigned short dummy_limit = 0;
> + unsigned int dummy_value = 0;
> +
> + switch (umip_inst) {
> + /*
> + * These two instructions return the base address and limit of the
> + * global and interrupt descriptor table. The base address can be
> + * 24-bit, 32-bit or 64-bit. Limit is always 16-bit. If the operand
> + * size is 16-bit the returned value of the base address is supposed
> + * to be a zero-extended 24-byte number. However, it seems that a
> + * 32-byte number is always returned in legacy protected mode
> + * irrespective of the operand size.
> + */
> + case UMIP_SGDT:
> + /* fall through */
> + case UMIP_SIDT:
> + if (umip_inst == UMIP_SGDT)
> + dummy_base_addr = UMIP_DUMMY_GDT_BASE;
> + else
> + dummy_base_addr = UMIP_DUMMY_IDT_BASE;
> + if (X86_MODRM_MOD(insn->modrm.value) == 3) {
> + /* SGDT and SIDT do not take register as argument. */
Comment above the if.
> + return -EINVAL;
> + }
So that check needs to go first, then the dummy_base_addr assignment.
> +
> + memcpy(data + 2, &dummy_base_addr, sizeof(dummy_base_addr));
> + memcpy(data, &dummy_limit, sizeof(dummy_limit));
> + *data_size = sizeof(dummy_base_addr) + sizeof(dummy_limit);
Huh, that value will always be the same - why do you have a specific
variable? It could be a define, once for 32-bit and once for 64-bit.
> + break;
> + case UMIP_SMSW:
> + /*
> + * Even though CR0_STATE contain 4 bytes, the number
> + * of bytes to be copied in the result buffer is determined
> + * by whether the operand is a register or a memory location.
> + */
> + dummy_value = CR0_STATE;
Something's wrong here: how does that local, write-only variable have
any effect?
> + /*
> + * These two instructions return a 16-bit value. We return
> + * all zeros. This is equivalent to a null descriptor for
> + * str and sldt.
> + */
> + /* SLDT and STR are not emulated */
> + /* fall through */
> + case UMIP_SLDT:
> + /* fall through */
> + case UMIP_STR:
> + /* fall through */
> + default:
> + return -EINVAL;
That switch-case has a majority of fall-throughs. So make it an if-else
instead.
> + }
> + return 0;
> +}
> +
> +/**
> + * fixup_umip_exception() - Fixup #GP faults caused by UMIP
> + * @regs: Registers as saved when entering the #GP trap
> + *
> + * The instructions sgdt, sidt, str, smsw, sldt cause a general protection
> + * fault if with CPL > 0 (i.e., from user space). This function can be
> + * used to emulate the results of the aforementioned instructions with
> + * dummy values. Results are copied to user-space memory as indicated by
> + * the instruction pointed by EIP using the registers indicated in the
> + * instruction operands. This function also takes care of determining
> + * the address to which the results must be copied.
> + */
> +bool fixup_umip_exception(struct pt_regs *regs)
> +{
> + struct insn insn;
> + unsigned char buf[MAX_INSN_SIZE];
> + /* 10 bytes is the maximum size of the result of UMIP instructions */
> + unsigned char dummy_data[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
unsigned char dummy_data[10] = { 0 };
One 0 should be enough :)
> + unsigned long seg_base;
> + int not_copied, nr_copied, reg_offset, dummy_data_size;
> + void __user *uaddr;
> + unsigned long *reg_addr;
> + enum umip_insn umip_inst;
> + struct insn_code_seg_defaults seg_defs;
Please sort function local variables declaration in a reverse christmas
tree order:
<type> longest_variable_name;
<type> shorter_var_name;
<type> even_shorter;
<type> i;
> +
> + /*
> + * Use the segment base in case user space used a different code
> + * segment, either in protected (e.g., from an LDT) or virtual-8086
> + * modes. In most of the cases seg_base will be zero as in USER_CS.
> + */
> + seg_base = insn_get_seg_base(regs, &insn,
> + offsetof(struct pt_regs, ip));
Oh boy, where's the error handling?! That can return -1L.
> + not_copied = copy_from_user(buf, (void __user *)(seg_base + regs->ip),
-1L + regs->ip is then your pwnage.
> + sizeof(buf));
Just let them stick out.
> + nr_copied = sizeof(buf) - not_copied;
<---- newline here.
> + /*
> + * The copy_from_user above could have failed if user code is protected
()
> + * by a memory protection key. Give up on emulation in such a case.
> + * Should we issue a page fault?
Why? AFAICT, you're in the #GP handler. Simply you return unhandled.
> + */
> + if (!nr_copied)
> + return false;
> +
> + insn_init(&insn, buf, nr_copied, user_64bit_mode(regs));
> +
> + /*
> + * Override the default operand and address sizes to what is specified
> + * in the code segment descriptor. The instruction decoder only sets
> + * the address size it to either 4 or 8 address bytes and does nothing
> + * for the operand bytes. This OK for most of the cases, but we could
> + * have special cases where, for instance, a 16-bit code segment
> + * descriptor is used.
> + * If there are overrides, the instruction decoder correctly updates
> + * these values, even for 16-bit defaults.
> + */
> + seg_defs = insn_get_code_seg_defaults(regs);
> + insn.addr_bytes = seg_defs.address_bytes;
> + insn.opnd_bytes = seg_defs.operand_bytes;
> +
> + if (!insn.addr_bytes || !insn.opnd_bytes)
> + return false;
> +
> + if (user_64bit_mode(regs))
> + return false;
> +
> + insn_get_length(&insn);
> + if (nr_copied < insn.length)
> + return false;
> +
> + umip_inst = __identify_insn(&insn);
> + /* Check if we found an instruction protected by UMIP */
Put comment above the function call.
> + if (umip_inst < 0)
> + return false;
> +
> + if (__emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size))
> + return false;
> +
> + /* If operand is a register, write directly to it */
> + if (X86_MODRM_MOD(insn.modrm.value) == 3) {
> + reg_offset = insn_get_modrm_rm_off(&insn, regs);
Grr, error handling!! That reg_offset can be -E<something>.
> + reg_addr = (unsigned long *)((unsigned long)regs + reg_offset);
> + memcpy(reg_addr, dummy_data, dummy_data_size);
> + } else {
> + uaddr = insn_get_addr_ref(&insn, regs);
> + /* user address could not be determined, abort emulation */
That comment is kinda obvious. But yes, this has error handling.
> + if ((unsigned long)uaddr == -1L)
> + return false;
> + nr_copied = copy_to_user(uaddr, dummy_data, dummy_data_size);
> + if (nr_copied > 0)
> + return false;
> + }
> +
> + /* increase IP to let the program keep going */
> + regs->ip += insn.length;
> + return true;
> +}
> --
> 2.9.3
>
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
next prev parent reply other threads:[~2017-06-08 18:38 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 18:16 [PATCH v7 00/26] x86: Enable User-Mode Instruction Prevention Ricardo Neri
2017-05-05 18:16 ` [PATCH v7 01/26] ptrace,x86: Make user_64bit_mode() available to 32-bit builds Ricardo Neri
2017-05-21 14:19 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 02/26] x86/mm: Relocate page fault error codes to traps.h Ricardo Neri
2017-05-21 14:23 ` Borislav Petkov
2017-05-27 3:40 ` Ricardo Neri
2017-05-27 10:13 ` Borislav Petkov
2017-06-01 3:09 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 03/26] x86/mpx: Use signed variables to compute effective addresses Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 04/26] x86/mpx: Do not use SIB.index if its value is 100b and ModRM.mod is not 11b Ricardo Neri
2017-05-24 13:37 ` Borislav Petkov
2017-05-27 3:36 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 05/26] x86/mpx: Do not use SIB.base if its value is 101b and ModRM.mod = 0 Ricardo Neri
2017-05-29 13:07 ` Borislav Petkov
2017-06-06 6:08 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 06/26] x86/mpx, x86/insn: Relocate insn util functions to a new insn-eval file Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 07/26] x86/insn-eval: Do not BUG on invalid register type Ricardo Neri
2017-05-29 16:37 ` Borislav Petkov
2017-06-06 6:06 ` Ricardo Neri
2017-06-06 11:58 ` Borislav Petkov
2017-06-07 0:28 ` Ricardo Neri
2017-06-07 12:21 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 08/26] x86/insn-eval: Add a utility function to get register offsets Ricardo Neri
2017-05-29 17:16 ` Borislav Petkov
2017-06-06 6:02 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 09/26] x86/insn-eval: Add utility function to identify string instructions Ricardo Neri
2017-05-29 21:48 ` Borislav Petkov
2017-06-06 6:01 ` Ricardo Neri
2017-06-06 12:04 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 10/26] x86/insn-eval: Add utility functions to get segment selector Ricardo Neri
2017-05-30 10:35 ` Borislav Petkov
2017-06-15 18:37 ` Ricardo Neri
2017-06-15 19:04 ` Ricardo Neri
2017-06-19 15:29 ` Borislav Petkov
2017-06-19 15:37 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 11/26] x86/insn-eval: Add utility function to get segment descriptor Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 12/26] x86/insn-eval: Add utility functions to get segment descriptor base address and limit Ricardo Neri
2017-05-31 16:58 ` Borislav Petkov
2017-06-03 17:23 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 13/26] x86/insn-eval: Add function to get default params of code segment Ricardo Neri
2017-06-07 12:59 ` Borislav Petkov
2017-06-15 19:24 ` Ricardo Neri
2017-06-19 17:11 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 14/26] x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 5 Ricardo Neri
2017-06-07 13:15 ` Borislav Petkov
2017-06-15 19:36 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 15/26] x86/insn-eval: Incorporate segment base and limit in linear address computation Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 16/26] x86/insn-eval: Support both signed 32-bit and 64-bit effective addresses Ricardo Neri
2017-06-07 15:48 ` Borislav Petkov
2017-07-25 23:48 ` Ricardo Neri
2017-07-27 13:26 ` Borislav Petkov
2017-07-28 2:04 ` Ricardo Neri
2017-07-28 6:50 ` Borislav Petkov
2017-06-07 15:49 ` Borislav Petkov
2017-06-15 19:58 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 17/26] x86/insn-eval: Handle 32-bit address encodings in virtual-8086 mode Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 18/26] x86/insn-eval: Add support to resolve 16-bit addressing encodings Ricardo Neri
2017-06-07 16:28 ` Borislav Petkov
2017-06-15 21:50 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 19/26] x86/insn-eval: Add wrapper function for 16-bit and 32-bit address encodings Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 20/26] x86/cpufeature: Add User-Mode Instruction Prevention definitions Ricardo Neri
2017-05-06 9:04 ` Paolo Bonzini
2017-05-11 3:23 ` Ricardo Neri
2017-06-07 18:24 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 21/26] x86: Add emulation code for UMIP instructions Ricardo Neri
2017-06-08 18:38 ` Borislav Petkov [this message]
2017-06-17 1:34 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 22/26] x86/umip: Force a page fault when unable to copy emulated result to user Ricardo Neri
2017-06-09 11:02 ` Borislav Petkov
2017-07-25 23:50 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 23/26] x86/traps: Fixup general protection faults caused by UMIP Ricardo Neri
2017-06-09 13:02 ` Borislav Petkov
2017-07-25 23:51 ` Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 24/26] x86: Enable User-Mode Instruction Prevention Ricardo Neri
2017-06-09 16:10 ` Borislav Petkov
2017-07-26 0:44 ` Ricardo Neri
2017-07-27 13:57 ` Borislav Petkov
2017-05-05 18:17 ` [PATCH v7 25/26] selftests/x86: Add tests for " Ricardo Neri
2017-05-05 18:17 ` [PATCH v7 26/26] selftests/x86: Add tests for instruction str and sldt Ricardo Neri
2017-05-17 18:42 ` [PATCH v7 00/26] x86: Enable User-Mode Instruction Prevention Ricardo Neri
2017-05-27 3:49 ` Neri, Ricardo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170608183819.c766klw2mxs7loo5@pd.tnic \
--to=bp@suse.de \
--cc=akpm@linux-foundation.org \
--cc=brgerst@gmail.com \
--cc=cmetcalf@mellanox.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=jslaby@suse.cz \
--cc=julliard@winehq.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-msdos@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=paul.gortmaker@windriver.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=ray.huang@amd.com \
--cc=ricardo.neri-calderon@linux.intel.com \
--cc=shuah@kernel.org \
--cc=slaoub@gmail.com \
--cc=stsp@list.ru \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=vbabka@suse.cz \
--cc=wine-devel@winehq.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).