umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Andreas Rammhold]

Hi,

I've been running into a weird problem with UMIP on a current Ryzen
3900x with kernel 5.6.11 where a process receives a page fault after the
kernel handled the SLDT (or SIDT) instruction (emulation).

The program I am running is run through WINE in 32bit mode and tries to
figure out if it is running in a VMWare machine by comparing the results
of SLDT against well known constants (basically as shown in the
[example] linked below).

In dmesg I see the following log lines:
> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.

Following that the process terminates with a page fault:
> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).

Assembly at that address:
> 0x0000000000437415: sldt    0xffffffe8(%ebp)

Running the same executable on the exact same kernel (and userland) but
on a Intel i7-8565U doesn't crash at this point. I am guessing the
emulation is supposed to do something different on AMD CPUs?

On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.

I'd love to contriubte a patch but I have no knowledge of the inner
workings of how UMIP actually works.

Is there anything else I can provide to help debugging/fixing this? Very
happy to test patches as well.


[example] https://www.aldeid.com/wiki/X86-assembly/Instructions/sldt

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Brendan Shanks]

> On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote:
> 
> Hi,
> 
> I've been running into a weird problem with UMIP on a current Ryzen
> 3900x with kernel 5.6.11 where a process receives a page fault after the
> kernel handled the SLDT (or SIDT) instruction (emulation).
> 
> The program I am running is run through WINE in 32bit mode and tries to
> figure out if it is running in a VMWare machine by comparing the results
> of SLDT against well known constants (basically as shown in the
> [example] linked below).
> 
> In dmesg I see the following log lines:
>> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
>> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
>> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.
> 
> Following that the process terminates with a page fault:
>> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).
> 
> Assembly at that address:
>> 0x0000000000437415: sldt    0xffffffe8(%ebp)
> 
> Running the same executable on the exact same kernel (and userland) but
> on a Intel i7-8565U doesn't crash at this point. I am guessing the
> emulation is supposed to do something different on AMD CPUs?
> 
> On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.

Hi Andreas,

The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
Can you share more information about the application you’re running?

Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.

Alternately, I did work on a Wine patch to emulate the UMIP instructions in user-space, but it adds a lot of code and I don’t think there’s much appetite for it in upstream Wine (especially since the kernel emulation is sufficient for almost all cases).
https://www.winehq.org/pipermail/wine-devel/2020-February/160027.html

In the meantime, an easy way to disable UMIP without rebuilding the kernel is to pass 'clearcpuid=514’ on the kernel command line.

Brendan Shanks
CodeWeavers

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Ricardo Neri]

On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote:
> 
> > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote:
> > 
> > Hi,
> > 
> > I've been running into a weird problem with UMIP on a current Ryzen
> > 3900x with kernel 5.6.11 where a process receives a page fault after the
> > kernel handled the SLDT (or SIDT) instruction (emulation).
> > 
> > The program I am running is run through WINE in 32bit mode and tries to
> > figure out if it is running in a VMWare machine by comparing the results
> > of SLDT against well known constants (basically as shown in the
> > [example] linked below).
> > 
> > In dmesg I see the following log lines:
> >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
> >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
> >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.
> > 
> > Following that the process terminates with a page fault:
> >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).
> > 
> > Assembly at that address:
> >> 0x0000000000437415: sldt    0xffffffe8(%ebp)
> > 
> > Running the same executable on the exact same kernel (and userland) but
> > on a Intel i7-8565U doesn't crash at this point. I am guessing the
> > emulation is supposed to do something different on AMD CPUs?

I am surprised you don't see it on the Intel processor. Maybe it does
not have UMIP. Do you see umip when you do

$ grep umip /proc/cpuinfo 

?
> > 
> > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.
> 
> Hi Andreas,
> 
> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> Can you share more information about the application you’re running?
> 
> Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.

I have a patch for this already that I wrote for testing purposes:

https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50

Perhaps it can be used as a starting point? Not sure what the spoofing
value should be, though. Perhaps 0?

Thanks and BR,
Ricardo

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[H. Peter Anvin]

On 2020-05-19 07:38, Andreas Rammhold wrote:
> Hi,
> 
> I've been running into a weird problem with UMIP on a current Ryzen
> 3900x with kernel 5.6.11 where a process receives a page fault after the
> kernel handled the SLDT (or SIDT) instruction (emulation).
> 
> The program I am running is run through WINE in 32bit mode and tries to
> figure out if it is running in a VMWare machine by comparing the results
> of SLDT against well known constants (basically as shown in the
> [example] linked below).
> 

Extremely weird. What is it expecting to happen -- or rather, what do you
*want* it to do?

	-hpa

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Andy Lutomirski]

On Tue, May 19, 2020 at 12:43 PM Ricardo Neri
<ricardo.neri-calderon@linux.intel.com> wrote:
>
> On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote:
> >
> > > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote:
> > >
> > > Hi,
> > >
> > > I've been running into a weird problem with UMIP on a current Ryzen
> > > 3900x with kernel 5.6.11 where a process receives a page fault after the
> > > kernel handled the SLDT (or SIDT) instruction (emulation).
> > >
> > > The program I am running is run through WINE in 32bit mode and tries to
> > > figure out if it is running in a VMWare machine by comparing the results
> > > of SLDT against well known constants (basically as shown in the
> > > [example] linked below).
> > >
> > > In dmesg I see the following log lines:
> > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
> > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
> > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.
> > >
> > > Following that the process terminates with a page fault:
> > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).
> > >
> > > Assembly at that address:
> > >> 0x0000000000437415: sldt    0xffffffe8(%ebp)
> > >
> > > Running the same executable on the exact same kernel (and userland) but
> > > on a Intel i7-8565U doesn't crash at this point. I am guessing the
> > > emulation is supposed to do something different on AMD CPUs?
>
> I am surprised you don't see it on the Intel processor. Maybe it does
> not have UMIP. Do you see umip when you do
>
> $ grep umip /proc/cpuinfo
>
> ?
> > >
> > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.
> >
> > Hi Andreas,
> >
> > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> > Can you share more information about the application you’re running?
> >
> > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.
>
> I have a patch for this already that I wrote for testing purposes:
>
> https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
>
> Perhaps it can be used as a starting point? Not sure what the spoofing
> value should be, though. Perhaps 0?

Possibly SLDT should return nonzero if there's an LDT.

--Andy

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[andi]

On 12:43 19.05.20, Ricardo Neri wrote:
> > > Running the same executable on the exact same kernel (and userland) but
> > > on a Intel i7-8565U doesn't crash at this point. I am guessing the
> > > emulation is supposed to do something different on AMD CPUs?
> 
> I am surprised you don't see it on the Intel processor. Maybe it does
> not have UMIP. Do you see umip when you do
> 
> $ grep umip /proc/cpuinfo 

Indeed it doesn't ahve the feature. I would have assumed that it is
recent enough. Apparently not.

> > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.
> > 
> > Hi Andreas,
> > 
> > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> > Can you share more information about the application you’re running?
> > 
> > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.
> 
> I have a patch for this already that I wrote for testing purposes:
> 
> https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
> 
> Perhaps it can be used as a starting point? Not sure what the spoofing
> value should be, though. Perhaps 0?

I am not entirely sure what it should return in the general case. My
assumption is that 0 might work. Maybe making it configurable like with
the other UMIP constants that I saw?

I'll give the patch a shot and try to figure out what the authors of the
code have to say about it.

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[andi]

On 11:56 19.05.20, Brendan Shanks wrote:
> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> Can you share more information about the application you’re running?

I'll try to create a very simple reproducer for this case in the next
days. Unfortunately I don't have the source of the original application.
I can mail you instructions about it directly, if required.

> Maybe the best path is to add kernel emulation/spoofing for SLDT and
> STR on 32 and 64-bit, just to cover all the cases. It should be a
> pretty simple patch, I’ll start working on it.

Check the other mail from Ricardo, you can probably safe that effort :-)

> Alternately, I did work on a Wine patch to emulate the UMIP
> instructions in user-space, but it adds a lot of code and I don’t
> think there’s much appetite for it in upstream Wine (especially since
> the kernel emulation is sufficient for almost all cases).
> https://www.winehq.org/pipermail/wine-devel/2020-February/160027.html

Yeah that seems like the less favorable effort. My best guess is that
this might not be limited to Wine thus handling in the kernel might be
best.

> In the meantime, an easy way to disable UMIP without rebuilding the
> kernel is to pass 'clearcpuid=514’ on the kernel command line.

Nice, I'll use that next time :-)

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Ricardo Neri]

On Tue, May 19, 2020 at 05:54:53PM -0700, Andy Lutomirski wrote:
> On Tue, May 19, 2020 at 12:43 PM Ricardo Neri
> <ricardo.neri-calderon@linux.intel.com> wrote:
> >
> > On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote:
> > >
> > > > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I've been running into a weird problem with UMIP on a current Ryzen
> > > > 3900x with kernel 5.6.11 where a process receives a page fault after the
> > > > kernel handled the SLDT (or SIDT) instruction (emulation).
> > > >
> > > > The program I am running is run through WINE in 32bit mode and tries to
> > > > figure out if it is running in a VMWare machine by comparing the results
> > > > of SLDT against well known constants (basically as shown in the
> > > > [example] linked below).
> > > >
> > > > In dmesg I see the following log lines:
> > > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
> > > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
> > > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.
> > > >
> > > > Following that the process terminates with a page fault:
> > > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).
> > > >
> > > > Assembly at that address:
> > > >> 0x0000000000437415: sldt    0xffffffe8(%ebp)
> > > >
> > > > Running the same executable on the exact same kernel (and userland) but
> > > > on a Intel i7-8565U doesn't crash at this point. I am guessing the
> > > > emulation is supposed to do something different on AMD CPUs?
> >
> > I am surprised you don't see it on the Intel processor. Maybe it does
> > not have UMIP. Do you see umip when you do
> >
> > $ grep umip /proc/cpuinfo
> >
> > ?
> > > >
> > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.
> > >
> > > Hi Andreas,
> > >
> > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> > > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> > > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> > > Can you share more information about the application you’re running?
> > >
> > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.
> >
> > I have a patch for this already that I wrote for testing purposes:
> >
> > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
> >
> > Perhaps it can be used as a starting point? Not sure what the spoofing
> > value should be, though. Perhaps 0?
> 
> Possibly SLDT should return nonzero if there's an LDT.

I guess the value should be in the same hole of the x86_64 memory map,
right? Currently sgdt and sidt return 0xfffffffffffe0000 and
0xffffffffffff0000, respectively.

Thanks and BR,
Ricardo

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Andy Lutomirski]

> On May 20, 2020, at 5:55 PM, Ricardo Neri <ricardo.neri-calderon@linux.intel.com> wrote:
> 
> On Tue, May 19, 2020 at 05:54:53PM -0700, Andy Lutomirski wrote:
>>> On Tue, May 19, 2020 at 12:43 PM Ricardo Neri
>>> <ricardo.neri-calderon@linux.intel.com> wrote:
>>> 
>>> On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote:
>>>> 
>>>>> On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote:
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> I've been running into a weird problem with UMIP on a current Ryzen
>>>>> 3900x with kernel 5.6.11 where a process receives a page fault after the
>>>>> kernel handled the SLDT (or SIDT) instruction (emulation).
>>>>> 
>>>>> The program I am running is run through WINE in 32bit mode and tries to
>>>>> figure out if it is running in a VMWare machine by comparing the results
>>>>> of SLDT against well known constants (basically as shown in the
>>>>> [example] linked below).
>>>>> 
>>>>> In dmesg I see the following log lines:
>>>>>> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications.
>>>>>> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result.
>>>>>> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications.
>>>>> 
>>>>> Following that the process terminates with a page fault:
>>>>>> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415).
>>>>> 
>>>>> Assembly at that address:
>>>>>> 0x0000000000437415: sldt    0xffffffe8(%ebp)
>>>>> 
>>>>> Running the same executable on the exact same kernel (and userland) but
>>>>> on a Intel i7-8565U doesn't crash at this point. I am guessing the
>>>>> emulation is supposed to do something different on AMD CPUs?
>>> 
>>> I am surprised you don't see it on the Intel processor. Maybe it does
>>> not have UMIP. Do you see umip when you do
>>> 
>>> $ grep umip /proc/cpuinfo
>>> 
>>> ?
>>>>> 
>>>>> On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n.
>>>> 
>>>> Hi Andreas,
>>>> 
>>>> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
>>>> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
>>>> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
>>>> Can you share more information about the application you’re running?
>>>> 
>>>> Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it.
>>> 
>>> I have a patch for this already that I wrote for testing purposes:
>>> 
>>> https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
>>> 
>>> Perhaps it can be used as a starting point? Not sure what the spoofing
>>> value should be, though. Perhaps 0?
>> 
>> Possibly SLDT should return nonzero if there's an LDT.
> 
> I guess the value should be in the same hole of the x86_64 memory map,
> right? Currently sgdt and sidt return 0xfffffffffffe0000 and
> 0xffffffffffff0000, respectively.

As far as I’m concerned, it makes no difference whether it’s a hole in the memory map.  But sure.

> 
> Thanks and BR,
> Ricardo

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Andreas Rammhold]

On 12:43 19.05.20, Ricardo Neri wrote:
> I have a patch for this already that I wrote for testing purposes:
> https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
> Perhaps it can be used as a starting point? Not sure what the spoofing
> value should be, though. Perhaps 0?

I tried the above patch (in modified/rebased version; hope that didn't
kill it [0]). The results are negative, as without the patch.

[0] https://github.com/andir/linux/commit/bda858f44a860762bc484da62833f57462220874

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[andi]

On 11:56 19.05.20, Brendan Shanks wrote:
> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> Can you share more information about the application you’re running?

This is basically the "minimal" reproducer for the issue I've been
observed (as by the previously linked article):

https://gist.githubusercontent.com/andir/071981717460242a1df2e0fc20836fdc/raw/0c31877aa7ee59146596fe68934f9cecb5c998ae/test.c

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Ricardo Neri]

On Sat, May 23, 2020 at 04:17:39AM +0200, Andreas Rammhold wrote:
> On 12:43 19.05.20, Ricardo Neri wrote:
> > I have a patch for this already that I wrote for testing purposes:
> > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
> > Perhaps it can be used as a starting point? Not sure what the spoofing
> > value should be, though. Perhaps 0?
> 
> I tried the above patch (in modified/rebased version; hope that didn't
> kill it [0]). The results are negative, as without the patch.

Ah. My patch above is based on a rather old kernel. There is a check in
fixup_umip_exception() for SLDT and STR. I think this causes the
exception you see. Perhaps you can try by removing such check:

diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
@@ -383,10 +389,6 @@ bool fixup_umip_exception(struct pt_regs *regs)
 	umip_pr_warn(regs, "%s instruction cannot be used by applications.\n",
 			umip_insns[umip_inst]);

-	/* Do not emulate (spoof) SLDT or STR. */
-	if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT)
-		return false;
-
	umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n");

	if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size,

You would still need my old patch.

Thanks and BR,
Ricardo

Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction

[Andreas Rammhold]

On 06:33 26.05.20, Ricardo Neri wrote:
> On Sat, May 23, 2020 at 04:17:39AM +0200, Andreas Rammhold wrote:
> > On 12:43 19.05.20, Ricardo Neri wrote:
> > > I have a patch for this already that I wrote for testing purposes:
> > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50
> > > Perhaps it can be used as a starting point? Not sure what the spoofing
> > > value should be, though. Perhaps 0?
> > 
> > I tried the above patch (in modified/rebased version; hope that didn't
> > kill it [0]). The results are negative, as without the patch.
> 
> Ah. My patch above is based on a rather old kernel. There is a check in
> fixup_umip_exception() for SLDT and STR. I think this causes the
> exception you see. Perhaps you can try by removing such check:
> 
> diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> @@ -383,10 +389,6 @@ bool fixup_umip_exception(struct pt_regs *regs)
>  	umip_pr_warn(regs, "%s instruction cannot be used by applications.\n",
>  			umip_insns[umip_inst]);
> 
> -	/* Do not emulate (spoof) SLDT or STR. */
> -	if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT)
> -		return false;
> -
> 	umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n");
> 
> 	if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size,
> 
> You would still need my old patch.

Thanks, that works for my application.

Regards,

Andi