* umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction @ 2020-05-19 14:38 Andreas Rammhold 2020-05-19 18:56 ` Brendan Shanks 2020-05-20 0:17 ` H. Peter Anvin 0 siblings, 2 replies; 13+ messages in thread From: Andreas Rammhold @ 2020-05-19 14:38 UTC (permalink / raw) To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Ricardo Neri, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, Brendan Shanks, linux-kernel Hi, I've been running into a weird problem with UMIP on a current Ryzen 3900x with kernel 5.6.11 where a process receives a page fault after the kernel handled the SLDT (or SIDT) instruction (emulation). The program I am running is run through WINE in 32bit mode and tries to figure out if it is running in a VMWare machine by comparing the results of SLDT against well known constants (basically as shown in the [example] linked below). In dmesg I see the following log lines: > [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. > [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. > [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. Following that the process terminates with a page fault: > Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). Assembly at that address: > 0x0000000000437415: sldt 0xffffffe8(%ebp) Running the same executable on the exact same kernel (and userland) but on a Intel i7-8565U doesn't crash at this point. I am guessing the emulation is supposed to do something different on AMD CPUs? On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. I'd love to contriubte a patch but I have no knowledge of the inner workings of how UMIP actually works. Is there anything else I can provide to help debugging/fixing this? Very happy to test patches as well. [example] https://www.aldeid.com/wiki/X86-assembly/Instructions/sldt ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 14:38 umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction Andreas Rammhold @ 2020-05-19 18:56 ` Brendan Shanks 2020-05-19 19:43 ` Ricardo Neri ` (2 more replies) 2020-05-20 0:17 ` H. Peter Anvin 1 sibling, 3 replies; 13+ messages in thread From: Brendan Shanks @ 2020-05-19 18:56 UTC (permalink / raw) To: Andreas Rammhold Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Ricardo Neri, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote: > > Hi, > > I've been running into a weird problem with UMIP on a current Ryzen > 3900x with kernel 5.6.11 where a process receives a page fault after the > kernel handled the SLDT (or SIDT) instruction (emulation). > > The program I am running is run through WINE in 32bit mode and tries to > figure out if it is running in a VMWare machine by comparing the results > of SLDT against well known constants (basically as shown in the > [example] linked below). > > In dmesg I see the following log lines: >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. > > Following that the process terminates with a page fault: >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). > > Assembly at that address: >> 0x0000000000437415: sldt 0xffffffe8(%ebp) > > Running the same executable on the exact same kernel (and userland) but > on a Intel i7-8565U doesn't crash at this point. I am guessing the > emulation is supposed to do something different on AMD CPUs? > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. Hi Andreas, The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. Can you share more information about the application you’re running? Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. Alternately, I did work on a Wine patch to emulate the UMIP instructions in user-space, but it adds a lot of code and I don’t think there’s much appetite for it in upstream Wine (especially since the kernel emulation is sufficient for almost all cases). https://www.winehq.org/pipermail/wine-devel/2020-February/160027.html In the meantime, an easy way to disable UMIP without rebuilding the kernel is to pass 'clearcpuid=514’ on the kernel command line. Brendan Shanks CodeWeavers ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 18:56 ` Brendan Shanks @ 2020-05-19 19:43 ` Ricardo Neri 2020-05-20 0:54 ` Andy Lutomirski ` (2 more replies) 2020-05-20 1:08 ` andi 2020-05-23 2:21 ` andi 2 siblings, 3 replies; 13+ messages in thread From: Ricardo Neri @ 2020-05-19 19:43 UTC (permalink / raw) To: Brendan Shanks Cc: Andreas Rammhold, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote: > > > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote: > > > > Hi, > > > > I've been running into a weird problem with UMIP on a current Ryzen > > 3900x with kernel 5.6.11 where a process receives a page fault after the > > kernel handled the SLDT (or SIDT) instruction (emulation). > > > > The program I am running is run through WINE in 32bit mode and tries to > > figure out if it is running in a VMWare machine by comparing the results > > of SLDT against well known constants (basically as shown in the > > [example] linked below). > > > > In dmesg I see the following log lines: > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. > > > > Following that the process terminates with a page fault: > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). > > > > Assembly at that address: > >> 0x0000000000437415: sldt 0xffffffe8(%ebp) > > > > Running the same executable on the exact same kernel (and userland) but > > on a Intel i7-8565U doesn't crash at this point. I am guessing the > > emulation is supposed to do something different on AMD CPUs? I am surprised you don't see it on the Intel processor. Maybe it does not have UMIP. Do you see umip when you do $ grep umip /proc/cpuinfo ? > > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. > > Hi Andreas, > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > Can you share more information about the application you’re running? > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. I have a patch for this already that I wrote for testing purposes: https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 Perhaps it can be used as a starting point? Not sure what the spoofing value should be, though. Perhaps 0? Thanks and BR, Ricardo ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 19:43 ` Ricardo Neri @ 2020-05-20 0:54 ` Andy Lutomirski 2020-05-21 0:56 ` Ricardo Neri 2020-05-20 1:04 ` andi 2020-05-23 2:17 ` Andreas Rammhold 2 siblings, 1 reply; 13+ messages in thread From: Andy Lutomirski @ 2020-05-20 0:54 UTC (permalink / raw) To: Ricardo Neri Cc: Brendan Shanks, Andreas Rammhold, Thomas Gleixner, Ingo Molnar, Borislav Petkov, X86 ML, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, LKML On Tue, May 19, 2020 at 12:43 PM Ricardo Neri <ricardo.neri-calderon@linux.intel.com> wrote: > > On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote: > > > > > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote: > > > > > > Hi, > > > > > > I've been running into a weird problem with UMIP on a current Ryzen > > > 3900x with kernel 5.6.11 where a process receives a page fault after the > > > kernel handled the SLDT (or SIDT) instruction (emulation). > > > > > > The program I am running is run through WINE in 32bit mode and tries to > > > figure out if it is running in a VMWare machine by comparing the results > > > of SLDT against well known constants (basically as shown in the > > > [example] linked below). > > > > > > In dmesg I see the following log lines: > > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. > > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. > > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. > > > > > > Following that the process terminates with a page fault: > > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). > > > > > > Assembly at that address: > > >> 0x0000000000437415: sldt 0xffffffe8(%ebp) > > > > > > Running the same executable on the exact same kernel (and userland) but > > > on a Intel i7-8565U doesn't crash at this point. I am guessing the > > > emulation is supposed to do something different on AMD CPUs? > > I am surprised you don't see it on the Intel processor. Maybe it does > not have UMIP. Do you see umip when you do > > $ grep umip /proc/cpuinfo > > ? > > > > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. > > > > Hi Andreas, > > > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > > Can you share more information about the application you’re running? > > > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. > > I have a patch for this already that I wrote for testing purposes: > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > Perhaps it can be used as a starting point? Not sure what the spoofing > value should be, though. Perhaps 0? Possibly SLDT should return nonzero if there's an LDT. --Andy ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-20 0:54 ` Andy Lutomirski @ 2020-05-21 0:56 ` Ricardo Neri 2020-05-21 1:16 ` Andy Lutomirski 0 siblings, 1 reply; 13+ messages in thread From: Ricardo Neri @ 2020-05-21 0:56 UTC (permalink / raw) To: Andy Lutomirski Cc: Brendan Shanks, Andreas Rammhold, Thomas Gleixner, Ingo Molnar, Borislav Petkov, X86 ML, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, LKML On Tue, May 19, 2020 at 05:54:53PM -0700, Andy Lutomirski wrote: > On Tue, May 19, 2020 at 12:43 PM Ricardo Neri > <ricardo.neri-calderon@linux.intel.com> wrote: > > > > On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote: > > > > > > > On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote: > > > > > > > > Hi, > > > > > > > > I've been running into a weird problem with UMIP on a current Ryzen > > > > 3900x with kernel 5.6.11 where a process receives a page fault after the > > > > kernel handled the SLDT (or SIDT) instruction (emulation). > > > > > > > > The program I am running is run through WINE in 32bit mode and tries to > > > > figure out if it is running in a VMWare machine by comparing the results > > > > of SLDT against well known constants (basically as shown in the > > > > [example] linked below). > > > > > > > > In dmesg I see the following log lines: > > > >> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. > > > >> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. > > > >> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. > > > > > > > > Following that the process terminates with a page fault: > > > >> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). > > > > > > > > Assembly at that address: > > > >> 0x0000000000437415: sldt 0xffffffe8(%ebp) > > > > > > > > Running the same executable on the exact same kernel (and userland) but > > > > on a Intel i7-8565U doesn't crash at this point. I am guessing the > > > > emulation is supposed to do something different on AMD CPUs? > > > > I am surprised you don't see it on the Intel processor. Maybe it does > > not have UMIP. Do you see umip when you do > > > > $ grep umip /proc/cpuinfo > > > > ? > > > > > > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. > > > > > > Hi Andreas, > > > > > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > > > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > > > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > > > Can you share more information about the application you’re running? > > > > > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. > > > > I have a patch for this already that I wrote for testing purposes: > > > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > > > Perhaps it can be used as a starting point? Not sure what the spoofing > > value should be, though. Perhaps 0? > > Possibly SLDT should return nonzero if there's an LDT. I guess the value should be in the same hole of the x86_64 memory map, right? Currently sgdt and sidt return 0xfffffffffffe0000 and 0xffffffffffff0000, respectively. Thanks and BR, Ricardo ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-21 0:56 ` Ricardo Neri @ 2020-05-21 1:16 ` Andy Lutomirski 0 siblings, 0 replies; 13+ messages in thread From: Andy Lutomirski @ 2020-05-21 1:16 UTC (permalink / raw) To: Ricardo Neri Cc: Andy Lutomirski, Brendan Shanks, Andreas Rammhold, Thomas Gleixner, Ingo Molnar, Borislav Petkov, X86 ML, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, LKML > On May 20, 2020, at 5:55 PM, Ricardo Neri <ricardo.neri-calderon@linux.intel.com> wrote: > > On Tue, May 19, 2020 at 05:54:53PM -0700, Andy Lutomirski wrote: >>> On Tue, May 19, 2020 at 12:43 PM Ricardo Neri >>> <ricardo.neri-calderon@linux.intel.com> wrote: >>> >>> On Tue, May 19, 2020 at 11:56:40AM -0700, Brendan Shanks wrote: >>>> >>>>> On May 19, 2020, at 7:38 AM, Andreas Rammhold <andi@notmuch.email> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I've been running into a weird problem with UMIP on a current Ryzen >>>>> 3900x with kernel 5.6.11 where a process receives a page fault after the >>>>> kernel handled the SLDT (or SIDT) instruction (emulation). >>>>> >>>>> The program I am running is run through WINE in 32bit mode and tries to >>>>> figure out if it is running in a VMWare machine by comparing the results >>>>> of SLDT against well known constants (basically as shown in the >>>>> [example] linked below). >>>>> >>>>> In dmesg I see the following log lines: >>>>>> [99970.004756] umip: Program.exe[3080] ip:4373fb sp:32f3e0: SIDT instruction cannot be used by applications. >>>>>> [99970.004757] umip: Program.exe[3080] ip:4373fb sp:32f3e0: For now, expensive software emulation returns the result. >>>>>> [99970.004758] umip: Program.exe[3080] ip:437415 sp:32f3e0: SLDT instruction cannot be used by applications. >>>>> >>>>> Following that the process terminates with a page fault: >>>>>> Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x0000000000437415). >>>>> >>>>> Assembly at that address: >>>>>> 0x0000000000437415: sldt 0xffffffe8(%ebp) >>>>> >>>>> Running the same executable on the exact same kernel (and userland) but >>>>> on a Intel i7-8565U doesn't crash at this point. I am guessing the >>>>> emulation is supposed to do something different on AMD CPUs? >>> >>> I am surprised you don't see it on the Intel processor. Maybe it does >>> not have UMIP. Do you see umip when you do >>> >>> $ grep umip /proc/cpuinfo >>> >>> ? >>>>> >>>>> On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. >>>> >>>> Hi Andreas, >>>> >>>> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. >>>> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. >>>> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. >>>> Can you share more information about the application you’re running? >>>> >>>> Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. >>> >>> I have a patch for this already that I wrote for testing purposes: >>> >>> https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 >>> >>> Perhaps it can be used as a starting point? Not sure what the spoofing >>> value should be, though. Perhaps 0? >> >> Possibly SLDT should return nonzero if there's an LDT. > > I guess the value should be in the same hole of the x86_64 memory map, > right? Currently sgdt and sidt return 0xfffffffffffe0000 and > 0xffffffffffff0000, respectively. As far as I’m concerned, it makes no difference whether it’s a hole in the memory map. But sure. > > Thanks and BR, > Ricardo ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 19:43 ` Ricardo Neri 2020-05-20 0:54 ` Andy Lutomirski @ 2020-05-20 1:04 ` andi 2020-05-23 2:17 ` Andreas Rammhold 2 siblings, 0 replies; 13+ messages in thread From: andi @ 2020-05-20 1:04 UTC (permalink / raw) To: Ricardo Neri Cc: Brendan Shanks, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On 12:43 19.05.20, Ricardo Neri wrote: > > > Running the same executable on the exact same kernel (and userland) but > > > on a Intel i7-8565U doesn't crash at this point. I am guessing the > > > emulation is supposed to do something different on AMD CPUs? > > I am surprised you don't see it on the Intel processor. Maybe it does > not have UMIP. Do you see umip when you do > > $ grep umip /proc/cpuinfo Indeed it doesn't ahve the feature. I would have assumed that it is recent enough. Apparently not. > > > On the Ryzen the code executes successfully after setting CONFIG_X86_UMIP=n. > > > > Hi Andreas, > > > > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > > Can you share more information about the application you’re running? > > > > Maybe the best path is to add kernel emulation/spoofing for SLDT and STR on 32 and 64-bit, just to cover all the cases. It should be a pretty simple patch, I’ll start working on it. > > I have a patch for this already that I wrote for testing purposes: > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > Perhaps it can be used as a starting point? Not sure what the spoofing > value should be, though. Perhaps 0? I am not entirely sure what it should return in the general case. My assumption is that 0 might work. Maybe making it configurable like with the other UMIP constants that I saw? I'll give the patch a shot and try to figure out what the authors of the code have to say about it. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 19:43 ` Ricardo Neri 2020-05-20 0:54 ` Andy Lutomirski 2020-05-20 1:04 ` andi @ 2020-05-23 2:17 ` Andreas Rammhold 2020-05-26 13:33 ` Ricardo Neri 2 siblings, 1 reply; 13+ messages in thread From: Andreas Rammhold @ 2020-05-23 2:17 UTC (permalink / raw) To: Ricardo Neri Cc: Brendan Shanks, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On 12:43 19.05.20, Ricardo Neri wrote: > I have a patch for this already that I wrote for testing purposes: > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > Perhaps it can be used as a starting point? Not sure what the spoofing > value should be, though. Perhaps 0? I tried the above patch (in modified/rebased version; hope that didn't kill it [0]). The results are negative, as without the patch. [0] https://github.com/andir/linux/commit/bda858f44a860762bc484da62833f57462220874 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-23 2:17 ` Andreas Rammhold @ 2020-05-26 13:33 ` Ricardo Neri 2020-05-28 11:36 ` Andreas Rammhold 0 siblings, 1 reply; 13+ messages in thread From: Ricardo Neri @ 2020-05-26 13:33 UTC (permalink / raw) To: Andreas Rammhold Cc: Brendan Shanks, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On Sat, May 23, 2020 at 04:17:39AM +0200, Andreas Rammhold wrote: > On 12:43 19.05.20, Ricardo Neri wrote: > > I have a patch for this already that I wrote for testing purposes: > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > Perhaps it can be used as a starting point? Not sure what the spoofing > > value should be, though. Perhaps 0? > > I tried the above patch (in modified/rebased version; hope that didn't > kill it [0]). The results are negative, as without the patch. Ah. My patch above is based on a rather old kernel. There is a check in fixup_umip_exception() for SLDT and STR. I think this causes the exception you see. Perhaps you can try by removing such check: diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c @@ -383,10 +389,6 @@ bool fixup_umip_exception(struct pt_regs *regs) umip_pr_warn(regs, "%s instruction cannot be used by applications.\n", umip_insns[umip_inst]); - /* Do not emulate (spoof) SLDT or STR. */ - if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT) - return false; - umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n"); if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size, You would still need my old patch. Thanks and BR, Ricardo ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-26 13:33 ` Ricardo Neri @ 2020-05-28 11:36 ` Andreas Rammhold 0 siblings, 0 replies; 13+ messages in thread From: Andreas Rammhold @ 2020-05-28 11:36 UTC (permalink / raw) To: Ricardo Neri Cc: Brendan Shanks, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On 06:33 26.05.20, Ricardo Neri wrote: > On Sat, May 23, 2020 at 04:17:39AM +0200, Andreas Rammhold wrote: > > On 12:43 19.05.20, Ricardo Neri wrote: > > > I have a patch for this already that I wrote for testing purposes: > > > https://github.com/ricardon/tip/commit/1692889cb3f8accb523d44b682458e234b93be50 > > > Perhaps it can be used as a starting point? Not sure what the spoofing > > > value should be, though. Perhaps 0? > > > > I tried the above patch (in modified/rebased version; hope that didn't > > kill it [0]). The results are negative, as without the patch. > > Ah. My patch above is based on a rather old kernel. There is a check in > fixup_umip_exception() for SLDT and STR. I think this causes the > exception you see. Perhaps you can try by removing such check: > > diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c > @@ -383,10 +389,6 @@ bool fixup_umip_exception(struct pt_regs *regs) > umip_pr_warn(regs, "%s instruction cannot be used by applications.\n", > umip_insns[umip_inst]); > > - /* Do not emulate (spoof) SLDT or STR. */ > - if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT) > - return false; > - > umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n"); > > if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size, > > You would still need my old patch. Thanks, that works for my application. Regards, Andi ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 18:56 ` Brendan Shanks 2020-05-19 19:43 ` Ricardo Neri @ 2020-05-20 1:08 ` andi 2020-05-23 2:21 ` andi 2 siblings, 0 replies; 13+ messages in thread From: andi @ 2020-05-20 1:08 UTC (permalink / raw) To: Brendan Shanks Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Ricardo Neri, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On 11:56 19.05.20, Brendan Shanks wrote: > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > Can you share more information about the application you’re running? I'll try to create a very simple reproducer for this case in the next days. Unfortunately I don't have the source of the original application. I can mail you instructions about it directly, if required. > Maybe the best path is to add kernel emulation/spoofing for SLDT and > STR on 32 and 64-bit, just to cover all the cases. It should be a > pretty simple patch, I’ll start working on it. Check the other mail from Ricardo, you can probably safe that effort :-) > Alternately, I did work on a Wine patch to emulate the UMIP > instructions in user-space, but it adds a lot of code and I don’t > think there’s much appetite for it in upstream Wine (especially since > the kernel emulation is sufficient for almost all cases). > https://www.winehq.org/pipermail/wine-devel/2020-February/160027.html Yeah that seems like the less favorable effort. My best guess is that this might not be limited to Wine thus handling in the kernel might be best. > In the meantime, an easy way to disable UMIP without rebuilding the > kernel is to pass 'clearcpuid=514’ on the kernel command line. Nice, I'll use that next time :-) ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 18:56 ` Brendan Shanks 2020-05-19 19:43 ` Ricardo Neri 2020-05-20 1:08 ` andi @ 2020-05-23 2:21 ` andi 2 siblings, 0 replies; 13+ messages in thread From: andi @ 2020-05-23 2:21 UTC (permalink / raw) To: Brendan Shanks Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, H. Peter Anvin, Ricardo Neri, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, linux-kernel On 11:56 19.05.20, Brendan Shanks wrote: > The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW. > SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added. > In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though. > Can you share more information about the application you’re running? This is basically the "minimal" reproducer for the issue I've been observed (as by the previously linked article): https://gist.githubusercontent.com/andir/071981717460242a1df2e0fc20836fdc/raw/0c31877aa7ee59146596fe68934f9cecb5c998ae/test.c ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction 2020-05-19 14:38 umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction Andreas Rammhold 2020-05-19 18:56 ` Brendan Shanks @ 2020-05-20 0:17 ` H. Peter Anvin 1 sibling, 0 replies; 13+ messages in thread From: H. Peter Anvin @ 2020-05-20 0:17 UTC (permalink / raw) To: Andreas Rammhold, Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86, Ricardo Neri, Eric W. Biederman, Sergey Senozhatsky, Babu Moger, Kefeng Wang, Jason Yan, Brendan Shanks, linux-kernel On 2020-05-19 07:38, Andreas Rammhold wrote: > Hi, > > I've been running into a weird problem with UMIP on a current Ryzen > 3900x with kernel 5.6.11 where a process receives a page fault after the > kernel handled the SLDT (or SIDT) instruction (emulation). > > The program I am running is run through WINE in 32bit mode and tries to > figure out if it is running in a VMWare machine by comparing the results > of SLDT against well known constants (basically as shown in the > [example] linked below). > Extremely weird. What is it expecting to happen -- or rather, what do you *want* it to do? -hpa ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-05-28 11:36 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-05-19 14:38 umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT instruction Andreas Rammhold 2020-05-19 18:56 ` Brendan Shanks 2020-05-19 19:43 ` Ricardo Neri 2020-05-20 0:54 ` Andy Lutomirski 2020-05-21 0:56 ` Ricardo Neri 2020-05-21 1:16 ` Andy Lutomirski 2020-05-20 1:04 ` andi 2020-05-23 2:17 ` Andreas Rammhold 2020-05-26 13:33 ` Ricardo Neri 2020-05-28 11:36 ` Andreas Rammhold 2020-05-20 1:08 ` andi 2020-05-23 2:21 ` andi 2020-05-20 0:17 ` H. Peter Anvin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).