[RESEND PATCH v2 3/4] x86/umip: Identify the str and sldt instructions

From: Ricardo Neri
Date: Tue Nov 14 2017 - 01:31:41 EST

Next message: Ricardo Neri: "[RESEND PATCH v2 2/4] x86/umip: Inform that UMIP has been enabled"
Previous message: Ricardo Neri: "[RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
In reply to: Ingo Molnar: "Re: [RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Next in thread: Ingo Molnar: "Re: [RESEND PATCH v2 3/4] x86/umip: Identify the str and sldt instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The instructions STR and SLDT are not emulated in any case. Thus, it made
sense to not implement functionality to identify them. However, a
subsequent commit will introduce functionality to warn about the use of
all the instructions that UMIP protect, not only those that are emulated.
A first step for that is the ability to identify them.

Plus, now that STR and SLDT are identified, we need to explicitly avoid
their emulation (i.e., not rely on unsuccessful identification). Group
togehter all the cases that we do not want to emulate: STR, SLDT and user
long mode processes.

Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: H. Peter Anvin <hpa@xxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Ravi V. Shankar <ravi.v.shankar@xxxxxxxxx>
Cc: x86@xxxxxxxxxx
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>
---
This patch also corrects the #define of SMSW. This change does not have a
functional impact as it is only used as an identifier.
---
arch/x86/kernel/umip.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
index 6ba82be..2e09b5b 100644
--- a/arch/x86/kernel/umip.c
+++ b/arch/x86/kernel/umip.c
@@ -78,7 +78,9 @@

#define UMIP_INST_SGDT 0 /* 0F 01 /0 */
#define UMIP_INST_SIDT 1 /* 0F 01 /1 */
-#define UMIP_INST_SMSW 3 /* 0F 01 /4 */
+#define UMIP_INST_SMSW 2 /* 0F 01 /4 */
+#define UMIP_INST_SLDT 3 /* 0F 00 /0 */
+#define UMIP_INST_STR 4 /* 0F 00 /1 */

/**
* identify_insn() - Identify a UMIP-protected instruction
@@ -118,10 +120,16 @@ static int identify_insn(struct insn *insn)
default:
return -EINVAL;
}
+ } else if (insn->opcode.bytes[1] == 0x0) {
+ if (X86_MODRM_REG(insn->modrm.value) == 0)
+ return UMIP_INST_SLDT;
+ else if (X86_MODRM_REG(insn->modrm.value) == 1)
+ return UMIP_INST_STR;
+ else
+ return -EINVAL;
+ } else {
+ return -EINVAL;
}
-
- /* SLDT AND STR are not emulated */
- return -EINVAL;
}

/**
@@ -267,10 +275,6 @@ bool fixup_umip_exception(struct pt_regs *regs)
if (!regs)
return false;

- /* Do not emulate 64-bit processes. */
- if (user_64bit_mode(regs))
- return false;
-
/*
* If not in user-space long mode, a custom code segment could be in
* use. This is true in protected mode (if the process defined a local
@@ -322,6 +326,11 @@ bool fixup_umip_exception(struct pt_regs *regs)
if (umip_inst < 0)
return false;

+ /* Do not emulate SLDT, STR or user long mode processes. */
+ if (umip_inst == UMIP_INST_STR || umip_inst == UMIP_INST_SLDT ||
+ user_64bit_mode(regs))
+ return false;
+
if (emulate_umip_insn(&insn, umip_inst, dummy_data, &dummy_data_size))
return false;

--
2.7.4

Next message: Ricardo Neri: "[RESEND PATCH v2 2/4] x86/umip: Inform that UMIP has been enabled"
Previous message: Ricardo Neri: "[RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
In reply to: Ingo Molnar: "Re: [RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Next in thread: Ingo Molnar: "Re: [RESEND PATCH v2 3/4] x86/umip: Identify the str and sldt instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]