Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

From: Stas Sergeev
Date: Fri Nov 11 2016 - 15:52:29 EST

Next message: Luiz Capitulino: "Re: task isolation discussion at Linux Plumbers"
Previous message: Bjorn Helgaas: "Re: [PATCH] PCI: move cfg space size (256/4096) macros to pci_regs.h"
In reply to: Ricardo Neri: "Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention"
Next in thread: Ricardo Neri: "Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

11.11.2016 07:14, Ricardo Neri ÐÐÑÐÑ:

10.11.2016 09:46, Ricardo Neri ÐÐÑÐÑ:

I took a closer look at the dosemu code. It appears that it does not
purposely utilize SGDT to obtain the descriptor table while in vm86. It
does use SGDT (in protected mode) to emulate certain functionality such
as the Virtual xxx Driver. In such a case, UMIP needs to be disabled.
However, this code seems to be disabled [1].

Indeed.
The code you've found, was copied from wine, because
dosemu supports windows-3.1. But sgdt is in win32s part
that is disabled in dosemu. It is however enabled in wine, or
at least it was when I ported the VxD code from there. So you
may want to ask wine devs if they still use sgdt and vm86.
In dosemu, if we ever enable win32s support, we won't rely
on sgdt. In fact, when some prot mode program under dosemu
uses GDT selectors, in a fault handler we replace them with
LDT selectors.

Actually, the SLDT instruction is also impacted by this feature. This

We do not support programs that do SLDT.
The "polite" programs use special DPMI API extension to get
the selector that covers LDT. That allows us to manage an "ldt
alias" - memory buffer where we emulate LDT by write-protecting it.
If we ever support SLDT, we would very much like to trap it
and provide the pointer to our alias. Some very old dos extenders
for 286 may start to work with such change, that are currently
unsupported.

feature, will cause a GP fault if the instructions SGDT, SLDT, SIDT,
SMSW or STR are executed with CPL > 0. Would this be a problem for
dosemu?

I am only a bit unsure about SMSW; the rest should be safe.
Maybe some odd prog would use SMSW to check for FPU?
Or to check for v86 mode by checking the PE bit?
I am sure this is very uncommon, and if we find such prog, we
can add an emulation of that instruction. I am pretty sure no one
would get sufficiently hurt, but there will likely be 1-2 bug reports
in our tracker, because if something is possible, then some DOS
prog did that. :)

The proposal now is to trap this GPU fault and give fake value
for these tables.

If this fake value will be cooked up by the kernel without delivering
the signal to dosemu process, then I don't see any problem at all.
Of course you can provide the sane value for smsw.
If that will go up to dosemu, then some coding may be needed
on the user-space side.

This is good news. This means that we could go ahead and give a fake
pointer to the GDT and the other impacted tables?

Definitely.
What these fake tables will look like, btw?
Will they somehow resemble the real ones?
Visible to user-space?

Next message: Luiz Capitulino: "Re: task isolation discussion at Linux Plumbers"
Previous message: Bjorn Helgaas: "Re: [PATCH] PCI: move cfg space size (256/4096) macros to pci_regs.h"
In reply to: Ricardo Neri: "Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention"
Next in thread: Ricardo Neri: "Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]