Re: [PATCH 2/4] kvm: svm: Enable UMIP feature on AMD
From: Andy Lutomirski
Date: Fri Nov 01 2019 - 15:09:25 EST
On Fri, Nov 1, 2019 at 11:38 AM Moger, Babu <Babu.Moger@xxxxxxx> wrote:
>
>
>
> On 11/1/19 1:24 PM, Andy Lutomirski wrote:
> > On Fri, Nov 1, 2019 at 10:33 AM Moger, Babu <Babu.Moger@xxxxxxx> wrote:
> >>
> >> AMD 2nd generation EPYC processors support UMIP (User-Mode Instruction
> >> Prevention) feature. The UMIP feature prevents the execution of certain
> >> instructions if the Current Privilege Level (CPL) is greater than 0.
> >> If any of these instructions are executed with CPL > 0 and UMIP
> >> is enabled, then kernel reports a #GP exception.
> >>
> >> The idea is taken from articles:
> >> https://lwn.net/Articles/738209/
> >> https://lwn.net/Articles/694385/
> >>
> >> Enable the feature if supported on bare metal and emulate instructions
> >> to return dummy values for certain cases.
> >
> > What are these cases?
>
> It is mentioned in the article https://lwn.net/Articles/738209/
>
> === How does it impact applications?
>
> When enabled, however, UMIP will change the behavior that certain
> applications expect from the operating system. For instance, programs
> running on WineHQ and DOSEMU2 rely on some of these instructions to
> function. Stas Sergeev found that Microsoft Windows 3.1 and dos4gw use the
> instruction SMSW when running in virtual-8086 mode [4]. SGDT and SIDT can
> also be used on virtual-8086 mode.
>
What does that have to do with your series? Your series is about
enabling UMIP (or emulating UMIP -- your descriptions are quite
unclear) on AMD hardware, and the hypervisor should *not* be emulating
instructions to return dummy values. The *guest kernel* already knows
how to emulate userspace instructions as needed.
--Andy