From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stas Sergeev Subject: Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention Date: Sat, 11 Mar 2017 00:37:19 +0300 Message-ID: References: <20170308003254.27833-1-ricardo.neri-calderon@linux.intel.com> <79ba0fff-4c01-2bfa-06cb-5cfc98dd710c@list.ru> <997ba581-ecfa-b773-a48e-85b92a439836@list.ru> <1489021909.131264.30.camel@ranerica-desktop> <7ea39103-c193-4d6d-572f-a1bdb27c3627@list.ru> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=list.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:Cc:References:To:Subject; bh=TTsIBqrVhfBsovJiTmbNm4KYHVMO8EhRIpyL9QAJ5Sk=; b=OGLJKQ9a48FHGmz0WA8u9iyB9AXKBwFba3uCyMc00Wld7Yp/P4rw53QCtisWDAEeoQaCZWesvqOvZZSMjeujcbf8GSJIXfspF9VVx5szXx0F8ZeEgDK0PKS9x1GYhNSyxsLHRAa1vfs1eNbAQe05ZJ1merFTyvTtmAECraC5JIs=; In-Reply-To: Sender: linux-msdos-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="utf-8"; format="flowed" To: Andy Lutomirski Cc: Andy Lutomirski , Ricardo Neri , Ingo Molnar , Thomas Gleixner , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andrew Morton , Brian Gerst , Chris Metcalf , Dave Hansen , Paolo Bonzini , Masami Hiramatsu , Huang Rui , Jiri Slaby , Jonathan Corbet , "Michael S. Tsirkin" , Paul Gortmaker , Vlastimil Babka , Chen Yucong , Alexandre 11.03.2017 00:04, Andy Lutomirski пишет: > On Fri, Mar 10, 2017 at 2:30 AM, Stas Sergeev wrote: >> 10.03.2017 05:41, Andy Lutomirski пишет: >> >>> On Wed, Mar 8, 2017 at 5:11 PM, Ricardo Neri >>> wrote: >>>> On Wed, 2017-03-08 at 19:53 +0300, Stas Sergeev wrote: >>>>> 08.03.2017 19:46, Andy Lutomirski пишет: >>>>>>> No no, since I meant prot mode, this is not what I need. >>>>>>> I would never need to disable UMIP as to allow the >>>>>>> prot mode apps to do SLDT. Instead it would be good >>>>>>> to have an ability to provide a replacement for the dummy >>>>>>> emulation that is currently being proposed for kernel. >>>>>>> All is needed for this, is just to deliver a SIGSEGV. >>>>>> That's what I meant. Turning off FIXUP_UMIP would leave UMIP on but >>>>>> turn off the fixup, so you'd get a SIGSEGV indicating #GP (or a vm86 >>>>>> GP exit). >>>>> But then I am confused with the word "compat" in >>>>> your "COMPAT_MASK0_X86_UMIP_FIXUP" and >>>>> "sys_adjust_compat_mask(int op, int word, u32 mask);" >>>>> >>>>> Leaving UMIP on and only disabling a fixup doesn't >>>>> sound like a compat option to me. I would expect >>>>> compat to disable it completely. >>>> I guess that the _UMIP_FIXUP part makes it clear that emulation, not >>>> UMIP is disabled, allowing the SIGSEGV be delivered to the user space >>>> program. >>>> >>>> Would having a COMPAT_MASK0_X86_UMIP_FIXUP to disable emulation and a >>>> COMPAT_MASK0_X86_UMIP to disable UMIP make sense? >>>> >>>> Also, wouldn't having a COMPAT_MASK0_X86_UMIP to disable UMIP defeat its >>>> purpose? Applications could simply use this compat mask to bypass UMIP >>>> and gain access to the instructions it protects. >>>> >>> I was obviously extremely unclear. The point of the proposed syscall >>> is to let programs opt out of legacy features. >> I guess both "compat" and "legacy" are misleading >> here. Maybe these are "x86-specific" or "hypervisor-specific", >> but a mere enabling of UMIP doesn't immediately make >> the use of SLDT instruction a legacy IMHO. > Sure it is. :) Using SLDT from user mode is a legacy ability that > just happens to still work on existing CPUs and kernels. Once UMIP > goes in, it will officially be obsolete Yes, but the names you suggest, imply that "UMIP_FIXUP" is legacy or compat, which I find misleading because it have just appeared. Maybe something like "COMPAT_X86_UMIP_INSNS_EMU"?