1. 08 Nov, 2017 13 commits
    • Ricardo Neri's avatar
      selftests/x86: Add tests for the STR and SLDT instructions · a9e017d5
      Ricardo Neri authored
      The STR and SLDT instructions are not valid when running on virtual-8086
      mode and generate an invalid operand exception. These two instructions are
      protected by the Intel User-Mode Instruction Prevention (UMIP) security
      feature. In protected mode, if UMIP is enabled, these instructions generate
      a general protection fault if called from CPL > 0. Linux traps the general
      protection fault and emulates the instructions sgdt, sidt and smsw; but not
      str and sldt.
      
      These tests are added to verify that the emulation code does not emulate
      these two instructions but the expected invalid operand exception is
      seen.
      
      Tests fallback to exit with INT3 in case emulation does happen.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-13-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a9e017d5
    • Ricardo Neri's avatar
      selftests/x86: Add tests for User-Mode Instruction Prevention · 9390afeb
      Ricardo Neri authored
      Certain user space programs that run on virtual-8086 mode may utilize
      instructions protected by the User-Mode Instruction Prevention (UMIP)
      security feature present in new Intel processors: SGDT, SIDT and SMSW. In
      such a case, a general protection fault is issued if UMIP is enabled. When
      such a fault happens, the kernel traps it and emulates the results of
      these instructions with dummy values. The purpose of this new
      test is to verify whether the impacted instructions can be executed
      without causing such #GP. If no #GP exceptions occur, we expect to exit
      virtual-8086 mode from INT3.
      
      The instructions protected by UMIP are executed in representative use
      cases:
      
       a) displacement-only memory addressing
       b) register-indirect memory addressing
       c) results stored directly in operands
      
      Unfortunately, it is not possible to check the results against a set of
      expected values because no emulation will occur in systems that do not
      have the UMIP feature. Instead, results are printed for verification. A
      simple verification is done to ensure that results of all tests are
      identical.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-12-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      9390afeb
    • Ricardo Neri's avatar
      x86/traps: Fix up general protection faults caused by UMIP · 6fc9dc81
      Ricardo Neri authored
      If the User-Mode Instruction Prevention CPU feature is available and
      enabled, a general protection fault will be issued if the instructions
      sgdt, sldt, sidt, str or smsw are executed from user-mode context
      (CPL > 0). If the fault was caused by any of the instructions protected
      by UMIP, fixup_umip_exception() will emulate dummy results for these
      instructions as follows: in virtual-8086 and protected modes, sgdt, sidt
      and smsw are emulated; str and sldt are not emulated. No emulation is done
      for user-space long mode processes.
      
      If emulation is successful, the emulated result is passed to the user space
      program and no SIGSEGV signal is emitted.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-11-git-send-email-ricardo.neri-calderon@linux.intel.com
      [ Added curly braces. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      6fc9dc81
    • Ricardo Neri's avatar
      x86/umip: Enable User-Mode Instruction Prevention at runtime · aa35f896
      Ricardo Neri authored
      User-Mode Instruction Prevention (UMIP) is enabled by setting/clearing a
      bit in %cr4.
      
      It makes sense to enable UMIP at some point while booting, before user
      spaces come up. Like SMAP and SMEP, is not critical to have it enabled
      very early during boot. This is because UMIP is relevant only when there is
      a user space to be protected from. Given these similarities, UMIP can be
      enabled along with SMAP and SMEP.
      
      At the moment, UMIP is disabled by default at build time. It can be enabled
      at build time by selecting CONFIG_X86_INTEL_UMIP. If enabled at build time,
      it can be disabled at run time by adding clearcpuid=514 to the kernel
      parameters.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-10-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      aa35f896
    • Ricardo Neri's avatar
      x86/umip: Force a page fault when unable to copy emulated result to user · c6a960bb
      Ricardo Neri authored
      fixup_umip_exception() will be called from do_general_protection(). If the
      former returns false, the latter will issue a SIGSEGV with SEND_SIG_PRIV.
      However, when emulation is successful but the emulated result cannot be
      copied to user space memory, it is more accurate to issue a SIGSEGV with
      SEGV_MAPERR with the offending address. A new function, inspired in
      force_sig_info_fault(), is introduced to model the page fault.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-9-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      c6a960bb
    • Ricardo Neri's avatar
      x86/umip: Add emulation code for UMIP instructions · 1e5db223
      Ricardo Neri authored
      The feature User-Mode Instruction Prevention present in recent Intel
      processor prevents a group of instructions (sgdt, sidt, sldt, smsw, and
      str) from being executed with CPL > 0. Otherwise, a general protection
      fault is issued.
      
      Rather than relaying to the user space the general protection fault caused
      by the UMIP-protected instructions (in the form of a SIGSEGV signal), it
      can be trapped and the instruction emulated to provide a dummy result.
      This allows to both conserve the current kernel behavior and not reveal the
      system resources that UMIP intends to protect (i.e., the locations of the
      global descriptor and interrupt descriptor tables, the segment selectors of
      the local descriptor table, the value of the task state register and the
      contents of the CR0 register).
      
      This emulation is needed because certain applications (e.g., WineHQ and
      DOSEMU2) rely on this subset of instructions to function. Given that sldt
      and str are not commonly used in programs that run on WineHQ or DOSEMU2,
      they are not emulated. Also, emulation is provided only for 32-bit
      processes; 64-bit processes that attempt to use the instructions that UMIP
      protects will receive the SIGSEGV signal issued as a consequence of the
      general protection fault.
      
      The instructions protected by UMIP can be split in two groups. Those which
      return a kernel memory address (sgdt and sidt) and those which return a
      value (smsw, sldt and str; the last two not emulated).
      
      For the instructions that return a kernel memory address, applications such
      as WineHQ rely on the result being located in the kernel memory space, not
      the actual location of the table. The result is emulated as a hard-coded
      value that lies close to the top of the kernel memory. The limit for the
      GDT and the IDT are set to zero.
      
      The instruction smsw is emulated to return the value that the register CR0
      has at boot time as set in the head_32.
      
      Care is taken to appropriately emulate the results when segmentation is
      used. That is, rather than relying on USER_DS and USER_CS, the function
      insn_get_addr_ref() inspects the segment descriptor pointed by the
      registers in pt_regs. This ensures that we correctly obtain the segment
      base address and the address and operand sizes even if the user space
      application uses a local descriptor table.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-8-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1e5db223
    • Ricardo Neri's avatar
      x86/cpufeature: Add User-Mode Instruction Prevention definitions · 3522c2a6
      Ricardo Neri authored
      User-Mode Instruction Prevention is a security feature present in new
      Intel processors that, when set, prevents the execution of a subset of
      instructions if such instructions are executed in user mode (CPL > 0).
      Attempting to execute such instructions causes a general protection
      exception.
      
      The subset of instructions comprises:
      
       * SGDT - Store Global Descriptor Table
       * SIDT - Store Interrupt Descriptor Table
       * SLDT - Store Local Descriptor Table
       * SMSW - Store Machine Status Word
       * STR  - Store Task Register
      
      This feature is also added to the list of disabled-features to allow
      a cleaner handling of build-time configuration.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-7-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      3522c2a6
    • Ricardo Neri's avatar
      x86/insn-eval: Add support to resolve 16-bit address encodings · 9c6c799f
      Ricardo Neri authored
      Tasks running in virtual-8086 mode, in protected mode with code segment
      descriptors that specify 16-bit default address sizes via the D bit, or via
      an address override prefix will use 16-bit addressing form encodings as
      described in the Intel 64 and IA-32 Architecture Software Developer's
      Manual Volume 2A Section 2.1.5, Table 2-1.
      
      16-bit addressing encodings differ in several ways from the 32-bit/64-bit
      addressing form encodings: ModRM.rm points to different registers and, in
      some cases, effective addresses are indicated by the addition of the value
      of two registers. Also, there is no support for SIB bytes. Thus, a
      separate function is needed to parse this form of addressing.
      
      Three functions are introduced. get_reg_offset_16() obtains the
      offset from the base of pt_regs of the registers indicated by the ModRM
      byte of the address encoding. get_eff_addr_modrm_16() computes the
      effective address from the value of the register operands.
      get_addr_ref_16() computes the linear address using the obtained effective
      address and the base address of the segment.
      
      Segment limits are enforced when running in protected mode.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiaowei Ren <qiaowei.ren@intel.com>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Garnier <thgarnie@google.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-6-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      9c6c799f
    • Ricardo Neri's avatar
      x86/insn-eval: Handle 32-bit address encodings in virtual-8086 mode · 86cc3510
      Ricardo Neri authored
      It is possible to utilize 32-bit address encodings in virtual-8086 mode via
      an address override instruction prefix. However, the range of the
      effective address is still limited to [0x-0xffff]. In such a case, return
      error.
      
      Also, linear addresses in virtual-8086 mode are limited to 20 bits. Enforce
      such limit by truncating the most significant bytes of the computed linear
      address.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiaowei Ren <qiaowei.ren@intel.com>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Garnier <thgarnie@google.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-5-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      86cc3510
    • Ricardo Neri's avatar
      x86/insn-eval: Add wrapper function for 32 and 64-bit addresses · cd9b594a
      Ricardo Neri authored
      The function insn_get_addr_ref() is capable of handling only 64-bit
      addresses. A previous commit introduced a function to handle 32-bit
      addresses. Invoke these two functions from a third wrapper function that
      calls the appropriate routine based on the address size specified in the
      instruction structure (obtained by looking at the code segment default
      address size and the address override prefix, if present).
      
      While doing this, rename the original function insn_get_addr_ref() with
      the more appropriate name get_addr_ref_64(), ensure it is only used
      for 64-bit addresses.
      
      Also, since 64-bit addresses are not possible in 32-bit builds, provide
      a dummy function such case.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiaowei Ren <qiaowei.ren@intel.com>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Garnier <thgarnie@google.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-4-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      cd9b594a
    • Ricardo Neri's avatar
      x86/insn-eval: Add support to resolve 32-bit address encodings · 7a6daf79
      Ricardo Neri authored
      32-bit and 64-bit address encodings are identical. Thus, the same logic
      could be used to resolve the effective address. However, there are two key
      differences: address size and enforcement of segment limits.
      
      If running a 32-bit process on a 64-bit kernel, it is best to perform
      the address calculation using 32-bit data types. In this manner hardware
      is used for the arithmetic, including handling of signs and overflows.
      
      32-bit addresses are generally used in protected mode; segment limits are
      enforced in this mode. This implementation obtains the limit of the
      segment associated with the instruction operands and prefixes. If the
      computed address is outside the segment limits, an error is returned. It
      is also possible to use 32-bit address in long mode and virtual-8086 mode
      by using an address override prefix. In such cases, segment limits are not
      enforced.
      
      Support to use 32-bit arithmetic is added to the utility functions that
      compute effective addresses. However, the end result is stored in a
      variable of type long (which has a width of 8 bytes in 64-bit builds).
      Hence, once a 32-bit effective address is computed, the 4 most significant
      bytes are masked out to avoid sign extension.
      
      The newly added function get_addr_ref_32() is almost identical to the
      existing function insn_get_addr_ref() (used for 64-bit addresses). The only
      difference is that it verifies that the effective address is within the
      limits of the segment.
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiaowei Ren <qiaowei.ren@intel.com>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Garnier <thgarnie@google.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-3-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      7a6daf79
    • Ricardo Neri's avatar
      x86/insn-eval: Compute linear address in several utility functions · 70e57c0f
      Ricardo Neri authored
      Computing a linear address involves several steps. The first step is to
      compute the effective address. This requires determining the addressing
      mode in use and perform arithmetic operations on the operands. Plus, each
      addressing mode has special cases that must be handled.
      
      Once the effective address is known, the base address of the applicable
      segment is added to obtain the linear address.
      
      Clearly, this is too much work for a single function. Instead, handle each
      addressing mode in a separate utility function. This improves readability
      and gives us the opportunity to handler errors better.
      
      At the moment, arithmetic to compute the effective address uses 64-byte
      variables. Thus, limit support to 64-bit addresses.
      
      While reworking the function insn_get_addr_ref(), the variable addr_offset
      is renamed as regoff to reflect its actual use (i.e., offset, from the
      base of pt_regs, of the register used as operand).
      Suggested-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarRicardo Neri <ricardo.neri-calderon@linux.intel.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Huang Rui <ray.huang@amd.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiaowei Ren <qiaowei.ren@intel.com>
      Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Garnier <thgarnie@google.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: ricardo.neri@intel.com
      Link: http://lkml.kernel.org/r/1509935277-22138-2-git-send-email-ricardo.neri-calderon@linux.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      70e57c0f
    • Ingo Molnar's avatar
      Merge branch 'x86/mpx' into x86/asm, to pick up dependent commits · 93c08089
      Ingo Molnar authored
      The UMIP series is based on top of changes already queued up in the x86/mpx branch,
      so merge it.
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      93c08089
  2. 07 Nov, 2017 27 commits