Re: [PATCH v7 16/26] x86/insn-eval: Support both signed 32-bit and 64-bit effective addresses

On Thu, 2017-07-27 at 15:26 +0200, Borislav Petkov wrote: > On Tue, Jul 25, 2017 at 04:48:13PM -0700, Ricardo Neri wrote: > > I meant to say the 4 most significant bytes. In this case, the > > 64-address 0x1234 would lie in the kernel memory while > > 0xfff

Re: [PATCH v7 24/26] x86: Enable User-Mode Instruction Prevention

On Fri, 2017-06-09 at 18:10 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:22AM -0700, Ricardo Neri wrote: > > User_mode Instruction Prevention (UMIP) is enabled by setting/clearing a > > bit in %cr4. > > > > It makes sense to enable UMIP at some point

Re: [PATCH v7 23/26] x86/traps: Fixup general protection faults caused by UMIP

I am sorry Boris, I also missed this feedback. On Fri, 2017-06-09 at 15:02 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:21AM -0700, Ricardo Neri wrote: > > If the User-Mode Instruction Prevention CPU feature is available and > > enabled, a general protection fault

Re: [PATCH v7 22/26] x86/umip: Force a page fault when unable to copy emulated result to user

On Fri, 2017-06-09 at 13:02 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:20AM -0700, Ricardo Neri wrote: > > fixup_umip_exception() will be called from do_general_p

Re: [PATCH v7 16/26] x86/insn-eval: Support both signed 32-bit and 64-bit effective addresses

I am sorry Boris, while working on this series I missed a few of your feedback comments. On Wed, 2017-06-07 at 17:48 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:14AM -0700, Ricardo Neri wrote: > > The 32-bit and 64-bit address encodings are identical. This means that w

Re: [PATCH v7 07/26] x86/insn-eval: Do not BUG on invalid register type

Hi Stas, On Wed, 2017-06-07 at 21:54 +0300, Stas Sergeev wrote: > Hi Ricardo, would you mind unsubscribing > linux-msdos@ from all your future mails on > this subject? Otherwise I am afraid there > would be no subscribers left when you are > finally done. :) Sure! I will drop linux-msdos in the

Re: [PATCH v7 21/26] x86: Add emulation code for UMIP instructions

On Thu, 2017-06-08 at 20:38 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:19AM -0700, Ricardo Neri wrote: > > The feature User-Mode Instruction Prevention present in recent Intel > > processor prevents a group of instructions from being executed with > &g

Re: [PATCH v7 18/26] x86/insn-eval: Add support to resolve 16-bit addressing encodings

On Wed, 2017-06-07 at 18:28 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:16AM -0700, Ricardo Neri wrote: > > Tasks running in virtual-8086 mode or in protected mode with code > > segment descriptors that specify 16-bit default address sizes via the > >

Re: [PATCH v7 16/26] x86/insn-eval: Support both signed 32-bit and 64-bit effective addresses

On Wed, 2017-06-07 at 17:49 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:14AM -0700, Ricardo Neri wrote: > > @@ -697,18 +753,21 @@ void __user *insn_get_addr_ref(struct insn *insn, > > struct pt_regs *regs) > > { > > unsigned long linear_add

Re: [PATCH v7 14/26] x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 5

On Wed, 2017-06-07 at 15:15 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:12AM -0700, Ricardo Neri wrote: > > Section 2.2.1.3 of the Intel 64 and IA-32 Architectures Software > > Developer's Manual volume 2A states that when ModRM.mod is zero and > > ModRM

Re: [PATCH v7 13/26] x86/insn-eval: Add function to get default params of code segment

On Wed, 2017-06-07 at 14:59 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:11AM -0700, Ricardo Neri wrote: > > This function returns the default values of the address and operand sizes > > as specified in the segment descriptor. This information is determined >

Re: [PATCH v7 10/26] x86/insn-eval: Add utility functions to get segment selector

On Thu, 2017-06-15 at 11:37 -0700, Ricardo Neri wrote: > > Yuck, didn't we talk about this already? > > I am sorry Borislav. I thought you agreed that I could use the values > of > the segment override prefixes to identify the segment registers [1]. This time with the ref

Re: [PATCH v7 10/26] x86/insn-eval: Add utility functions to get segment selector

On Tue, 2017-05-30 at 12:35 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:08AM -0700, Ricardo Neri wrote: > > When computing a linear address and segmentation is used, we need to know > > the base address of the segment involved in the computation. In most o

Re: [PATCH v7 07/26] x86/insn-eval: Do not BUG on invalid register type

On Tue, 2017-06-06 at 13:58 +0200, Borislav Petkov wrote: > On Mon, Jun 05, 2017 at 11:06:58PM -0700, Ricardo Neri wrote: > > I agree that insn-eval reads somewhat funny. I did not want to go with > > insn-dec.c as insn.c, in my opinion, already decodes the instruction > > (i.

Re: [PATCH v7 05/26] x86/mpx: Do not use SIB.base if its value is 101b and ModRM.mod = 0

On Mon, 2017-05-29 at 15:07 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:03AM -0700, Ricardo Neri wrote: > > Section 2.2.1.2 of the Intel 64 and IA-32 Architectures Software > > Developer's Manual volume 2A states that when a SIB byte is used and the > >

Re: [PATCH v7 07/26] x86/insn-eval: Do not BUG on invalid register type

On Mon, 2017-05-29 at 18:37 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:05AM -0700, Ricardo Neri wrote: > > We are not in a critical failure path. The invalid register type is caused > > when trying to decode invalid instruction bytes from a user-space program. &

Re: [PATCH v7 08/26] x86/insn-eval: Add a utility function to get register offsets

On Mon, 2017-05-29 at 19:16 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:06AM -0700, Ricardo Neri wrote: > > The function get_reg_offset() returns the offset to the register the > > argument specifies as indicated in an enumeration of type offset. Callers >

Re: [PATCH v7 09/26] x86/insn-eval: Add utility function to identify string instructions

On Mon, 2017-05-29 at 23:48 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:07AM -0700, Ricardo Neri wrote: > > String instructions are special because in protected mode, the linear > > address is always obtained via the ES segment register in operands that > > u

Re: [PATCH v7 12/26] x86/insn-eval: Add utility functions to get segment descriptor base address and limit

On Wed, 2017-05-31 at 18:58 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:10AM -0700, Ricardo Neri wrote: > > With segmentation, the base address of the segment descriptor is needed > > to compute a linear address. The segment descriptor used in the address > >

Re: [PATCH v7 02/26] x86/mm: Relocate page fault error codes to traps.h

On Sat, 2017-05-27 at 12:13 +0200, Borislav Petkov wrote: > On Fri, May 26, 2017 at 08:40:26PM -0700, Ricardo Neri wrote: > > This change was initially intended to only rename the error codes, > > without functional changes. Would making change be considered a > change &g

Re: [PATCH v7 04/26] x86/mpx: Do not use SIB.index if its value is 100b and ModRM.mod is not 11b

On Wed, 2017-05-24 at 15:37 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:02AM -0700, Ricardo Neri wrote: > > Section 2.2.1.2 of the Intel 64 and IA-32 Architectures Software > > Developer's Manual volume 2A states that when ModRM.mod !=11b and > > ModRM.rm =

Re: [PATCH v7 02/26] x86/mm: Relocate page fault error codes to traps.h

On Sun, 2017-05-21 at 16:23 +0200, Borislav Petkov wrote: > On Fri, May 05, 2017 at 11:17:00AM -0700, Ricardo Neri wrote: > > Up to this point, only fault.c used the definitions of the page fault error > > codes. Thus, it made sense to keep them within such file. Other portions of

Re: [PATCH v7 00/26] x86: Enable User-Mode Instruction Prevention

Hi Ingo, Thomas, On Fri, 2017-05-05 at 11:16 -0700, Ricardo Neri wrote: > This is v7 of this series. The six previous submissions can be found > here [1], here [2], here[3], here[4], here[5] and here[6]. This > version > addresses the comments received in v6 plus improvements of th

Re: [v6 PATCH 07/21] x86/insn-eval: Add utility function to get segment descriptor

On Thu, 2017-05-04 at 13:02 +0200, Borislav Petkov wrote: > On Wed, Apr 26, 2017 at 02:51:56PM -0700, Ricardo Neri wrote: > > > > +seg >= > > > > current->active_mm->context.ldt->size)) { > > > > > > ldt->siz

Re: [v6 PATCH 08/21] x86/insn-eval: Add utility function to get segment descriptor base address

On Fri, 2017-05-05 at 19:19 +0200, Borislav Petkov wrote: > On Wed, Apr 26, 2017 at 03:37:44PM -0700, Ricardo Neri wrote: > > I need a human-readable way of identifying what segment selector (in > > pt_regs, vm86regs or directly reading the segment registers) to use. > > Sin

Re: [v6 PATCH 08/21] x86/insn-eval: Add utility function to get segment descriptor base address

On Fri, 2017-05-05 at 19:28 +0200, Borislav Petkov wrote: > On Wed, Apr 26, 2017 at 03:52:41PM -0700, Ricardo Neri wrote: > > Probably insn_get_seg_base() itself can verify if there are segment > > override prefixes in the struct insn. If yes, use them except for > > spec

Re: [v6 PATCH 10/21] x86/insn-eval: Do not use R/EBP as base if mod in ModRM is zero

On Sun, 2017-05-07 at 19:20 +0200, Borislav Petkov wrote: > On Wed, Apr 26, 2017 at 06:29:59PM -0700, Ricardo Neri wrote: > > > if (X86_MODRM_MOD(insn->modrm.value) == 0 && > > > X86_MODRM_RM(insn->modrm.value) == 5) > > > > > >

Re: [v6 PATCH 12/21] x86/insn: Support both signed 32-bit and 64-bit effective addresses

On Mon, 2017-05-08 at 13:42 +0200, Borislav Petkov wrote: > On Wed, Apr 26, 2017 at 08:33:46PM -0700, Ricardo Neri wrote: > > This is the reason I check the value of long_bytes. If long_bytes is not > > 4, being the only other possible value 8 (perhaps I need to issue an > >

Re: [PATCH v7 20/26] x86/cpufeature: Add User-Mode Instruction Prevention definitions

On Sat, 2017-05-06 at 11:04 +0200, Paolo Bonzini wrote: > > > On 05/05/2017 20:17, Ricardo Neri wrote: > > User-Mode Instruction Prevention is a security feature present in > new > > Intel processors that, when set, prevents the execution of a subset > of > >

[PATCH v7 02/26] x86/mm: Relocate page fault error codes to traps.h

e...@linux.intel.com> Cc: Josh Poimboeuf <jpoim...@redhat.com> Cc: Dave Hansen <dave.han...@linux.intel.com> Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: x...@kernel.org Reviewed-by: Andy Lutomirski <l...@kernel.org> Signed-off-by: Ricardo Neri <ricardo.neri-calde..

[PATCH v7 03/26] x86/mpx: Use signed variables to compute effective addresses

t;liverl...@gmail.com> Cc: Adan Hawthorn <adanhawth...@gmail.com> Cc: Joe Perches <j...@perches.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/mm/mpx.c | 15 +---

[PATCH v7 05/26] x86/mpx: Do not use SIB.base if its value is 101b and ModRM.mod = 0

g> Cc: Nathan Howard <liverl...@gmail.com> Cc: Adan Hawthorn <adanhawth...@gmail.com> Cc: Joe Perches <j...@perches.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/

[PATCH v7 08/26] x86/insn-eval: Add a utility function to get register offsets

adrian.hun...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan.

[PATCH v7 19/26] x86/insn-eval: Add wrapper function for 16-bit and 32-bit address encodings

.@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 48 +++- 1 file chang

[PATCH v7 18/26] x86/insn-eval: Add support to resolve 16-bit addressing encodings

<pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 155

[PATCH v7 21/26] x86: Add emulation code for UMIP instructions

;tony.l...@intel.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Signed-off-by: Ricardo Neri <ricardo.n

[PATCH v7 22/26] x86/umip: Force a page fault when unable to copy emulated result to user

> Cc: Vlastimil Babka <vba...@suse.cz> Cc: Tony Luck <tony.l...@intel.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kerne

[PATCH v7 20/26] x86/cpufeature: Add User-Mode Instruction Prevention definitions

.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.

[PATCH v7 04/26] x86/mpx: Do not use SIB.index if its value is 100b and ModRM.mod is not 11b

: Peter Zijlstra <pet...@infradead.org> Cc: Nathan Howard <liverl...@gmail.com> Cc: Adan Hawthorn <adanhawth...@gmail.com> Cc: Joe Perches <j...@perches.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde..

[PATCH v7 23/26] x86/traps: Fixup general protection faults caused by UMIP

; Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Reviewed-by: Andy Lutomirski <l...@kernel.org> Signed-off-by: Ricardo Neri <ricardo.neri-calde...@l

[PATCH v7 09/26] x86/insn-eval: Add utility function to identify string instructions

adrian.hun...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc

[PATCH v7 07/26] x86/insn-eval: Do not BUG on invalid register type

<pet...@infradead.org> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 6 +++--- 1 file changed, 3 insertions(+), 3 delet

[PATCH v7 15/26] x86/insn-eval: Incorporate segment base and limit in linear address computation

Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff

[PATCH v7 11/26] x86/insn-eval: Add utility function to get segment descriptor

v <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 55 1

[PATCH v7 16/26] x86/insn-eval: Support both signed 32-bit and 64-bit effective addresses

Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed

[PATCH v7 13/26] x86/insn-eval: Add function to get default params of code segment

gt; Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde

[PATCH v7 12/26] x86/insn-eval: Add utility functions to get segment descriptor base address and limit

rislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/include/asm/insn-eval.h | 2 + arch/x86/lib/insn-eva

[PATCH v7 10/26] x86/insn-eval: Add utility functions to get segment selector

tel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kern

[PATCH v7 14/26] x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 5

r...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com>

[PATCH v7 24/26] x86: Enable User-Mode Instruction Prevention

Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/Kconfig | 10 ++ arch/x86/kernel/cpu/common.c | 16 +++-

[PATCH v7 26/26] selftests/x86: Add tests for instruction str and sldt

; Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: Shuah Khan <sh...@kernel.org> Cc: Vlastimil Babka <vba...@suse.cz> Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.co

[PATCH v7 25/26] selftests/x86: Add tests for User-Mode Instruction Prevention

: Jiri Slaby <jsl...@suse.cz> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Michael S. Tsirkin <m...@redhat.com> Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: Shuah Khan <sh.

[PATCH v7 17/26] x86/insn-eval: Handle 32-bit address encodings in virtual-8086 mode

..@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 10 ++ 1

[PATCH v7 00/26] x86: Enable User-Mode Instruction Prevention

from MPX to decode instructions operands. For this purpose code was put in a common location. * Fixed two bugs in MPX code that decodes operands. Ricardo Neri (26): ptrace,x86: Make user_64bit_mode() available to 32-bit builds x86/mm: Relocate page fault error codes to traps.h x86/mpx: U

Re: [v6 PATCH 03/21] x86/mpx: Do not use R/EBP as base in the SIB byte with Mod = 0

On Wed, 2017-04-26 at 10:05 +0200, Borislav Petkov wrote: > On Tue, Apr 25, 2017 at 07:04:20PM -0700, Ricardo Neri wrote: > > For the specific case of ModRM.mod being 0, I feel I need to clarify > > that REX.B is not decoded and if SIB.base is %r13 the base is also 0. > > W

Re: [v6 PATCH 12/21] x86/insn: Support both signed 32-bit and 64-bit effective addresses

On Tue, 2017-04-25 at 15:51 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:45PM -0800, Ricardo Neri wrote: > > The 32-bit and 64-bit address encodings are identical. This means that we > > can use the same function in both cases. In order to reuse the function for >

Re: [v6 PATCH 11/21] insn/eval: Incorporate segment base in address computation

On Fri, 2017-04-21 at 16:55 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:44PM -0800, Ricardo Neri wrote: > > insn_get_addr_ref returns the effective address as defined by the > > Please end function names with parentheses. Will do. > > > section 3.7.5

Re: [v6 PATCH 10/21] x86/insn-eval: Do not use R/EBP as base if mod in ModRM is zero

On Fri, 2017-04-21 at 12:52 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:43PM -0800, Ricardo Neri wrote: > > Section 2.2.1.3 of the Intel 64 and IA-32 Architectures Software > > Developer's Manual volume 2A states that when the mod part of the ModRM > > b

Re: [v6 PATCH 09/21] x86/insn-eval: Add functions to get default operand and address sizes

On Thu, 2017-04-20 at 15:06 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:42PM -0800, Ricardo Neri wrote: > > These functions read the default values of the address and operand sizes > > as specified in the segment descriptor. This information is determined >

Re: [v6 PATCH 08/21] x86/insn-eval: Add utility function to get segment descriptor base address

On Thu, 2017-04-20 at 10:25 +0200, Borislav Petkov wrote: > > + * insn_get_seg_base() - Obtain base address contained in > descriptor > > + * @regs:Set of registers containing the segment selector > > + * @insn:Instruction structure with selector override prefixes > > + * @regoff: Operand

Re: [v6 PATCH 08/21] x86/insn-eval: Add utility function to get segment descriptor base address

On Thu, 2017-04-20 at 10:25 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:41PM -0800, Ricardo Neri wrote: > > With segmentation, the base address of the segment descriptor is needed > > to compute a linear address. The segment descriptor used in the address > >

Re: [v6 PATCH 07/21] x86/insn-eval: Add utility function to get segment descriptor

On Wed, 2017-04-19 at 12:26 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:40PM -0800, Ricardo Neri wrote: > > The segment descriptor contains information that is relevant to how linear > > address need to be computed. It contains the default size of addres

Re: [v6 PATCH 06/21] x86/insn-eval: Add utility functions to get segment selector

On Wed, 2017-04-26 at 13:44 -0700, Ricardo Neri wrote: > > > > > +*/ > > > + for (i = 0; i < insn->prefixes.nbytes; i++) { > > > + switch (insn->prefixes.bytes[i]) { > > > + case SEG_CS: > > > +

Re: [v6 PATCH 06/21] x86/insn-eval: Add utility functions to get segment selector

On Tue, 2017-04-18 at 11:42 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:39PM -0800, Ricardo Neri wrote: > > When computing a linear address and segmentation is used, we need to know > > the base address of the segment involved in the computation. In most o

Re: [v6 PATCH 05/21] x86/insn-eval: Add utility functions to get register offsets

On Wed, 2017-04-12 at 18:28 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:38PM -0800, Ricardo Neri wrote: > > The function insn_get_reg_offset takes as argument an enumeration that > > Please end function names with parentheses. Will do! > > And do yo

Re: [v6 PATCH 04/21] x86/mpx, x86/insn: Relocate insn util functions to a new insn-kernel

On Wed, 2017-04-12 at 12:03 +0200, Borislav Petkov wrote: > > + * If mod is 0 and register R/EBP (regno=5) is > indicated in the > > + * base part of the SIB byte, the value of such > register should > > + * not be used in the address computation. Also, a >

Re: [v6 PATCH 03/21] x86/mpx: Do not use R/EBP as base in the SIB byte with Mod = 0

On Wed, 2017-04-12 at 00:08 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:36PM -0800, Ricardo Neri wrote: > > Section 2.2.1.2 of the Intel 64 and IA-32 Architectures Software > > Developer's Manual volume 2A states that when a SIB byte is used and the > >

Re: [v6 PATCH 01/21] x86/mpx: Use signed variables to compute effective addresses

On Tue, 2017-04-11 at 23:56 +0200, Borislav Petkov wrote: > On Tue, Mar 07, 2017 at 04:32:34PM -0800, Ricardo Neri wrote: > > Even though memory addresses are unsigned. The operands used to compute the > > ... unsigned, the operands ... Oops!

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Fri, 2017-03-31 at 16:11 +0200, Alexandre Julliard wrote: > Ricardo Neri <ricardo.neri-calde...@linux.intel.com> writes: > > > On Thu, 2017-03-30 at 13:10 +0300, Stas Sergeev wrote: > >> 30.03.2017 08:14, Ricardo Neri пишет: > >> >>>> But at leas

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Thu, 2017-03-30 at 13:10 +0300, Stas Sergeev wrote: > 30.03.2017 08:14, Ricardo Neri пишет: > >>>> But at least dosemu implements it, so probably it is needed. > >>> Right. > >>> > >>>> Of course if it is used by one of 100 DOS prog

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Wed, 2017-03-29 at 23:55 +0300, Stas Sergeev wrote: > 29.03.2017 07:38, Ricardo Neri пишет: > >> Probably you could also remove > >> the sldt and str emulation for protected mode, because, > >> as I understand from this thread, wine does not > >> need th

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Tue, 2017-03-28 at 12:38 +0300, Stas Sergeev wrote: > 28.03.2017 02:46, Ricardo Neri пишет: > > On Tue, 2017-03-14 at 00:25 +0300, Stas Sergeev wrote: > >> 11.03.2017 02:59, Ricardo Neri пишет: > >>> On Fri, 2017-03-10 at 14:33 +0300, Stas Sergeev wrote: >

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Tue, 2017-03-14 at 00:25 +0300, Stas Sergeev wrote: > 11.03.2017 02:59, Ricardo Neri пишет: > > On Fri, 2017-03-10 at 14:33 +0300, Stas Sergeev wrote: > > > >> Why would you need one? > >> Or do you really want to allow these instructions > >&g

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Fri, 2017-03-10 at 06:17 -0800, Andy Lutomirski wrote: > On Fri, Mar 10, 2017 at 3:33 AM, Stas Sergeev <s...@list.ru> wrote: > > 10.03.2017 05:39, Andy Lutomirski пишет: > > > >> On Thu, Mar 9, 2017 at 2:10 PM, Stas Sergeev <s...@list.ru> wrote: > >>

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Sat, 2017-03-11 at 02:58 +0300, Stas Sergeev wrote: > 11.03.2017 02:47, Ricardo Neri пишет: > >> > >>>> It doesn't need to be a matter of this particular > >>>> patch set, i.e. this proposal should not trigger a > >>>> v7 resend of all 21

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Fri, 2017-03-10 at 14:33 +0300, Stas Sergeev wrote: > 10.03.2017 05:39, Andy Lutomirski пишет: > > On Thu, Mar 9, 2017 at 2:10 PM, Stas Sergeev <s...@list.ru> wrote: > >> 09.03.2017 04:15, Ricardo Neri пишет: > >> > >>> On Wed, 2017-03-08 at 08:4

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Thu, 2017-03-09 at 18:39 -0800, Andy Lutomirski wrote: > On Thu, Mar 9, 2017 at 2:10 PM, Stas Sergeev <s...@list.ru> wrote: > > 09.03.2017 04:15, Ricardo Neri пишет: > > > >> On Wed, 2017-03-08 at 08:46 -0800, Andy Lutomirski wrote: > >>> > >&g

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Fri, 2017-03-10 at 01:01 +0300, Stas Sergeev wrote: > 09.03.2017 03:46, Ricardo Neri пишет: > > On Wed, 2017-03-08 at 17:08 +0300, Stas Sergeev wrote: > >> 08.03.2017 03:32, Ricardo Neri пишет: > >>> These are the instructions covered by UMIP: > >>&

Re: [v6 PATCH 21/21] selftests/x86: Add tests for User-Mode Instruction Prevention

On Wed, 2017-03-08 at 07:56 -0800, Andy Lutomirski wrote: > On Tue, Mar 7, 2017 at 4:32 PM, Ricardo Neri > <ricardo.neri-calde...@linux.intel.com> wrote: > > Certain user space programs that run on virtual-8086 mode may utilize > > instructions protected by the User-Mod

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Wed, 2017-03-08 at 08:46 -0800, Andy Lutomirski wrote: > On Wed, Mar 8, 2017 at 8:29 AM, Stas Sergeev <s...@list.ru> wrote: > > 08.03.2017 19:06, Andy Lutomirski пишет: > >> > >> On Wed, Mar 8, 2017 at 6:08 AM, Stas Sergeev <s...@list.ru> wrote: > >

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Wed, 2017-03-08 at 19:53 +0300, Stas Sergeev wrote: > 08.03.2017 19:46, Andy Lutomirski пишет: > >> No no, since I meant prot mode, this is not what I need. > >> I would never need to disable UMIP as to allow the > >> prot mode apps to do SLDT. Instead it would be good > >> to have an ability

Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention

On Wed, 2017-03-08 at 17:08 +0300, Stas Sergeev wrote: > 08.03.2017 03:32, Ricardo Neri пишет: > > These are the instructions covered by UMIP: > > * SGDT - Store Global Descriptor Table > > * SIDT - Store Interrupt Descriptor Table > > * SLDT - Store Local Descript

[v6 PATCH 19/21] x86/traps: Fixup general protection faults caused by UMIP

; Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/kernel/traps.c | 4

[v6 PATCH 02/21] x86/mpx: Do not use SIB index if index points to R/ESP

Cc: Adan Hawthorn <adanhawth...@gmail.com> Cc: Joe Perches <j...@perches.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/mm/mpx.c | 19 +-- 1 file c

[v6 PATCH 20/21] x86: Enable User-Mode Instruction Prevention

Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@kernel.org Cc: linux-msdos@vger.kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/Kconfig | 10 ++ arch/x86/kernel/cpu/common.c | 16 +++-

[v6 PATCH 12/21] x86/insn: Support both signed 32-bit and 64-bit effective addresses

er <adrian.hun...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan.

[v6 PATCH 13/21] x86/insn-eval: Add support to resolve 16-bit addressing encodings

Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-ev

[v6 PATCH 14/21] x86/insn-eval: Add wrapper function for 16-bit and 32-bit address encodings

gle.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 45 - 1 file changed, 40 insertions(+), 5 deletions(-) diff

[v6 PATCH 10/21] x86/insn-eval: Do not use R/EBP as base if mod in ModRM is zero

rnel.org> Cc: Adrian Hunter <adrian.hun...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shan

[v6 PATCH 17/21] x86: Add emulation code for UMIP instructions

t;sh...@kernel.org> Cc: Vlastimil Babka <vba...@suse.cz> Cc: Tony Luck <tony.l...@intel.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Liang Z. Li <liang.z...@intel.com> Cc: Alexandre Julliard <julli...@winehq.org> Cc: Stas Sergeev <s...@list.ru> Cc: x...@ke

[v6 PATCH 08/21] x86/insn-eval: Add utility function to get segment descriptor base address

..@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/include/asm/insn-eval.h | 2 ++ arch/

[v6 PATCH 05/21] x86/insn-eval: Add utility functions to get register offsets

rnel.org> Cc: Adrian Hunter <adrian.hun...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shan

[v6 PATCH 18/21] x86/umip: Force a page fault when unable to copy emulated result to user

with SEGV_MAPERR with the offending address. A new function is inspired in force_sig_info_fault is introduced to model the page fault. Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/kernel/umip.c | 45 +++-- 1 file changed, 43 inse

[v6 PATCH 15/21] x86/mm: Relocate page fault error codes to traps.h

e...@linux.intel.com> Cc: Josh Poimboeuf <jpoim...@redhat.com> Cc: Dave Hansen <dave.han...@linux.intel.com> Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch

[v6 PATCH 03/21] x86/mpx: Do not use R/EBP as base in the SIB byte with Mod = 0

ad.org> Cc: Nathan Howard <liverl...@gmail.com> Cc: Adan Hawthorn <adanhawth...@gmail.com> Cc: Joe Perches <j...@perches.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x

[v6 PATCH 21/21] selftests/x86: Add tests for User-Mode Instruction Prevention

kar <ravi.v.shan...@intel.com> Cc: Shuah Khan <sh...@kernel.org> Cc: Vlastimil Babka <vba...@suse.cz> Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- tools/testing/selftests/x86/entry_from_vm86.c | 39 ++- 1 file changed,

[v6 PATCH 11/21] insn/eval: Incorporate segment base in address computation

..@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 10 --

[v6 PATCH 09/21] x86/insn-eval: Add functions to get default operand and address sizes

homas Garnier <thgar...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-ca

[v6 PATCH 07/21] x86/insn-eval: Add utility function to get segment descriptor

v <b...@suse.de> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Ravi V. Shankar <ravi.v.shan...@intel.com> Cc: x...@kernel.org Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> --- arch/x86/lib/insn-eval.c | 61 1

Re: [v5 17/20] x86/umip: Force a page fault when unable to copy emulated result to user

On Sun, 2017-03-05 at 08:18 -0800, Andy Lutomirski wrote: > > + */ > > +static void __force_sig_info_umip_fault(void __user *address, > > + struct pt_regs *regs) > > +{ > > + siginfo_t info; > > + struct task_struct *tsk = current; > > + > > +

  1   2   >