x86 User-Mode Instruction Prevention and winehq

[Neri, Ricardo]

Hi All,

On Wed, 2016-11-16 at 04:09 +0000, Neri, Ricardo wrote:
> Hi All,
> 
> I am working on implementing support for a new feature in the Linux
> kernel named User-Mode Instruction Prevention that will be present in
> upcoming Intel processors. In a nutshell, if this feature is present and
> enabled, a general protection fault will happen if any of the following
> instructions is executed with CPL > 0.
> 
> * SGDT - Store Global Descriptor Table
> * SIDT - Store Interrupt Descriptor Table
> * SLDT - Store Local Descriptor Table
> * SMSW - Store Machine Status Word
> * STR - Store Task Register
> 
> The goal of this feature is to prevent user space applications to read
> the resources mentioned above. For instance, a user-space application
> could easily read the descriptor tables and use that to instrument an
> attack.
> 
> I am aware that maybe wine (or applications using wine) might want to
> use some of these instructions. For instance, wine might want to use the
> sgdt instruction to emulate the VxD driver model.
> 
> Currently the proposed implementation is as follows:
> 
> If running in protected mode, always propagate the GP fault to the user
> space via a sigsegv. If running in vm86 mode, trap the GP fault within
> the kernel and give the userspace fake values for the aforementioned
> resources (most likely zeros).
> 
> Also, UMIP will be able to be disabled via a kernel command-line
> parameter at boot.
> 
> I would like to inquire about the current use of these instructions and
> whether it would be catastrophic for wine to lose access to them.
> 
> Your feedback will be greatly appreciated. You can see the original
> patch post here [1].

Checking again if any of you have comments on this. I am planning on a
new submissions to Linux based on the approach given above.

Thanks and BR,
Ricardo
> 
> http://www.spinics.net/lists/kernel/msg2377725.html
> 
> Thanks and BR,
> Ricardo
>