Hi All,
I am working on implementing support for a new feature in the Linux kernel named User-Mode Instruction Prevention that will be present in upcoming Intel processors. In a nutshell, if this feature is present and enabled, a general protection fault will happen if any of the following instructions is executed with CPL > 0.
* SGDT - Store Global Descriptor Table * SIDT - Store Interrupt Descriptor Table * SLDT - Store Local Descriptor Table * SMSW - Store Machine Status Word * STR - Store Task Register
The goal of this feature is to prevent user space applications to read the resources mentioned above. For instance, a user-space application could easily read the descriptor tables and use that to instrument an attack.
I am aware that maybe wine (or applications using wine) might want to use some of these instructions. For instance, wine might want to use the sgdt instruction to emulate the VxD driver model.
Currently the proposed implementation is as follows:
If running in protected mode, always propagate the GP fault to the user space via a sigsegv. If running in vm86 mode, trap the GP fault within the kernel and give the userspace fake values for the aforementioned resources (most likely zeros).
Also, UMIP will be able to be disabled via a kernel command-line parameter at boot.
I would like to inquire about the current use of these instructions and whether it would be catastrophic for wine to lose access to them.
Your feedback will be greatly appreciated. You can see the original patch post here [1].
http://www.spinics.net/lists/kernel/msg2377725.html
Thanks and BR, Ricardo