lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 May 2020 03:08:53 +0200
To:     Brendan Shanks <>
Cc:     Thomas Gleixner <>,
        Ingo Molnar <>, Borislav Petkov <>,, "H. Peter Anvin" <>,
        Ricardo Neri <>,
        "Eric W. Biederman" <>,
        Sergey Senozhatsky <>,
        Babu Moger <>,
        Kefeng Wang <>,
        Jason Yan <>,
Subject: Re: umip: AMD Ryzen 3900X, pagefault after emulate SLDT/SIDT

On 11:56 19.05.20, Brendan Shanks wrote:
> The problem is that the kernel does not emulate/spoof the SLDT instruction, only SGDT, SIDT, and SMSW.
> SLDT and STR weren't thought to be commonly used, so emulation/spoofing wasn’t added.
> In the last few months I have seen reports of one or two (32-bit) Windows games that use SLDT though.
> Can you share more information about the application you’re running?

I'll try to create a very simple reproducer for this case in the next
days. Unfortunately I don't have the source of the original application.
I can mail you instructions about it directly, if required.

> Maybe the best path is to add kernel emulation/spoofing for SLDT and
> STR on 32 and 64-bit, just to cover all the cases. It should be a
> pretty simple patch, I’ll start working on it.

Check the other mail from Ricardo, you can probably safe that effort :-)

> Alternately, I did work on a Wine patch to emulate the UMIP
> instructions in user-space, but it adds a lot of code and I don’t
> think there’s much appetite for it in upstream Wine (especially since
> the kernel emulation is sufficient for almost all cases).

Yeah that seems like the less favorable effort. My best guess is that
this might not be limited to Wine thus handling in the kernel might be

> In the meantime, an easy way to disable UMIP without rebuilding the
> kernel is to pass 'clearcpuid=514’ on the kernel command line.

Nice, I'll use that next time :-)

Powered by blists - more mailing lists