lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Sep 2021 18:14:59 -0700
From:   Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
        Marcus Rückert <mrueckert@...e.com>
Subject: Re: [PATCH] x86/umip: Add a umip= cmdline switch

On Tue, Sep 07, 2021 at 10:04:54PM +0200, Borislav Petkov wrote:
> From: Borislav Petkov <bp@...e.de>
> 
> And add the first control option
> 
>   umip=warnings_off
> 
> which disables warnings resulting from emulating UMIP-enabled insns.
> 
> The actual use case is for users playing games in wine, games like
> Overwatch, for example, which go nuts with SIDT:
> 
>   [Di Sep  7 00:24:05 2021] umip_printk: 1345 callbacks suppressed
>   [Di Sep  7 00:24:05 2021] umip: someapp.exe[29231] ip:14064cdba sp:11b7c0: SIDT instruction cannot be used by applications.
>   [Di Sep  7 00:24:05 2021] umip: someapp.exe[29231] ip:14064cdba sp:11b7c0: For now, expensive software emulation returns the result.
>   ...
>   [Di Sep  7 00:26:06 2021] umip_printk: 2227 callbacks suppressed
>   [Di Sep  7 00:26:06 2021] umip: someapp.exe[29231] ip:14064cdba sp:11b940: SIDT instruction cannot be used by applications.
> 
> filling up the kernel log unnecessarily with the same info over and over
> again which doesn't mean a whit to the users - they just wanna play.
> 
> So add a boot-time control switch for those warning messages.
> 
> Reported-by: Marcus Rückert <mrueckert@...e.com>
> Signed-off-by: Borislav Petkov <bp@...e.de>
> ---
>  .../admin-guide/kernel-parameters.txt         |  5 +++
>  arch/x86/kernel/umip.c                        | 33 +++++++++++++++++--
>  2 files changed, 35 insertions(+), 3 deletions(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 828d11441ebf..815d022c3e87 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -5887,6 +5887,11 @@
>  	unknown_nmi_panic
>  			[X86] Cause panic on unknown NMI.
>  
> +	umip=warnings_off
> +			[X86]
> +			* warnings_off - do not issue warnings when emulating
> +			  UMIP-enabled instructions.
> +
>  	usbcore.authorized_default=
>  			[USB] Default USB device authorization:
>  			(default -1 = authorized except for wireless USB,
> diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c
> index 576b47e7523d..1d37dc626011 100644
> --- a/arch/x86/kernel/umip.c
> +++ b/arch/x86/kernel/umip.c
> @@ -90,10 +90,19 @@ static const char * const umip_insns[5] = {
>  	[UMIP_INST_STR] = "STR",
>  };
>  
> -#define umip_pr_err(regs, fmt, ...) \
> +static struct umip_config {
> +	__u64 warnings_off	: 1,
> +	      __reserved	: 63;
> +} umip_cfg;
> +
> +#define umip_pr_err(regs, fmt, ...)				\
>  	umip_printk(regs, KERN_ERR, fmt, ##__VA_ARGS__)
> -#define umip_pr_warn(regs, fmt, ...) \
> -	umip_printk(regs, KERN_WARNING, fmt,  ##__VA_ARGS__)
> +
> +#define umip_pr_warn(regs, fmt, ...)					\
> +({									\
> +	if (!umip_cfg.warnings_off)					\
> +		umip_printk(regs, KERN_WARNING, fmt,  ##__VA_ARGS__);	\

If it is printing the same information again and again, wouldn't it be
simpler to have a umip_pr_warn_once()?

Thanks and BR,
Ricardo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ