Announcement

**c117152** · 08 January 2017, 04:05 PM

10 bucks someone circumvents UMIP and gets the IDTR base address in privileged containers this year.

**Pickup** · 08 January 2017, 05:34 PM

Is it a feature?
Well, I feel I little skeptical when I read about a code execution preventing technology, an hardware one in particular: who's deciding what can my PC run or not?

**ldo17** · 08 January 2017, 07:03 PM

Imagine if WINE gets this feature before Windows does...

**AdamOne** · 09 January 2017, 07:02 AM

Good, for WINE, charge'em dry!

**kpedersen** · 09 January 2017, 09:22 AM

Originally posted by Pickup View Post

Is it a feature?
Well, I feel I little skeptical when I read about a code execution preventing technology, an hardware one in particular: who's deciding what can my PC run or not?

I agree. Surely this sort of restriction could prevent innovative technologies (like Wine) appearing in the future.
That said, I would hope this can be disabled in the (classic) BIOS.

**ssokolow** · 09 January 2017, 09:25 AM

Originally posted by Pickup View Post

Is it a feature?
Well, I feel I little skeptical when I read about a code execution preventing technology, an hardware one in particular: who's deciding what can my PC run or not?

According to the description on the Wine page, it's a kernel-controlled feature like everything else you're fine with, such as protected-mode execution, NX-bit (A.K.A. Hardware DEP), etc.

(And it can be turned off with a kernel boot parameter, the same way you might turn off KMS because you're on nVidia drivers.)

As for what it does, it enables the kernel to catch requests for certain types of information (eg. the location of the kernel's interrupt handler table) that legitimate user-mode applications have no business knowing so it can either kill them or return dummy values. (Think of it as CyanogenMod's "allow but return forged values" permissions behaviour, but for certain kernel internals that are visible to user-mode applications for legacy reasons.)

**starshipeleven** · 09 January 2017, 05:04 PM

Originally posted by ssokolow View Post

As for what it does, it enables the kernel to catch requests for certain types of information (eg. the location of the kernel's interrupt handler table) that legitimate user-mode applications have no business knowing so it can either kill them or return dummy values. (Think of it as CyanogenMod's "allow but return forged values" permissions behaviour, but for certain kernel internals that are visible to user-mode applications for legacy reasons.)

I like this. Does it really need special hardware support to do this?

**ssokolow** · 10 January 2017, 01:42 AM

Originally posted by starshipeleven View Post

I like this. Does it really need special hardware support to do this?

UMIP is the same sort of thing as the virtualization extensions.

The instructions in question are an ancient part of the x86 ISA and, without the CPU helping to catch them, trying to block access to them presents a trade-off between performance and security. (Because the only guaranteed way to catch all attempts to call them is to run your programs in an x86-on-x86 emulator.)

Imagine securely implementing memory protection without CPU assistance. It's a similar sort of problem.

Announcement

Intel Working With Wine Developers On User-Mode Instruction Prevention

Intel Working With Wine Developers On User-Mode Instruction Prevention

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment