VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
in use. The code is a big undocumented mess, it's a real PITA to
test, and it looks like a big chunk of vm86_32.c is dead code. It
also plays awful games with the entry asm.
No one should be using it anyway. Use DOSBOX or KVM instead.
Let's accelerate its slow death. Remove it from EXPERT and default
it to n. Distros should not enable it. In the unlikely event that
some user needs it, they can easily re-enable it.
While we're at it, rename it to CONFIG_LEGACY_VM86 so that 'make
oldconfig' users will be prompted again. I left CONFIG_VM86 as an
alias to avoid a treewide replacement of the names. We can clean
that up once the current asm and vm86 code churn settles down.
Signed-off-by: Andy Lutomirski <[email protected]>
---
Take three, this time with a rename at Linus' suggestion.
Given that both Brian and I have pending patches that involve the
name 'CONFIG_VM86', I left that name as an alias in Kconfig. We can
fix that later.
arch/x86/Kconfig | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd014fa2..45d95e1ab047 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -996,15 +996,36 @@ config X86_THERMAL_VECTOR
def_bool y
depends on X86_MCE_INTEL
-config VM86
- bool "Enable VM86 support" if EXPERT
- default y
+config LEGACY_VM86
+ bool "Legacy VM86 support (obsolete)"
+ default n
depends on X86_32
---help---
- This option is required by programs like DOSEMU to run
- 16-bit real mode legacy code on x86 processors. It also may
- be needed by software like XFree86 to initialize some video
- cards via BIOS. Disabling this option saves about 6K.
+ This option allows user programs to put the CPU into V8086
+ mode, which is an 80286-era approximation of 16-bit real mode.
+
+ Some very old versions of X and/or vbetool require this option
+ for user mode setting. Similarly, DOSEMU will use it if
+ available to accelerate real mode DOS programs. However, any
+ recent version of DOSEMU, X, or vbetool should be fully
+ functional even without kernel VM86 support, as they will all
+ fall back to software emulation.
+
+ Anything that works on a 64-bit kernel is unlikely to need
+ this option, as 64-bit kernels don't, and can't, support V8086
+ mode. This option is also unrelated to 16-bit protected mode
+ and is not needed to run most 16-bit programs under Wine.
+
+ Enabling this option adds considerable attack surface to the
+ kernel and slows down system calls and exception handling.
+
+ Unless you use very old userspace or need the last drop of
+ performance in your real mode DOS games and can't use KVM, say
+ N here.
+
+config VM86
+ bool
+ default LEGACY_VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
--
2.4.3
On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
for now we can at least express the NOHZ_FULL thing in KConfig space...
On Fri, Jul 10, 2015 at 8:39 AM, Arjan van de Ven <[email protected]> wrote:
> On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
>>
>> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
>
>
> for now we can at least express the NOHZ_FULL thing in KConfig space...
>
True.
OTOH, both Brian and I have patches to fix that, so it seems
unnecessary to make that change and then promptly undo it.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
On Fri, Jul 10, 2015 at 8:43 AM, Andy Lutomirski <[email protected]> wrote:
> On Fri, Jul 10, 2015 at 8:39 AM, Arjan van de Ven <[email protected]> wrote:
>> On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
>>>
>>> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
>>
>>
>> for now we can at least express the NOHZ_FULL thing in KConfig space...
>>
>
> True.
>
> OTOH, both Brian and I have patches to fix that, so it seems
> unnecessary to make that change and then promptly undo it.
I should think before I type. We don't support NOHZ_FULL on 32-bit in
the first place. The bit about ptrace still stands, though.
--Andy
Commit-ID: 5aef51c340cb50ed9a3997dc5d782324372078bd
Gitweb: http://git.kernel.org/tip/5aef51c340cb50ed9a3997dc5d782324372078bd
Author: Andy Lutomirski <[email protected]>
AuthorDate: Fri, 10 Jul 2015 08:34:23 -0700
Committer: Ingo Molnar <[email protected]>
CommitDate: Tue, 21 Jul 2015 10:40:50 +0200
x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'
VM86 is entirely broken if ptrace, syscall auditing, or
NOHZ_FULL is in use. The code is a big undocumented mess, it's
a real PITA to test, and it looks like a big chunk of vm86_32.c
is dead code. It also plays awful games with the entry asm.
No one should be using it anyway. Use DOSBOX or KVM instead.
Let's accelerate its slow death. Remove it from EXPERT and
default it to n. Distros should not enable it. In the unlikely
event that some user needs it, they can easily re-enable it.
While we're at it, rename it to CONFIG_X86_LEGACY_VM86 so that 'make
oldconfig' users will be prompted again. I left CONFIG_VM86 as
an alias to avoid a treewide replacement of the names. We can
clean that up once the current asm and vm86 code churn settles
down.
Signed-off-by: Andy Lutomirski <[email protected]>
Cc: Arjan van de Ven <[email protected]>
Cc: Austin S Hemmelgarn <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Matthew Garrett <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/d29c6cc442d32d4df58849d2f8c89fb39ff88d61.1436542295.git.luto@kernel.org
[ Refined it some more. ]
Signed-off-by: Ingo Molnar <[email protected]>
---
arch/x86/Kconfig | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd0..2cb2211 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -996,15 +996,36 @@ config X86_THERMAL_VECTOR
def_bool y
depends on X86_MCE_INTEL
-config VM86
- bool "Enable VM86 support" if EXPERT
- default y
+config X86_LEGACY_VM86
+ bool "Legacy VM86 support (obsolete)"
+ default n
depends on X86_32
---help---
- This option is required by programs like DOSEMU to run
- 16-bit real mode legacy code on x86 processors. It also may
- be needed by software like XFree86 to initialize some video
- cards via BIOS. Disabling this option saves about 6K.
+ This option allows user programs to put the CPU into V8086
+ mode, which is an 80286-era approximation of 16-bit real mode.
+
+ Some very old versions of X and/or vbetool require this option
+ for user mode setting. Similarly, DOSEMU will use it if
+ available to accelerate real mode DOS programs. However, any
+ recent version of DOSEMU, X, or vbetool should be fully
+ functional even without kernel VM86 support, as they will all
+ fall back to (pretty well performing) software emulation.
+
+ Anything that works on a 64-bit kernel is unlikely to need
+ this option, as 64-bit kernels don't, and can't, support V8086
+ mode. This option is also unrelated to 16-bit protected mode
+ and is not needed to run most 16-bit programs under Wine.
+
+ Enabling this option adds considerable attack surface to the
+ kernel and slows down system calls and exception handling.
+
+ Unless you use very old userspace or need the last drop of
+ performance in your real mode DOS games and can't use KVM,
+ say N here.
+
+config VM86
+ bool
+ default X86_LEGACY_VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT