Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758798AbbGHPcH (ORCPT ); Wed, 8 Jul 2015 11:32:07 -0400 Received: from mail-oi0-f47.google.com ([209.85.218.47]:35072 "EHLO mail-oi0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754889AbbGHPcC (ORCPT ); Wed, 8 Jul 2015 11:32:02 -0400 MIME-Version: 1.0 In-Reply-To: <23d4709cee2fe92c32d41b99c7a3c1823725925a.1436312944.git.luto@kernel.org> References: <23d4709cee2fe92c32d41b99c7a3c1823725925a.1436312944.git.luto@kernel.org> Date: Wed, 8 Jul 2015 11:32:01 -0400 Message-ID: Subject: Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN From: Brian Gerst To: Andy Lutomirski Cc: "the arch/x86 maintainers" , Linux Kernel Mailing List , Oleg Nesterov , Kees Cook , Arjan van de Ven , Peter Zijlstra , Borislav Petkov , Linus Torvalds Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2616 Lines: 58 On Tue, Jul 7, 2015 at 9:25 PM, Andy Lutomirski wrote: > VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is > in use. The code is a big undocumented mess, it's a real PITA to > test, and it looks like a big chunk of vm86_32.c is dead code. It > also plays awful games with the entry asm. > > No one should be using it anyway. Use DOSBOX or KVM instead. > > Mark it BROKEN. I want to remove some (obviously incorrect) exit > asm that it depends on, and I don't want to figure out how to run > severely obsolete programs just to test something that no one uses > for anything other than exploits anyway. > > Signed-off-by: Andy Lutomirski > --- > > I find it implausible that vm86_32.c isn't full or root holes. It's > also full of hilariously ugly code, it does terrible things to the > kernel stack, and its interaction with the syscall slowpath is > blatantly incorrect. > > It really shouldn't have any users, anyway. It doesn't (and can't!) > work on 64-bit kernels, and the only program that even knows how it > works appears to be DOSEMU. DOSEMU doesn't even need it for most > programs (it uses modify_ldt instead if possible), and DOSBOX and > KVM are better choices anyway. > > I think that even DOSEMU might be able to emulate vm86 (by emulating > instruction-by-instruction) if the vm86 syscall isn't there. > > Want to be terrified? Read copy_vm86_regs_from_user. Or > mark_screen_rdonly. Or return_to_32bit. Or VM86_REQUEST_IRQ. > > What do you all think? This code is a maintenance disaster, and I'd > love to see it go. This would be a nice first step. > > This patch is intended for tip/x86/asm. The 32-bit part of my big > cleanup will interfere with vm86, and, while I think I fixed it up > right, I'd rather not expose everyone to the high probability of > crazy security bugs in this mess. I have been working on some patches to fix the ugly hacks vm86 uses and make it more easily maintainable. The general idea is to make it use the regular pt_regs area and save the 32-bit regs and other data off-stack. That would allow a normal kernel exit route instead of jumping directly into the exit asm code. It should also allow ptrace to work with a few tweaks. One other place to check for usage is Wine. I recall there being some DOS compatibility stuff in there. -- Brian Gerst -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/