From: Thomas Gleixner <tglx@linutronix.de>
To: Nikolay Borisov <nik.borisov@suse.com>, x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
Nikolay Borisov <nik.borisov@suse.com>
Subject: Re: [PATCH 1/3] x86: Introduce ia32_disabled boot parameter
Date: Wed, 07 Jun 2023 10:55:55 +0200 [thread overview]
Message-ID: <87r0qnk5wk.ffs@tglx> (raw)
In-Reply-To: <20230607072936.3766231-2-nik.borisov@suse.com>
On Wed, Jun 07 2023 at 10:29, Nikolay Borisov wrote:
> Distributions would like to reduce their attack surface as much as
> possible but at the same time they have to cater to a wide variety of
> legacy software. One such avenue where distros have to strike a balance
> is the support for 32bit syscalls on a 64bit kernel. Ideally we'd have
> the ability to disable the the compat support at boot time. This would
> allow the decision whether it should be disabled/enabled can be
> delegated to system administrators.
>
> This patch simply introduces ia32_disable boot parameter which aims at
https://www.kernel.org/doc/html/latest/process/maintainer-tip.html
> disabling 32 bit process support even if CONFIG_IA32_EMULATION has been
> selected at build time.
>
> Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
> ---
> arch/x86/entry/common.c | 12 ++++++++++++
> arch/x86/include/asm/traps.h | 4 ++++
New command line parameters require documentation.
https://www.kernel.org/doc/html/latest/process/
Thanks,
tglx
next prev parent reply other threads:[~2023-06-07 8:58 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 7:29 [RFC PATCH 0/3] Add ability to disable ia32 at boot time Nikolay Borisov
2023-06-07 7:29 ` [PATCH 1/3] x86: Introduce ia32_disabled boot parameter Nikolay Borisov
2023-06-07 8:55 ` Thomas Gleixner [this message]
2023-06-07 7:29 ` [PATCH 2/3] x86/entry: Disable IA32 syscalls in the presence of ia32_disabled Nikolay Borisov
2023-06-07 9:11 ` Thomas Gleixner
2023-06-08 3:18 ` Brian Gerst
2023-06-07 7:29 ` [PATCH 3/3] x86: Disable running 32bit processes if ia32_disabled is passed Nikolay Borisov
2023-06-07 12:01 ` Thomas Gleixner
2023-06-07 12:19 ` Nikolay Borisov
2023-06-07 12:53 ` Thomas Gleixner
2023-06-07 13:38 ` Nikolay Borisov
2023-06-07 14:49 ` Thomas Gleixner
2023-06-07 17:25 ` Andrew Cooper
2023-06-07 21:52 ` Thomas Gleixner
2023-06-07 23:43 ` Andrew Cooper
2023-06-08 0:25 ` Thomas Gleixner
2023-06-08 6:16 ` Jiri Slaby
2023-06-08 6:36 ` Jiri Slaby
2023-06-08 15:30 ` Thomas Gleixner
2023-06-08 15:32 ` Andrew Cooper
2023-06-08 6:29 ` Jiri Slaby
2023-06-08 11:25 ` Andrew Cooper
2023-06-08 15:56 ` Thomas Gleixner
2023-06-08 21:29 ` Nikolay Borisov
2023-06-07 12:55 ` Thomas Gleixner
2023-06-08 4:37 ` Brian Gerst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r0qnk5wk.ffs@tglx \
--to=tglx@linutronix.de \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=nik.borisov@suse.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.