Ubuntu 16.04 on i386 has VM86 disabled again

Ubuntu 16.04 on i386 has VM86 disabled again

[Andrew Bird]

Hi all,
	Just a quick note to let people know that if you upgrade your i386 Ubuntu to 16.04 LTS release, you'll find that you are only using cpu emulation again. I naively thought that fixing the problem for Wily HWE kernel would automatically mean that Xenial would come out with the fix. If this slow operation affects you, and you'd like it fixed, please visit the launchpad bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1574602 and indicate that it affects you and its importance.

Many thanks,

-- 
Andrew Bird <ajb@spheresystems.co.uk>

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Stas Sergeev]

25.04.2016 15:16, Andrew Bird пишет:
> Hi all,
> 	Just a quick note to let people know that if you upgrade your i386 Ubuntu to 16.04 LTS release, you'll find that you are only using cpu emulation again. I naively thought that fixing the problem for Wily HWE kernel would automatically mean that Xenial would come out with the fix. If this slow operation affects you, and you'd like it fixed, please visit the launchpad bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1574602 and indicate that it affects you and its importance.
That was the "right" thing to do. Or at least justified and discussed.
If we want vm86(), we need to re-implement it properly.
I have a word from top linux devs (including Linus himself)
that properly implemented vm86() will stay enabled.
Or the one can use kvm, which can already be enabled
in dosemu config.
Currently there are no resources for either re-implementing
vm86() or fixing kvm support to the state when it can be
enabled by default. But feel free to contribute. :)
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Paul Crawford]

On 25/04/16 13:52, Stas Sergeev wrote:
> That was the "right" thing to do. Or at least justified and discussed.
> If we want vm86(), we need to re-implement it properly.
> I have a word from top linux devs (including Linus himself)
> that properly implemented vm86() will stay enabled.

This may seem like a strange question, but what is actually wrong with 
the current/past vm86() support?

I was under the impression that for 32-bit CPU operation it was simply a 
call to the corresponding x86 instructions, so don't see what would be 
"wrong" with that beyond the obvious aspect that it can be abused by 
malware (much like anything else really) hence the idea of having it 
configurable at run-time so it defaults to being off but is only a 
(root) text edit away from being enabled for us who want it for odd 
cases like dosemu.

Of course 64-bit is more of a problem...

Regards,
Paul

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Andrew Bird]

On Tue, 26 Apr 2016 10:17:43 +0100
Paul Crawford <psc@sat.dundee.ac.uk> wrote:

> On 25/04/16 13:52, Stas Sergeev wrote:
> > That was the "right" thing to do. Or at least justified and discussed.
> > If we want vm86(), we need to re-implement it properly.
> > I have a word from top linux devs (including Linus himself)
> > that properly implemented vm86() will stay enabled.
> 
> This may seem like a strange question, but what is actually wrong with 
> the current/past vm86() support?
Well I believe the current kernel devs don't really understand the code well enough to say it's security risk free and would rather disable it by default unless somebody were to rewrite or fully audit it. There is an assumption that there are very few users of it and so it was almost killed off completely. Only Linus' assertion that "we shouldn't break userspace for existing apps" saved it. There is now the switch to runtime enable it, but still the vanilla kconfig default is not to compile it in at all. So it is up to the distros to decide for themselves if the usefulness for programs like Dosemu outweighs the perceived security risk, and allow it to be compiled in.

The long term goal for the Kernel would be a new simplified vm86() call, but most likely this is not going to be backwardly compatible for existing apps to run unchanged. A while ago I tested Bart's dosemu2 branch which implemented a kvm based mode. I found it to be almost identical for speed with vm86() on both floating point and integer based benchmarks on i386. If that can be made stable enough to use on i386 and x86_64, then I see no reason to implement a new vm86() purely for 32bit. Of course it's a question of developer resources, I for one am not capable of helping with either Kernel vm86() or to the stabilisation of kvm based dosemu, so I do what I can to preserve the ability to run with the old vm86() by pushing for runtime enablement in Ubuntu. I suspect this will only work for s
 o long, and at some point it will be dropped. So I hope the kvm mode can be developed to the point where we no longer care about vm86() being available, as it's good enough to be the default and fast enough for those apps that need it.

> 
> I was under the impression that for 32-bit CPU operation it was simply a 
> call to the corresponding x86 instructions, so don't see what would be 
> "wrong" with that beyond the obvious aspect that it can be abused by 
> malware (much like anything else really) hence the idea of having it 
> configurable at run-time so it defaults to being off but is only a 
> (root) text edit away from being enabled for us who want it for odd 
> cases like dosemu.
> 
> Of course 64-bit is more of a problem...
> 
> Regards,
> Paul


-- 
Andrew Bird <ajb@spheresystems.co.uk>

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Stas Sergeev]

26.04.2016 12:17, Paul Crawford пишет:
> On 25/04/16 13:52, Stas Sergeev wrote:
>> That was the "right" thing to do. Or at least justified and discussed.
>> If we want vm86(), we need to re-implement it properly.
>> I have a word from top linux devs (including Linus himself)
>> that properly implemented vm86() will stay enabled.
>
> This may seem like a strange question, but what is actually wrong with 
> the current/past vm86() support?
The problems started to happen when vm86() was completely
broken for too long and no one have complained. So the kernel
devs decided to simply disable it, instead of fixing, assuming no
one uses it:
http://marc.info/?l=linux-kernel&m=143654248415764

Only then Andrew Bird have noticed that and raised
an issue. After a lot of pestering, I convinced them to actually fix it:
https://lkml.org/lkml/2015/10/31/7
but, since I am using the 64bit environment, I had the hard times
to even test the fix. So they left it disabled until someone can
provide a very simple, easy to audit implementation. This is not
difficult at all, BUT, this will require installing the 32bit OS somewhere,
a lot of time-wasting. :)

> I was under the impression that for 32-bit CPU operation it was simply 
> a call to the corresponding x86 instructions, so don't see what would 
> be "wrong" 
You can see its sources and judge for yourself.
There are few problems. Firstly, it emulates VME in software
because of some horrible hacks that former dosemu developers
have pushed into kernel (grep for BIOSSEG in vm86_32.c).
Secondly it implements the horrible and completely unrelated
interfaces, also pushed by some dosemu devs in the darkest
past (VM86_REQUEST_IRQ and friends).
So while I was fighting the decision of disabling it, I'd be doing
the same thing if I were them. :)

> with that beyond the obvious aspect that it can be abused by malware 
> (much like anything else really) hence the idea of having it 
> configurable at run-time so it defaults to being off but is only a 
> (root) text edit away from being enabled for us who want it for odd 
> cases like dosemu.
If it is properly implemented, then yes. And I have that "yes"
from Linus and Ingo personally.
But the current implementation does not deserve even the
run-time disabling. It should be completely compiled out,
unfortunately.
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Stas Sergeev]

26.04.2016 13:09, Andrew Bird пишет:
> The long term goal for the Kernel would be a new simplified vm86() call, but most likely this is not going to be backwardly compatible for existing apps to run unchanged.
This is not a problem: there are currently 2 vm86 syscalls:
vm86() and vm86old(). One can re-implement vm86old(),
leaving vm86() for compatibility with the current apps.

>   A while ago I tested Bart's dosemu2 branch which implemented a kvm based mode. I found it to be almost identical for speed with vm86() on both floating point and integer based benchmarks on i386. If that can be made stable enough to use on i386 and x86_64, then I see no reason to implement a new vm86() purely for 32bit.
The problem is that kvm is unstable by itself:
https://lkml.org/lkml/2016/3/29/567
It reboots some old machines...
Also the way dosemu uses it, is a bit nasty and complex:
it sets up the full vm86 monitor in userspace. Bart initially tried
the clean implementation, but that required too much work
on both dosemu and kernel side, and may not be supported
on many CPUs. I still want to prepare dosemu for a clean
implementation, and make that optional. The branch "kvm"
is for that.

>   Of course it's a question of developer resources, I for one am not capable of helping with either Kernel vm86() or to the stabilisation of kvm based dosemu, so I do what I can to preserve the ability to run with the old vm86() by pushing for runtime enablement in Ubuntu. I suspect this will only work for so long, and at some point it will be dropped. So I hope the kvm mode can be developed to the point where we no longer care about vm86() being available, as it's good enough to be the default and fast enough for those apps that need it.
Integrating kvm properly and cleanly, and fixing the kernel
to not reboot the older machines, is virtually an unlimited
amount of work, while re-implementing vm86() is a quite
small task. Of course if we accept enough of short-cuts,
then the proportions may change.
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Andrew Bird]

Just a quick note to say, as of package 4.4.0-24-generic, Ubuntu Xenial(16.04) has the vm86 call enabled in its 32 bit kernel.

Thanks to all those that added heat to the bug report https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1499089

-- 
Andrew Bird <ajb@spheresystems.co.uk>