From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Kees Cook <keescook@chromium.org>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN
Date: Sat, 11 Jul 2015 11:18:39 +0200 [thread overview]
Message-ID: <20150711091839.GA24561@gmail.com> (raw)
In-Reply-To: <CA+55aFwoRuC86AtJ1rRHggmiJCLaEqe09DkUbKrR0rxU+pEAHQ@mail.gmail.com>
* Linus Torvalds <torvalds@linux-foundation.org> wrote:
> [...]
>
> So no marking it "BROKEN". No calling it names just because it doesn't work in
> insane situations that nobody cares about. It's a legacy thing, and it probably
> has very few users, but I'm getting the vibe that you want to remove it or hate
> it just because it might not work in situations that simply don't make sense in
> the first place, and that it was never used for anyway.
So just to make it clear that we are on the same page: I voiced a number of bad
ideas in this thread that got you (rightfully) worried. Those bad ideas are all
off the table:
- We won't mark VM86 as BROKEN (which effectively disables it permanently)
- We won't do SW emulation either.
The current plans with the vm86 ABI are the following:
- We change the name to VM86_LEGACY and mark it default n to flush out
people/distros who had it enabled for no good reason. Anyone who builds a new
kernel for an old kernel and needs it for old hardware or DOS games can still
enable it, and v86 will continue to work to the best of our abilities. (in
fact it will work better, now that we are gradually making the x86 entry code
more maintainable.)
- We enhance the help text so that people who enable it make an informed choice.
- We apply Brian's and Andy's various fixes and cleanups to fix all known vm86
bugs and to make it more maintainable.
Agreed?
Btw., what do you think about one more measure to make vm86 more configurable, and
to allow the locking down of the default some more:
- Introduce a sysctl that globally disables/enables the sys_vm86 and sys_vm86old
syscalls by default for non-privileged users, i.e. something like:
static int __read_mostly sysctl_x86_vm86_paranoia = 1;
...
switch (sysctl_x86_vm86_paranoia) {
case 0:
/* Not paranoid at all: allow everyone vm86 access: */
break;
case 1:
/* Somewhat paranoid: only allow privileged users vm86 access: */
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
break;
case 2:
default:
/* Very paranoid, turn off the syscall: */
return -EPERM;
}
Note that with this we also introduce the '2' setting: users in such a distro
could still disable vm86 globally, as if it had been turned off in the kernel
config.
Thanks,
Ingo
next prev parent reply other threads:[~2015-07-11 9:18 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 1:25 [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN Andy Lutomirski
2015-07-08 2:33 ` Arjan van de Ven
2015-07-08 14:00 ` Thomas Gleixner
2015-07-08 14:04 ` Ingo Molnar
2015-07-09 9:03 ` Pavel Machek
2015-07-09 17:57 ` Andy Lutomirski
2015-07-09 18:03 ` Kees Cook
2015-07-09 18:30 ` Linus Torvalds
2015-07-08 16:59 ` Linus Torvalds
2015-07-08 17:30 ` Andy Lutomirski
2015-07-08 17:49 ` Andy Lutomirski
2015-07-08 17:55 ` Linus Torvalds
2015-07-08 18:47 ` Andy Lutomirski
2015-07-08 18:53 ` Kees Cook
2015-07-08 18:48 ` Kees Cook
2015-07-08 19:04 ` Andy Lutomirski
2015-07-08 18:54 ` Austin S Hemmelgarn
2015-07-08 19:05 ` Brian Gerst
2015-07-08 19:14 ` Andy Lutomirski
2015-07-08 19:39 ` Brian Gerst
2015-07-08 19:59 ` Andy Lutomirski
2015-07-09 5:52 ` Ingo Molnar
2015-07-09 5:59 ` Ingo Molnar
2015-07-09 18:33 ` Andy Lutomirski
2015-07-10 11:16 ` Paolo Bonzini
2015-07-10 14:13 ` Ingo Molnar
2015-07-10 14:24 ` Paolo Bonzini
2015-07-10 14:39 ` Andy Lutomirski
2015-07-10 14:12 ` Eric W. Biederman
2015-07-10 14:37 ` Andy Lutomirski
2015-07-10 16:35 ` Linus Torvalds
2015-07-10 16:44 ` Andy Lutomirski
2015-07-10 17:04 ` Linus Torvalds
2015-07-10 17:13 ` Andy Lutomirski
2015-07-10 17:39 ` Linus Torvalds
2015-07-10 17:58 ` Andy Lutomirski
2015-07-10 18:00 ` Al Viro
2015-07-11 9:18 ` Ingo Molnar [this message]
2015-07-08 19:13 ` Ingo Molnar
2015-07-08 9:45 ` [tip:x86/asm] " tip-bot for Andy Lutomirski
2015-07-08 15:32 ` [PATCH] " Brian Gerst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150711091839.GA24561@gmail.com \
--to=mingo@kernel.org \
--cc=arjan@linux.intel.com \
--cc=bp@alien8.de \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).