[PATCH v3] x86/kconfig/32: Rename CONFIG_VM86 and default it to n

[PATCH v3] x86/kconfig/32: Rename CONFIG_VM86 and default it to n

[Andy Lutomirski]

VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
in use.  The code is a big undocumented mess, it's a real PITA to
test, and it looks like a big chunk of vm86_32.c is dead code.  It
also plays awful games with the entry asm.

No one should be using it anyway.  Use DOSBOX or KVM instead.

Let's accelerate its slow death.  Remove it from EXPERT and default
it to n.  Distros should not enable it.  In the unlikely event that
some user needs it, they can easily re-enable it.

While we're at it, rename it to CONFIG_LEGACY_VM86 so that 'make
oldconfig' users will be prompted again.  I left CONFIG_VM86 as an
alias to avoid a treewide replacement of the names.  We can clean
that up once the current asm and vm86 code churn settles down.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---

Take three, this time with a rename at Linus' suggestion.

Given that both Brian and I have pending patches that involve the
name 'CONFIG_VM86', I left that name as an alias in Kconfig.  We can
fix that later.

 arch/x86/Kconfig | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd014fa2..45d95e1ab047 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -996,15 +996,36 @@ config X86_THERMAL_VECTOR
 	def_bool y
 	depends on X86_MCE_INTEL
 
-config VM86
-	bool "Enable VM86 support" if EXPERT
-	default y
+config LEGACY_VM86
+	bool "Legacy VM86 support (obsolete)"
+	default n
 	depends on X86_32
 	---help---
-	  This option is required by programs like DOSEMU to run
-	  16-bit real mode legacy code on x86 processors. It also may
-	  be needed by software like XFree86 to initialize some video
-	  cards via BIOS. Disabling this option saves about 6K.
+	  This option allows user programs to put the CPU into V8086
+	  mode, which is an 80286-era approximation of 16-bit real mode.
+
+	  Some very old versions of X and/or vbetool require this option
+	  for user mode setting.  Similarly, DOSEMU will use it if
+	  available to accelerate real mode DOS programs.  However, any
+	  recent version of DOSEMU, X, or vbetool should be fully
+	  functional even without kernel VM86 support, as they will all
+	  fall back to software emulation.
+
+	  Anything that works on a 64-bit kernel is unlikely to need
+	  this option, as 64-bit kernels don't, and can't, support V8086
+	  mode.  This option is also unrelated to 16-bit protected mode
+	  and is not needed to run most 16-bit programs under Wine.
+
+	  Enabling this option adds considerable attack surface to the
+	  kernel and slows down system calls and exception handling.
+
+	  Unless you use very old userspace or need the last drop of
+	  performance in your real mode DOS games and can't use KVM, say
+	  N here.
+
+config VM86
+       bool
+       default LEGACY_VM86
 
 config X86_16BIT
 	bool "Enable support for 16-bit segments" if EXPERT
-- 
2.4.3

Re: [PATCH v3] x86/kconfig/32: Rename CONFIG_VM86 and default it to n

[Arjan van de Ven]

On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is

for now we can at least express the NOHZ_FULL thing in KConfig space...

Re: [PATCH v3] x86/kconfig/32: Rename CONFIG_VM86 and default it to n

[Andy Lutomirski]

On Fri, Jul 10, 2015 at 8:39 AM, Arjan van de Ven <arjan@linux.intel.com> wrote:
> On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
>>
>> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
>
>
> for now we can at least express the NOHZ_FULL thing in KConfig space...
>

True.

OTOH, both Brian and I have patches to fix that, so it seems
unnecessary to make that change and then promptly undo it.

--Andy

-- 
Andy Lutomirski
AMA Capital Management, LLC

Re: [PATCH v3] x86/kconfig/32: Rename CONFIG_VM86 and default it to n

[Andy Lutomirski]

On Fri, Jul 10, 2015 at 8:43 AM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Fri, Jul 10, 2015 at 8:39 AM, Arjan van de Ven <arjan@linux.intel.com> wrote:
>> On 7/10/2015 8:34 AM, Andy Lutomirski wrote:
>>>
>>> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
>>
>>
>> for now we can at least express the NOHZ_FULL thing in KConfig space...
>>
>
> True.
>
> OTOH, both Brian and I have patches to fix that, so it seems
> unnecessary to make that change and then promptly undo it.

I should think before I type.  We don't support NOHZ_FULL on 32-bit in
the first place.  The bit about ptrace still stands, though.

--Andy

[tip:x86/asm] x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'

[tip-bot for Andy Lutomirski]

Commit-ID:  5aef51c340cb50ed9a3997dc5d782324372078bd
Gitweb:     http://git.kernel.org/tip/5aef51c340cb50ed9a3997dc5d782324372078bd
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Fri, 10 Jul 2015 08:34:23 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 21 Jul 2015 10:40:50 +0200

x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'

VM86 is entirely broken if ptrace, syscall auditing, or
NOHZ_FULL is in use.  The code is a big undocumented mess, it's
a real PITA to test, and it looks like a big chunk of vm86_32.c
is dead code.  It also plays awful games with the entry asm.

No one should be using it anyway. Use DOSBOX or KVM instead.

Let's accelerate its slow death.  Remove it from EXPERT and
default it to n.  Distros should not enable it.  In the unlikely
event that some user needs it, they can easily re-enable it.

While we're at it, rename it to CONFIG_X86_LEGACY_VM86 so that 'make
oldconfig' users will be prompted again.  I left CONFIG_VM86 as
an alias to avoid a treewide replacement of the names.  We can
clean that up once the current asm and vm86 code churn settles
down.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/d29c6cc442d32d4df58849d2f8c89fb39ff88d61.1436542295.git.luto@kernel.org
[ Refined it some more. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/Kconfig | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd0..2cb2211 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -996,15 +996,36 @@ config X86_THERMAL_VECTOR
 	def_bool y
 	depends on X86_MCE_INTEL
 
-config VM86
-	bool "Enable VM86 support" if EXPERT
-	default y
+config X86_LEGACY_VM86
+	bool "Legacy VM86 support (obsolete)"
+	default n
 	depends on X86_32
 	---help---
-	  This option is required by programs like DOSEMU to run
-	  16-bit real mode legacy code on x86 processors. It also may
-	  be needed by software like XFree86 to initialize some video
-	  cards via BIOS. Disabling this option saves about 6K.
+	  This option allows user programs to put the CPU into V8086
+	  mode, which is an 80286-era approximation of 16-bit real mode.
+
+	  Some very old versions of X and/or vbetool require this option
+	  for user mode setting.  Similarly, DOSEMU will use it if
+	  available to accelerate real mode DOS programs.  However, any
+	  recent version of DOSEMU, X, or vbetool should be fully
+	  functional even without kernel VM86 support, as they will all
+	  fall back to (pretty well performing) software emulation.
+
+	  Anything that works on a 64-bit kernel is unlikely to need
+	  this option, as 64-bit kernels don't, and can't, support V8086
+	  mode.  This option is also unrelated to 16-bit protected mode
+	  and is not needed to run most 16-bit programs under Wine.
+
+	  Enabling this option adds considerable attack surface to the
+	  kernel and slows down system calls and exception handling.
+
+	  Unless you use very old userspace or need the last drop of
+	  performance in your real mode DOS games and can't use KVM,
+	  say N here.
+
+config VM86
+       bool
+       default X86_LEGACY_VM86
 
 config X86_16BIT
 	bool "Enable support for 16-bit segments" if EXPERT