[PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN

From: Andy Lutomirski
Date: Tue Jul 07 2015 - 21:26:20 EST

Next message: Sreenath Madasu: "[PATCH] STAGING SUBSYSTEM rtl8188eu driver : Fixed 80 character length warning in rtw_ap.c"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2] power_supply: rt9455_charger: Properly notify userspace about charging events"
Next in thread: Arjan van de Ven: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
in use. The code is a big undocumented mess, it's a real PITA to
test, and it looks like a big chunk of vm86_32.c is dead code. It
also plays awful games with the entry asm.

No one should be using it anyway. Use DOSBOX or KVM instead.

Mark it BROKEN. I want to remove some (obviously incorrect) exit
asm that it depends on, and I don't want to figure out how to run
severely obsolete programs just to test something that no one uses
for anything other than exploits anyway.

Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
---

I find it implausible that vm86_32.c isn't full or root holes. It's
also full of hilariously ugly code, it does terrible things to the
kernel stack, and its interaction with the syscall slowpath is
blatantly incorrect.

It really shouldn't have any users, anyway. It doesn't (and can't!)
work on 64-bit kernels, and the only program that even knows how it
works appears to be DOSEMU. DOSEMU doesn't even need it for most
programs (it uses modify_ldt instead if possible), and DOSBOX and
KVM are better choices anyway.

I think that even DOSEMU might be able to emulate vm86 (by emulating
instruction-by-instruction) if the vm86 syscall isn't there.

Want to be terrified? Read copy_vm86_regs_from_user. Or
mark_screen_rdonly. Or return_to_32bit. Or VM86_REQUEST_IRQ.

What do you all think? This code is a maintenance disaster, and I'd
love to see it go. This would be a nice first step.

This patch is intended for tip/x86/asm. The 32-bit part of my big
cleanup will interfere with vm86, and, while I think I fixed it up
right, I'd rather not expose everyone to the high probability of
crazy security bugs in this mess.

arch/x86/Kconfig | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd014fa2..080228bdbcda 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -997,8 +997,8 @@ config X86_THERMAL_VECTOR
depends on X86_MCE_INTEL

config VM86
- bool "Enable VM86 support" if EXPERT
- default y
+ bool "Enable VM86 support" if BROKEN
+ default n
depends on X86_32
---help---
This option is required by programs like DOSEMU to run
@@ -1006,6 +1006,12 @@ config VM86
be needed by software like XFree86 to initialize some video
cards via BIOS. Disabling this option saves about 6K.

+ Linux's vm86 support is poorly maintained, essentially never
+ tested by upstream kernel developers, has quite a few known
+ bugs, and is probably full of security holes. The only thing
+ that appears to use it is DOSEMU, and DOSBOX and KVM are
+ better options these days. Don't enable it.
+
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
default y
--
2.4.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sreenath Madasu: "[PATCH] STAGING SUBSYSTEM rtl8188eu driver : Fixed 80 character length warning in rtw_ap.c"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2] power_supply: rt9455_charger: Properly notify userspace about charging events"
Next in thread: Arjan van de Ven: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]