[tip:x86/asm] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN

From: tip-bot for Andy Lutomirski
Date: Wed Jul 08 2015 - 05:46:48 EST

Next message: Richard Weinberger: "[PATCH] ubifs: Kill unneeded locking in ubifs_init_security"
Previous message: Ivan T. Ivanov: "[PATCH] usb: phy: msm: Add D+/D- lines route control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit-ID: 0b02e20767a3b4d843d2c58cf031d9e31f60e39d
Gitweb: http://git.kernel.org/tip/0b02e20767a3b4d843d2c58cf031d9e31f60e39d
Author: Andy Lutomirski <luto@xxxxxxxxxx>
AuthorDate: Tue, 7 Jul 2015 18:25:56 -0700
Committer: Ingo Molnar <mingo@xxxxxxxxxx>
CommitDate: Wed, 8 Jul 2015 11:04:45 +0200

x86/kconfig/32: Mark CONFIG_VM86 as BROKEN

VM86 is entirely broken if ptrace, syscall auditing, or
NOHZ_FULL is in use. The code is a big undocumented mess, it's
a real PITA to test, and it looks like a big chunk of vm86_32.c
is dead code. It also plays awful games with the entry asm.

No one should be using it anyway. Use DOSBOX or KVM instead.

Mark it BROKEN. I want to remove some (obviously incorrect)
exit asm that it depends on, and I don't want to figure out how
to run severely obsolete programs just to test something that no
one uses for anything other than exploits anyway.

Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # Backport it as far back as possible
Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Brian Gerst <brgerst@xxxxxxxxx>
Cc: Denys Vlasenko <dvlasenk@xxxxxxxxxx>
Cc: H. Peter Anvin <hpa@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Link: http://lkml.kernel.org/r/23d4709cee2fe92c32d41b99c7a3c1823725925a.1436312944.git.luto@xxxxxxxxxx
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
---
arch/x86/Kconfig | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa94fd0..a7648f9b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -997,8 +997,8 @@ config X86_THERMAL_VECTOR
depends on X86_MCE_INTEL

config VM86
- bool "Enable VM86 support" if EXPERT
- default y
+ bool "Enable VM86 support" if BROKEN
+ default n
depends on X86_32
---help---
This option is required by programs like DOSEMU to run
@@ -1006,6 +1006,12 @@ config VM86
be needed by software like XFree86 to initialize some video
cards via BIOS. Disabling this option saves about 6K.

+ Linux's VM86 support is poorly maintained, essentially never
+ tested by upstream kernel developers, has quite a few known
+ bugs, and is probably full of security holes. The only thing
+ that appears to use it is DOSEMU, and DOSBOX and KVM are
+ better options these days. Don't enable it.
+
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
default y
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Weinberger: "[PATCH] ubifs: Kill unneeded locking in ubifs_init_security"
Previous message: Ivan T. Ivanov: "[PATCH] usb: phy: msm: Add D+/D- lines route control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]