Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN

From: Brian Gerst
Date: Wed Jul 08 2015 - 11:32:10 EST

Next message: Vladimir Davydov: "Re: [PATCH 1/8] memcg: export struct mem_cgroup"
Previous message: Marc Zyngier: "Re: [PATCH v3 1/3] IRQ/Gic-V3: Add mbigen driver to support mbigen interrupt controller"
In reply to: Linus Torvalds: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Next in thread: Linus Torvalds: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 7, 2015 at 9:25 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> VM86 is entirely broken if ptrace, syscall auditing, or NOHZ_FULL is
> in use. The code is a big undocumented mess, it's a real PITA to
> test, and it looks like a big chunk of vm86_32.c is dead code. It
> also plays awful games with the entry asm.
>
> No one should be using it anyway. Use DOSBOX or KVM instead.
>
> Mark it BROKEN. I want to remove some (obviously incorrect) exit
> asm that it depends on, and I don't want to figure out how to run
> severely obsolete programs just to test something that no one uses
> for anything other than exploits anyway.
>
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
> ---
>
> I find it implausible that vm86_32.c isn't full or root holes. It's
> also full of hilariously ugly code, it does terrible things to the
> kernel stack, and its interaction with the syscall slowpath is
> blatantly incorrect.
>
> It really shouldn't have any users, anyway. It doesn't (and can't!)
> work on 64-bit kernels, and the only program that even knows how it
> works appears to be DOSEMU. DOSEMU doesn't even need it for most
> programs (it uses modify_ldt instead if possible), and DOSBOX and
> KVM are better choices anyway.
>
> I think that even DOSEMU might be able to emulate vm86 (by emulating
> instruction-by-instruction) if the vm86 syscall isn't there.
>
> Want to be terrified? Read copy_vm86_regs_from_user. Or
> mark_screen_rdonly. Or return_to_32bit. Or VM86_REQUEST_IRQ.
>
> What do you all think? This code is a maintenance disaster, and I'd
> love to see it go. This would be a nice first step.
>
> This patch is intended for tip/x86/asm. The 32-bit part of my big
> cleanup will interfere with vm86, and, while I think I fixed it up
> right, I'd rather not expose everyone to the high probability of
> crazy security bugs in this mess.

I have been working on some patches to fix the ugly hacks vm86 uses
and make it more easily maintainable. The general idea is to make it
use the regular pt_regs area and save the 32-bit regs and other data
off-stack. That would allow a normal kernel exit route instead of
jumping directly into the exit asm code. It should also allow ptrace
to work with a few tweaks.

One other place to check for usage is Wine. I recall there being some
DOS compatibility stuff in there.

--
Brian Gerst
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vladimir Davydov: "Re: [PATCH 1/8] memcg: export struct mem_cgroup"
Previous message: Marc Zyngier: "Re: [PATCH v3 1/3] IRQ/Gic-V3: Add mbigen driver to support mbigen interrupt controller"
In reply to: Linus Torvalds: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Next in thread: Linus Torvalds: "Re: [PATCH] x86/kconfig/32: Mark CONFIG_VM86 as BROKEN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]