Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable

From: Borislav Petkov
Date: Wed Jun 21 2023 - 14:29:06 EST

Next message: syzbot: "[syzbot] [batman?] WARNING in batadv_dat_free (2)"
Previous message: Haiyang Zhang: "RE: [PATCH] net: mana: Fix MANA VF unload when host is unresponsive"
In reply to: Randy Dunlap: "Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable"
Next in thread: Nikolay Borisov: "Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 16, 2023 at 03:57:26PM +0300, Nikolay Borisov wrote:
> Distributions would like to reduce their attack surface as much as
> possible but at the same time they'd want to retain flexibility to cater
> to a variety of legacy software. One such avenue where a balance has to
> be struck is in supporting 32bit syscalls/processes on 64bit kernels. Ideally
> it should be possible for the distribution to set their own policy and
> give users the ability to override those policies as appropriate.
>
> In order to support this usecase, introduce
> CONFIG_IA32_EMULATION_DEFAULT_DISABLED compile time option, which
> controls whether 32bit processes/syscalls should be allowed or not. This
> allows distributions to set their preferred default behavior in their
> kernel configs.
>
> On the other hand, in order to allow users to override the distro's
> policy, introduce the 'ia32_mode' parameter which allows overriding
> CONFIG_IA32_EMULATION_DEFAULT_DISABLED state at boot time.
>
> Signed-off-by: Nikolay Borisov <nik.borisov@xxxxxxxx>
> ---
> Documentation/admin-guide/kernel-parameters.txt | 5 +++++
> arch/x86/Kconfig | 9 +++++++++
> arch/x86/entry/common.c | 16 ++++++++++++++++
> arch/x86/include/asm/ia32.h | 16 +++++++++++++++-
> 4 files changed, 45 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9e5bab29685f..59b1e86ecd9d 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1865,6 +1865,11 @@
> 0 -- machine default
> 1 -- force brightness inversion
>
> + ia32_mode= [X86-64]
> + Format: ia32_mode=disabled, ia32_mode=enabled

ia32_mode=(on|off)

is less typing. Especially if you're standing somewhere in a server room
and trying to type on some weird keyboard which always has the wrong
layout.

:-)

> + Allows overriding the compile-time state of
> + IA32_EMULATION_DEFAULT_DISABLED at boot time

Just say what "=on" and "=off" does here - loading of 32-bit programs
and 32-bit syscalls is enabled/disabled.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: syzbot: "[syzbot] [batman?] WARNING in batadv_dat_free (2)"
Previous message: Haiyang Zhang: "RE: [PATCH] net: mana: Fix MANA VF unload when host is unresponsive"
In reply to: Randy Dunlap: "Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable"
Next in thread: Nikolay Borisov: "Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]