Wily [PATCH 00/22]- Please enable kconfig X86_LEGACY_VM86 for i386

Stefan Bader stefan.bader at canonical.com
Tue Oct 6 14:08:30 UTC 2015 

On 05.10.2015 16:05, tim.gardner at canonical.com wrote:
> BugLink: http://bugs.launchpad.net/bugs/1499089
> 
> There are some folks that would really like to see a non-emulated VM86 mode. As far
> as I can tell, upstream believes VM86 security vulnerabilties have been mitigated by
> commit 76fc5e7b2355af167dea1a32e93c57fc37900a5b ('x86/vm86: Block non-root vm86(old)
> if mmap_min_addr != 0'). Following is a patch set leading up to that point. Not all
> are strictly required, some are just scaffolding. Including them should make any
> future stable updates simpler.
> 
> Please have a look to make sure this patch set isn't reopening VM86 security holes. Otherwise
> I plan to apply this before kernel freeze on Thursday Oct 8.

Somehow I struggle to make a guess about the impact of this set. Some changes
look simple and straight forward enough but for other changes its hard to make a
call. Even if those only claim to move stuff around. Hopefully this only would
impact i386.
I guess the LDT parts are part of the "not strictly needed" set. As far as I can
tell this keeps being enabled amd64 and i386.
If the Wily kernel would not also become a HWE kernel for Trusty I would feel a
bit happier to say "why not". But maybe that argument can be used the other way
round and better get some exposure before it would happen with the next LTS release.

So a bit of a weak-ack...

-Stefan
> 
> rtg
> ---------------------------
> The following changes since commit 6550d7a9da9d53642233988d5da13faf1659f146:
> 
>   UBUNTU: SAUCE: (noup) cxlflash: Fix to escalate to LINK_RESET on login timeout (2015-10-05 06:27:05 -0600)
> 
> are available in the git repository at:
> 
>   git://kernel.ubuntu.com/rtg/ubuntu-wily.git vm86-lp1499089
> 
> for you to fetch changes up to 08c6dbee0c1f4b0d682c7c6e708457b247869498:
> 
>   x86/vm86: Fix the misleading CONFIG_VM86 Kconfig help text (2015-10-05 07:48:13 -0600)
> 
> ----------------------------------------------------------------
> Andy Lutomirski (5):
>       x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'
>       x86/ldt: Make modify_ldt() optional
>       x86/selftests, x86/vm86: Improve entry_from_vm86 selftest
>       selftests/x86/vm86: Fix entry_from_vm86 test on 64-bit kernels
>       x86/vm86: Block non-root vm86(old) if mmap_min_addr != 0
> 
> Brian Gerst (13):
>       x86/compat: Define ARCH_WANT_OLD_COMPAT_IPC only for 32-bit compat
>       x86/compat: Clean up HAVE_UID16 config
>       x86/compat: Separate ia32 and x32 compat ABIs
>       x86/entry/vm86: Clean up saved_fs/gs
>       x86/entry/vm86: Preserve 'orig_ax'
>       x86/entry/vm86: Move userspace accesses to do_sys_vm86()
>       x86/vm86: Move vm86 fields out of 'thread_struct'
>       x86/vm86: Move fields from 'struct kernel_vm86_struct' to 'struct vm86'
>       x86/vm86: Eliminate 'struct kernel_vm86_struct'
>       x86/vm86: Use the normal pt_regs area for vm86
>       x86/vm86: Clean up vm86.h includes
>       x86/vm86: Rename vm86->vm86_info to user_vm86
>       x86/vm86: Rename vm86->v86flags and v86mask
> 
> Ingo Molnar (2):
>       x86/vm86: Move the vm86 IRQ definitions to vm86.h
>       x86/vm86: Fix the misleading CONFIG_VM86 Kconfig help text
> 
> Tim Gardner (2):
>       UBUNTU: [Config] CONFIG_X86_LEGACY_VM86=y, CONFIG_VM86=y for i386
>       UBUNTU: [Config] CONFIG_MODIFY_LDT_SYSCALL=y
> 
>  arch/x86/Kconfig                               |  61 +++++++++---
>  arch/x86/entry/entry_32.S                      |  24 +----
>  arch/x86/include/asm/irq_vectors.h             |  10 --
>  arch/x86/include/asm/math_emu.h                |   6 +-
>  arch/x86/include/asm/mmu.h                     |   2 +
>  arch/x86/include/asm/mmu_context.h             |  28 ++++--
>  arch/x86/include/asm/processor.h               |  13 +--
>  arch/x86/include/asm/syscalls.h                |   1 +
>  arch/x86/include/asm/thread_info.h             |  11 ++-
>  arch/x86/include/asm/vm86.h                    |  57 ++++++-----
>  arch/x86/kernel/Makefile                       |   3 +-
>  arch/x86/kernel/cpu/perf_event.c               |   4 +
>  arch/x86/kernel/process.c                      |   3 +
>  arch/x86/kernel/process_32.c                   |   1 +
>  arch/x86/kernel/process_64.c                   |   2 +
>  arch/x86/kernel/signal.c                       |   4 +
>  arch/x86/kernel/step.c                         |   2 +
>  arch/x86/kernel/traps.c                        |   1 +
>  arch/x86/kernel/vm86_32.c                      | 400 ++++++++++++++++++++++++++++++++++++++++------------------------------------
>  arch/x86/math-emu/get_address.c                |   2 +
>  arch/x86/mm/fault.c                            |   7 +-
>  debian.master/config/amd64/config.common.amd64 |   1 +
>  debian.master/config/config.common.ubuntu      |   3 +-
>  debian.master/config/i386/config.common.i386   |   1 +
>  drivers/scsi/dpt_i2o.c                         |   3 +
>  kernel/sys_ni.c                                |   1 +
>  tools/testing/selftests/x86/entry_from_vm86.c  | 144 +++++++++++++++++++++++++---
>  27 files changed, 495 insertions(+), 300 deletions(-)
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20151006/61003ff5/attachment.sig>

More information about the kernel-team mailing list