lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230607072936.3766231-1-nik.borisov@suse.com>
Date:   Wed,  7 Jun 2023 10:29:33 +0300
From:   Nikolay Borisov <nik.borisov@...e.com>
To:     x86@...nel.org
Cc:     linux-kernel@...r.kernel.org, mhocko@...e.com, jslaby@...e.cz,
        Nikolay Borisov <nik.borisov@...e.com>
Subject: [RFC PATCH 0/3] Add ability to disable ia32 at boot time

We at SUSE would like to have the ability to disable IA32 compat layer and to
give users the ability to override this decision. The motivation behind this is
the fact that the compat layer is not as thoroughly tested/exercised as the native
64bit one. At the same time there are environments where 32bit is still in use
and we'd like to cater to those as well.

As a first step this patchset introduces the 'ia32_disabled' boot time parameter
which breaks 32bit support. This is achieved mainly by setting the user32 cs in the
GDT as not present (P bit set to 0) and making the int 0x80 call gate also not
present. It also re-uses the existing code which makes sysenter defunct when
IA32_EMULATION is not selected. Finally, it also ensures that 32bit processes
can't be loaded by the compat elf loader.

I'm sending now to solicit opinions whether this is an acceptable solution, in the
future likely the mechanism for enabling this would be changed. I.e instead of a
boot time parameter to disable I think we'd ideally introduce a new Kconfig option
which in the distro case might default to "ia32_disabled" whilst the upstream would
retain the current behavior. But before getting into this discussion I'd like to
get confirmation that what I'm doing w.r.t to x86 architecture is not completely
bogus.

Nikolay Borisov (3):
  x86: Introduce ia32_disabled boot parameter
  x86/entry: Disable IA32 syscalls in the presence of ia32_disabled
  x86: Disable running 32bit processes if ia32_disabled is passed

 arch/x86/entry/common.c      | 12 ++++++++++++
 arch/x86/entry/entry_64.S    |  2 --
 arch/x86/include/asm/desc.h  |  5 +++++
 arch/x86/include/asm/elf.h   |  5 +++--
 arch/x86/include/asm/traps.h |  4 ++++
 arch/x86/kernel/cpu/common.c | 37 +++++++++++++++++++++++++-----------
 6 files changed, 50 insertions(+), 15 deletions(-)

--
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ