lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <84f28ab5-f812-71a0-14b8-8a2108d1f572@suse.com>
Date:   Wed, 21 Jun 2023 22:02:58 +0300
From:   Nikolay Borisov <nik.borisov@...e.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, mhocko@...e.com,
        jslaby@...e.cz
Subject: Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable



On 21.06.23 г. 21:27 ч., Borislav Petkov wrote:
> On Fri, Jun 16, 2023 at 03:57:26PM +0300, Nikolay Borisov wrote:
>> Distributions would like to reduce their attack surface as much as
>> possible but at the same time they'd want to retain flexibility to cater
>> to a variety of legacy software. One such avenue where a balance has to
>> be struck is in supporting 32bit syscalls/processes on 64bit kernels. Ideally
>> it should be possible for the distribution to set their own policy and
>> give users the ability to override those policies as appropriate.
>>
>> In order to support this usecase, introduce
>> CONFIG_IA32_EMULATION_DEFAULT_DISABLED compile time option, which
>> controls whether 32bit processes/syscalls should be allowed or not. This
>> allows distributions to set their preferred default behavior in their
>> kernel configs.
>>
>> On the other hand, in order to allow users to override the distro's
>> policy, introduce the 'ia32_mode' parameter which allows overriding
>> CONFIG_IA32_EMULATION_DEFAULT_DISABLED state at boot time.
>>
>> Signed-off-by: Nikolay Borisov <nik.borisov@...e.com>
>> ---
>>   Documentation/admin-guide/kernel-parameters.txt |  5 +++++
>>   arch/x86/Kconfig                                |  9 +++++++++
>>   arch/x86/entry/common.c                         | 16 ++++++++++++++++
>>   arch/x86/include/asm/ia32.h                     | 16 +++++++++++++++-
>>   4 files changed, 45 insertions(+), 1 deletion(-)
>>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index 9e5bab29685f..59b1e86ecd9d 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -1865,6 +1865,11 @@
>>   			 0 -- machine default
>>   			 1 -- force brightness inversion
>>   
>> +	ia32_mode=		[X86-64]
>> +			Format: ia32_mode=disabled, ia32_mode=enabled
> 
> ia32_mode=(on|off)

In the next version I called this ia32_emulation=on|off seems more 
descriptive.
> 
> is less typing. Especially if you're standing somewhere in a server room
> and trying to type on some weird keyboard which always has the wrong
> layout.
> 
> :-)
> 
>> +			Allows overriding the compile-time state of
>> +			IA32_EMULATION_DEFAULT_DISABLED at boot time
> 
> Just say what "=on" and "=off" does here - loading of 32-bit programs
> and 32-bit syscalls is enabled/disabled.

ack
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ