Re: Ubuntu 16.04 on i386 has VM86 disabled again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 26 Apr 2016 10:17:43 +0100
Paul Crawford <psc@xxxxxxxxxxxxxxxx> wrote:

> On 25/04/16 13:52, Stas Sergeev wrote:
> > That was the "right" thing to do. Or at least justified and discussed.
> > If we want vm86(), we need to re-implement it properly.
> > I have a word from top linux devs (including Linus himself)
> > that properly implemented vm86() will stay enabled.
> 
> This may seem like a strange question, but what is actually wrong with 
> the current/past vm86() support?
Well I believe the current kernel devs don't really understand the code well enough to say it's security risk free and would rather disable it by default unless somebody were to rewrite or fully audit it. There is an assumption that there are very few users of it and so it was almost killed off completely. Only Linus' assertion that "we shouldn't break userspace for existing apps" saved it. There is now the switch to runtime enable it, but still the vanilla kconfig default is not to compile it in at all. So it is up to the distros to decide for themselves if the usefulness for programs like Dosemu outweighs the perceived security risk, and allow it to be compiled in.

The long term goal for the Kernel would be a new simplified vm86() call, but most likely this is not going to be backwardly compatible for existing apps to run unchanged. A while ago I tested Bart's dosemu2 branch which implemented a kvm based mode. I found it to be almost identical for speed with vm86() on both floating point and integer based benchmarks on i386. If that can be made stable enough to use on i386 and x86_64, then I see no reason to implement a new vm86() purely for 32bit. Of course it's a question of developer resources, I for one am not capable of helping with either Kernel vm86() or to the stabilisation of kvm based dosemu, so I do what I can to preserve the ability to run with the old vm86() by pushing for runtime enablement in Ubuntu. I suspect this will only work for so long, and at some point it will be dropped. So I hope the kvm mode can be developed to the point where we no longer care about vm86() being available, as it's good enough to be the default and fast enough for those apps that need it.

> 
> I was under the impression that for 32-bit CPU operation it was simply a 
> call to the corresponding x86 instructions, so don't see what would be 
> "wrong" with that beyond the obvious aspect that it can be abused by 
> malware (much like anything else really) hence the idea of having it 
> configurable at run-time so it defaults to being off but is only a 
> (root) text edit away from being enabled for us who want it for odd 
> cases like dosemu.
> 
> Of course 64-bit is more of a problem...
> 
> Regards,
> Paul


-- 
Andrew Bird <ajb@xxxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Console]     [Linux Audio]     [Linux for Hams]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite Camping]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Samba]     [Linux Media]     [Fedora Users]

  Powered by Linux