Re: Ubuntu 16.04 on i386 has VM86 disabled again

2016-06-11 Thread Andrew Bird 
Just a quick note to say, as of package 4.4.0-24-generic, Ubuntu Xenial(16.04) 
has the vm86 call enabled in its 32 bit kernel.

Thanks to all those that added heat to the bug report 
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1499089

-- 
Andrew Bird 
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

2016-04-26 Thread Stas Sergeev 

26.04.2016 13:09, Andrew Bird пишет:

The long term goal for the Kernel would be a new simplified vm86() call, but 
most likely this is not going to be backwardly compatible for existing apps to 
run unchanged.

This is not a problem: there are currently 2 vm86 syscalls:
vm86() and vm86old(). One can re-implement vm86old(),
leaving vm86() for compatibility with the current apps.


  A while ago I tested Bart's dosemu2 branch which implemented a kvm based 
mode. I found it to be almost identical for speed with vm86() on both floating 
point and integer based benchmarks on i386. If that can be made stable enough 
to use on i386 and x86_64, then I see no reason to implement a new vm86() 
purely for 32bit.

The problem is that kvm is unstable by itself:
https://lkml.org/lkml/2016/3/29/567
It reboots some old machines...
Also the way dosemu uses it, is a bit nasty and complex:
it sets up the full vm86 monitor in userspace. Bart initially tried
the clean implementation, but that required too much work
on both dosemu and kernel side, and may not be supported
on many CPUs. I still want to prepare dosemu for a clean
implementation, and make that optional. The branch "kvm"
is for that.


  Of course it's a question of developer resources, I for one am not capable of 
helping with either Kernel vm86() or to the stabilisation of kvm based dosemu, 
so I do what I can to preserve the ability to run with the old vm86() by 
pushing for runtime enablement in Ubuntu. I suspect this will only work for so 
long, and at some point it will be dropped. So I hope the kvm mode can be 
developed to the point where we no longer care about vm86() being available, as 
it's good enough to be the default and fast enough for those apps that need it.

Integrating kvm properly and cleanly, and fixing the kernel
to not reboot the older machines, is virtually an unlimited
amount of work, while re-implementing vm86() is a quite
small task. Of course if we accept enough of short-cuts,
then the proportions may change.
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

2016-04-26 Thread Stas Sergeev 

26.04.2016 12:17, Paul Crawford пишет:

On 25/04/16 13:52, Stas Sergeev wrote:

That was the "right" thing to do. Or at least justified and discussed.
If we want vm86(), we need to re-implement it properly.
I have a word from top linux devs (including Linus himself)
that properly implemented vm86() will stay enabled.


This may seem like a strange question, but what is actually wrong with 
the current/past vm86() support?

The problems started to happen when vm86() was completely
broken for too long and no one have complained. So the kernel
devs decided to simply disable it, instead of fixing, assuming no
one uses it:
http://marc.info/?l=linux-kernel=143654248415764

Only then Andrew Bird have noticed that and raised
an issue. After a lot of pestering, I convinced them to actually fix it:
https://lkml.org/lkml/2015/10/31/7
but, since I am using the 64bit environment, I had the hard times
to even test the fix. So they left it disabled until someone can
provide a very simple, easy to audit implementation. This is not
difficult at all, BUT, this will require installing the 32bit OS somewhere,
a lot of time-wasting. :)

I was under the impression that for 32-bit CPU operation it was simply 
a call to the corresponding x86 instructions, so don't see what would 
be "wrong" 

You can see its sources and judge for yourself.
There are few problems. Firstly, it emulates VME in software
because of some horrible hacks that former dosemu developers
have pushed into kernel (grep for BIOSSEG in vm86_32.c).
Secondly it implements the horrible and completely unrelated
interfaces, also pushed by some dosemu devs in the darkest
past (VM86_REQUEST_IRQ and friends).
So while I was fighting the decision of disabling it, I'd be doing
the same thing if I were them. :)

with that beyond the obvious aspect that it can be abused by malware 
(much like anything else really) hence the idea of having it 
configurable at run-time so it defaults to being off but is only a 
(root) text edit away from being enabled for us who want it for odd 
cases like dosemu.

If it is properly implemented, then yes. And I have that "yes"
from Linus and Ingo personally.
But the current implementation does not deserve even the
run-time disabling. It should be completely compiled out,
unfortunately.
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

2016-04-26 Thread Andrew Bird 
On Tue, 26 Apr 2016 10:17:43 +0100
Paul Crawford  wrote:

> On 25/04/16 13:52, Stas Sergeev wrote:
> > That was the "right" thing to do. Or at least justified and discussed.
> > If we want vm86(), we need to re-implement it properly.
> > I have a word from top linux devs (including Linus himself)
> > that properly implemented vm86() will stay enabled.
> 
> This may seem like a strange question, but what is actually wrong with 
> the current/past vm86() support?
Well I believe the current kernel devs don't really understand the code well 
enough to say it's security risk free and would rather disable it by default 
unless somebody were to rewrite or fully audit it. There is an assumption that 
there are very few users of it and so it was almost killed off completely. Only 
Linus' assertion that "we shouldn't break userspace for existing apps" saved 
it. There is now the switch to runtime enable it, but still the vanilla kconfig 
default is not to compile it in at all. So it is up to the distros to decide 
for themselves if the usefulness for programs like Dosemu outweighs the 
perceived security risk, and allow it to be compiled in.

The long term goal for the Kernel would be a new simplified vm86() call, but 
most likely this is not going to be backwardly compatible for existing apps to 
run unchanged. A while ago I tested Bart's dosemu2 branch which implemented a 
kvm based mode. I found it to be almost identical for speed with vm86() on both 
floating point and integer based benchmarks on i386. If that can be made stable 
enough to use on i386 and x86_64, then I see no reason to implement a new 
vm86() purely for 32bit. Of course it's a question of developer resources, I 
for one am not capable of helping with either Kernel vm86() or to the 
stabilisation of kvm based dosemu, so I do what I can to preserve the ability 
to run with the old vm86() by pushing for runtime enablement in Ubuntu. I 
suspect this will only work for so long, and at some point it will be dropped. 
So I hope the kvm mode can be developed to the point where we no longer care 
about vm86() being available, as it's good enough to be the default and fas
 t enough for those apps that need it.

> 
> I was under the impression that for 32-bit CPU operation it was simply a 
> call to the corresponding x86 instructions, so don't see what would be 
> "wrong" with that beyond the obvious aspect that it can be abused by 
> malware (much like anything else really) hence the idea of having it 
> configurable at run-time so it defaults to being off but is only a 
> (root) text edit away from being enabled for us who want it for odd 
> cases like dosemu.
> 
> Of course 64-bit is more of a problem...
> 
> Regards,
> Paul


-- 
Andrew Bird 
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Ubuntu 16.04 on i386 has VM86 disabled again

2016-04-25 Thread Stas Sergeev 

25.04.2016 15:16, Andrew Bird пишет:

Hi all,
Just a quick note to let people know that if you upgrade your i386 
Ubuntu to 16.04 LTS release, you'll find that you are only using cpu emulation 
again. I naively thought that fixing the problem for Wily HWE kernel would 
automatically mean that Xenial would come out with the fix. If this slow 
operation affects you, and you'd like it fixed, please visit the launchpad bug 
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1574602 and indicate that 
it affects you and its importance.

That was the "right" thing to do. Or at least justified and discussed.
If we want vm86(), we need to re-implement it properly.
I have a word from top linux devs (including Linus himself)
that properly implemented vm86() will stay enabled.
Or the one can use kvm, which can already be enabled
in dosemu config.
Currently there are no resources for either re-implementing
vm86() or fixing kvm support to the state when it can be
enabled by default. But feel free to contribute. :)
--
To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html