x86/ldt: Make modify_ldt() optional

config X86_16BIT

config X86_16BIT

	bool "Enable support for 16-bit segments" if EXPERT

	bool "Enable support for 16-bit segments" if EXPERT

	default y

	default y

	depends on MODIFY_LDT_SYSCALL

	---help---

	---help---

	  This option is required by programs like Wine to run 16-bit

	  This option is required by programs like Wine to run 16-bit

	  protected mode legacy code on x86 processors.  Disabling

	  protected mode legacy code on x86 processors.  Disabling

config MATH_EMULATION

config MATH_EMULATION

	bool

	bool

	depends on MODIFY_LDT_SYSCALL

	prompt "Math emulation" if X86_32

	prompt "Math emulation" if X86_32

	---help---

	---help---

	  Linux can emulate a math coprocessor (used for floating point

	  Linux can emulate a math coprocessor (used for floating point

	  This is used to work around broken boot loaders.  This should

	  This is used to work around broken boot loaders.  This should

	  be set to 'N' under normal conditions.

	  be set to 'N' under normal conditions.

config MODIFY_LDT_SYSCALL

	bool "Enable the LDT (local descriptor table)" if EXPERT

	default y

	---help---

	  Linux can allow user programs to install a per-process x86

	  Local Descriptor Table (LDT) using the modify_ldt(2) system

	  call.  This is required to run 16-bit or segmented code such as

	  DOSEMU or some Wine programs.  It is also used by some very old

	  threading libraries.

	  Enabling this feature adds a small amount of overhead to

	  context switches and increases the low-level kernel attack

	  surface.  Disabling it removes the modify_ldt(2) system call.

	  Saying 'N' here may make sense for embedded or server kernels.

source "kernel/livepatch/Kconfig"

source "kernel/livepatch/Kconfig"

endmenu

endmenu

 * we put the segment information here.

 * we put the segment information here.

 */

 */

typedef struct {

typedef struct {

#ifdef CONFIG_MODIFY_LDT_SYSCALL

	struct ldt_struct *ldt;

	struct ldt_struct *ldt;

#endif

#ifdef CONFIG_X86_64

#ifdef CONFIG_X86_64

	/* True if mm supports a task running in 32 bit compatibility mode. */

	/* True if mm supports a task running in 32 bit compatibility mode. */

static inline void load_mm_cr4(struct mm_struct *mm) {}

static inline void load_mm_cr4(struct mm_struct *mm) {}

#endif

#endif

#ifdef CONFIG_MODIFY_LDT_SYSCALL

/*

/*

 * ldt_structs can be allocated, used, and freed, but they are never

 * ldt_structs can be allocated, used, and freed, but they are never

 * modified while live.

 * modified while live.

	int size;

	int size;

};

};

/*

 * Used for LDT copy/destruction.

 */

int init_new_context(struct task_struct *tsk, struct mm_struct *mm);

void destroy_context(struct mm_struct *mm);

#else	/* CONFIG_MODIFY_LDT_SYSCALL */

static inline int init_new_context(struct task_struct *tsk,

				   struct mm_struct *mm)

{

	return 0;

}

static inline void destroy_context(struct mm_struct *mm) {}

#endif

static inline void load_mm_ldt(struct mm_struct *mm)

static inline void load_mm_ldt(struct mm_struct *mm)

{

{

#ifdef CONFIG_MODIFY_LDT_SYSCALL

	struct ldt_struct *ldt;

	struct ldt_struct *ldt;

	/* lockless_dereference synchronizes with smp_store_release */

	/* lockless_dereference synchronizes with smp_store_release */

		set_ldt(ldt->entries, ldt->size);

		set_ldt(ldt->entries, ldt->size);

	else

	else

		clear_LDT();

		clear_LDT();

#else

	clear_LDT();

#endif

	DEBUG_LOCKS_WARN_ON(preemptible());

	DEBUG_LOCKS_WARN_ON(preemptible());

}

}

/*

 * Used for LDT copy/destruction.

 */

int init_new_context(struct task_struct *tsk, struct mm_struct *mm);

void destroy_context(struct mm_struct *mm);

static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)

static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)

{

{

#ifdef CONFIG_SMP

#ifdef CONFIG_SMP

		/* Load per-mm CR4 state */

		/* Load per-mm CR4 state */

		load_mm_cr4(next);

		load_mm_cr4(next);

#ifdef CONFIG_MODIFY_LDT_SYSCALL

		/*

		/*

		 * Load the LDT, if the LDT is different.

		 * Load the LDT, if the LDT is different.

		 *

		 *

		 */

		 */

		if (unlikely(prev->context.ldt != next->context.ldt))

		if (unlikely(prev->context.ldt != next->context.ldt))

			load_mm_ldt(next);

			load_mm_ldt(next);

#endif

	}

	}

#ifdef CONFIG_SMP

#ifdef CONFIG_SMP

	  else {

	  else {

obj-y			:= process_$(BITS).o signal.o

obj-y			:= process_$(BITS).o signal.o

obj-$(CONFIG_COMPAT)	+= signal_compat.o

obj-$(CONFIG_COMPAT)	+= signal_compat.o

obj-y			+= traps.o irq.o irq_$(BITS).o dumpstack_$(BITS).o

obj-y			+= traps.o irq.o irq_$(BITS).o dumpstack_$(BITS).o

obj-y			+= time.o ioport.o ldt.o dumpstack.o nmi.o

obj-y			+= time.o ioport.o dumpstack.o nmi.o

obj-$(CONFIG_MODIFY_LDT_SYSCALL)	+= ldt.o

obj-y			+= setup.o x86_init.o i8259.o irqinit.o jump_label.o

obj-y			+= setup.o x86_init.o i8259.o irqinit.o jump_label.o

obj-$(CONFIG_IRQ_WORK)  += irq_work.o

obj-$(CONFIG_IRQ_WORK)  += irq_work.o

obj-y			+= probe_roms.o

obj-y			+= probe_roms.o

	int idx = segment >> 3;

	int idx = segment >> 3;

	if ((segment & SEGMENT_TI_MASK) == SEGMENT_LDT) {

	if ((segment & SEGMENT_TI_MASK) == SEGMENT_LDT) {

#ifdef CONFIG_MODIFY_LDT_SYSCALL

		struct ldt_struct *ldt;

		struct ldt_struct *ldt;

		if (idx > LDT_ENTRIES)

		if (idx > LDT_ENTRIES)

			return 0;

			return 0;

		desc = &ldt->entries[idx];

		desc = &ldt->entries[idx];

#else

		return 0;

#endif

	} else {

	} else {

		if (idx > GDT_ENTRIES)

		if (idx > GDT_ENTRIES)

			return 0;

			return 0;