x86/ldt: Make modify_ldt() optional

config X86_16BIT

	bool "Enable support for 16-bit segments" if EXPERT

	default y

	depends on MODIFY_LDT_SYSCALL

	---help---

	  This option is required by programs like Wine to run 16-bit

	  protected mode legacy code on x86 processors.  Disabling

config MATH_EMULATION

	bool

	depends on MODIFY_LDT_SYSCALL

	prompt "Math emulation" if X86_32

	---help---

	  Linux can emulate a math coprocessor (used for floating point

	  This is used to work around broken boot loaders.  This should

	  be set to 'N' under normal conditions.

config MODIFY_LDT_SYSCALL

	bool "Enable the LDT (local descriptor table)" if EXPERT

	default y

	---help---

	  Linux can allow user programs to install a per-process x86

	  Local Descriptor Table (LDT) using the modify_ldt(2) system

	  call.  This is required to run 16-bit or segmented code such as

	  DOSEMU or some Wine programs.  It is also used by some very old

	  threading libraries.

	  Enabling this feature adds a small amount of overhead to

	  context switches and increases the low-level kernel attack

	  surface.  Disabling it removes the modify_ldt(2) system call.

	  Saying 'N' here may make sense for embedded or server kernels.

source "kernel/livepatch/Kconfig"

endmenu

 * we put the segment information here.

 */

typedef struct {

#ifdef CONFIG_MODIFY_LDT_SYSCALL

	struct ldt_struct *ldt;

#endif

#ifdef CONFIG_X86_64

	/* True if mm supports a task running in 32 bit compatibility mode. */

static inline void load_mm_cr4(struct mm_struct *mm) {}

#endif

#ifdef CONFIG_MODIFY_LDT_SYSCALL

/*

 * ldt_structs can be allocated, used, and freed, but they are never

 * modified while live.

	int size;

};

/*

 * Used for LDT copy/destruction.

 */

int init_new_context(struct task_struct *tsk, struct mm_struct *mm);

void destroy_context(struct mm_struct *mm);

#else	/* CONFIG_MODIFY_LDT_SYSCALL */

static inline int init_new_context(struct task_struct *tsk,

				   struct mm_struct *mm)

{

	return 0;

}

static inline void destroy_context(struct mm_struct *mm) {}

#endif

static inline void load_mm_ldt(struct mm_struct *mm)

{

#ifdef CONFIG_MODIFY_LDT_SYSCALL

	struct ldt_struct *ldt;

	/* lockless_dereference synchronizes with smp_store_release */

		set_ldt(ldt->entries, ldt->size);

	else

		clear_LDT();

#else

	clear_LDT();

#endif

	DEBUG_LOCKS_WARN_ON(preemptible());

}

/*

 * Used for LDT copy/destruction.

 */

int init_new_context(struct task_struct *tsk, struct mm_struct *mm);

void destroy_context(struct mm_struct *mm);

static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)

{

#ifdef CONFIG_SMP

		/* Load per-mm CR4 state */

		load_mm_cr4(next);

#ifdef CONFIG_MODIFY_LDT_SYSCALL

		/*

		 * Load the LDT, if the LDT is different.

		 *

		 */

		if (unlikely(prev->context.ldt != next->context.ldt))

			load_mm_ldt(next);

#endif

	}

#ifdef CONFIG_SMP

	  else {

obj-y			:= process_$(BITS).o signal.o

obj-$(CONFIG_COMPAT)	+= signal_compat.o

obj-y			+= traps.o irq.o irq_$(BITS).o dumpstack_$(BITS).o

obj-y			+= time.o ioport.o ldt.o dumpstack.o nmi.o

obj-y			+= time.o ioport.o dumpstack.o nmi.o

obj-$(CONFIG_MODIFY_LDT_SYSCALL)	+= ldt.o

obj-y			+= setup.o x86_init.o i8259.o irqinit.o jump_label.o

obj-$(CONFIG_IRQ_WORK)  += irq_work.o

obj-y			+= probe_roms.o

	int idx = segment >> 3;

	if ((segment & SEGMENT_TI_MASK) == SEGMENT_LDT) {

#ifdef CONFIG_MODIFY_LDT_SYSCALL

		struct ldt_struct *ldt;

		if (idx > LDT_ENTRIES)

			return 0;

		desc = &ldt->entries[idx];

#else

		return 0;

#endif

	} else {

		if (idx > GDT_ENTRIES)

			return 0;