Linux 6.7 To Make It Easier To Toggle Support For x86 32-bit Programs

The Linux kernel currently allows disabling support for 32-bit programs and 32-bit system calls at compile-time, but a new option expected to be introduced with Linux 6.7 this winter will provide a new "ia32_emulation" boot time option to allow unconditionally disabling support for 32-bit programs and system calls.

On the basis of allowing Linux distributions to reduce their attack surface as much as possible while still allowing users to run legacy software, SUSE's Nikolay Borisov spearheaded the effort to allow the IA32_EMULATION support to be boot-time configurable. This allows Linux distributions moving forward to decide to disable x86 32-bit program support out-of-the-box but then could allow users/administrators to override it with a new boot time option rather than having to recompile the kernel.

For x86_64 Linux kernel builds the "IA32_EMULATION" Kconfig option currently controls whether the 32-bit support is built. With the pending patches there is now a "ia32_emulation=" option for at boot time deciding whether to enable or disable support for loading 32-bit programs and being able to execute 32-bit system calls.

As part of this work is also adding a new "IA32_EMULATION_DEFAULT_DISABLED" Kconfig option for at compile-time deciding the default behavior of IA32 emulation support. By default / out-of-the-box the x86_64 Linux kernel will continue allowing the 32-bit program/syscall functionality.

The new ia32_emulation boot time option has been queued in TIP.git's x86/entry branch. With these patches now part of a TIP branch, barring any last minute issues this new functionality is expected to be submitted for the next kernel merge window, which will be for the Linux 6.7 release this winter.