Linux Patches Posted That Would Allow Boot-Time Disabling Of x86 32-bit Processes

Written by Michael Larabel in Linux Kernel on 7 June 2023 at 10:00 AM EDT. 57 Comments
LINUX KERNEL
SUSE engineer Nikolay Borisov sent out a set of patches today for "ia32_disabled" that would allow disabling of support for x86 32-bit processes from running on x86_64 Linux systems. As a first step this would be a boot-time option when "ia32_disabled" is set.

SUSE is interested in the ability for disabling the IA32 compatibility layer and the proposed patches would allow disabling the 32-bit system calls on 64-bit kernels as well as disabling 32-bit processes.

ia32_disabled


They acknowledge though that 32-bit legacy software is still in use so for now it's being made a boot-time option via the "ia32_disabled" kernel option while eventually may be offered as a Kconfig build-time switch if wanting to disable 32-bit syscall and process support entirely.

The patch comments elaborate with:
"Distributions would like to reduce their attack surface as much as possible but at the same time they have to cater to a wide variety of legacy software. One such avenue where distros have to strike a balance is the support for 32bit syscalls on a 64bit kernel. Ideally we'd have the ability to disable the the compat support at boot time. This would allow the decision whether it should be disabled/enabled can be delegated to system administrators.
...
In addition to disabling 32bit syscall interface let's also disable the ability to run 32bit processes altogether. This is achieved by setting the GDT_ENTRY_DEFAULT_USER32_CS descriptor to not present which would cause 32 bit processes to trap with a #NP exception. Furthermore, forbid loading compat processes as well."

The patch series for now is under review on the LKML. It will be interesting to see how this work evolves and how much other vendor interest there is in optional disabling of 32-bit process support.
57 Comments
Related News
New Linux Patch Establishes "CONFIG_X86_64_NATIVE" For -march=native Kernel Builds
Perf Support For 2,048 CPU Cores Is Becoming Not Enough - Patches Bump Kernel Limit
Linux 6.13-rc2 Released With An Initial Batch Of Fixes
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Linux 6.13-rc2 To Workaround Buggy Intel Lunar Lake Leading To Responsiveness Issues
More Kernel Bitrot: Old & Busted UltraSPARC T2 "Niagara 2" SPU Driver Slated For Removal
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features