[src/trunk]: src/sys/arch/i386/conf Disable vm86 by default. The use case is ...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b82b4b52a584
branches:  trunk
changeset: 825687:b82b4b52a584
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Jul 28 13:59:07 2017 +0000

description:
Disable vm86 by default. The use case is limited, and the potential for
damage is too high.

This code is fragile, and relies on a certain number of assumptions, some
of which are not be totally true. For example, it relies on the fact that
a 16bit process cannot perform a syscall, but verily it can. The slighest
confusion in the trap frame can lead to ring0 exploits. Also, I'm not
convinced that it interacts well with the compatibility layers.

diffstat:

 sys/arch/i386/conf/GENERIC |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (24 lines):

diff -r 4cece5549e2f -r b82b4b52a584 sys/arch/i386/conf/GENERIC
--- a/sys/arch/i386/conf/GENERIC        Fri Jul 28 13:58:47 2017 +0000
+++ b/sys/arch/i386/conf/GENERIC        Fri Jul 28 13:59:07 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1157 2017/07/12 17:40:34 maxv Exp $
+# $NetBSD: GENERIC,v 1.1158 2017/07/28 13:59:07 maxv Exp $
 #
 # GENERIC machine description file
 #
@@ -22,12 +22,12 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "GENERIC-$Revision: 1.1157 $"
+#ident         "GENERIC-$Revision: 1.1158 $"
 
 maxusers       64              # estimated number of users
 
 # CPU-related options.
-options        VM86            # virtual 8086 emulation
+#options       VM86            # virtual 8086 emulation
 options        USER_LDT        # user-settable LDT; used by WINE
 #options       PAE             # PAE mode (36 bits physical addressing)