Linux 6.7 將允許在啟動時啟用/禁用 32 位程式支援

從 Linux 發行版試圖減少攻-擊面，同時仍使使用者無需重新編譯核心即可執行舊版軟體的角度來看，SUSE 已帶頭努力在啟動時啟用/禁用 x86 32 位支援（無論是否為 32 位） 可以執行 32 位使用者空間程式和 32 位系統呼叫。 該程式碼已針對即將到來的 Linux 6.7 合併視窗提交。

Linux 核心已經具有“IA32_EMULATION”Kconfig 旋鈕，用於在構建時切換 32 位支援，而大多數（所有？）Linux 發行版都啟用它，以允許 32 位使用者空間軟體正常工作。 但 Linux 6.7 的新補丁允許在啟動時選擇性地啟用/禁用它。 因此，未來 Linux 發行版可以選擇預設關閉該支援，但如果使用者想要執行 32 位舊版軟體，則可以新增新的“ia32_emulation=1”啟動時間標誌來啟用該支援，而無需 重建核心。 或者，伺服器管理員可以決定更輕鬆地先發制人地禁用此 32 位支援。

這些針對 Linux 6.7 的補丁不會對預設策略進行任何更改。

此啟動時間 ia32_emulation 控制是在週六的 Linux 6.7 x86/entry 更改中發出的。 該拉取請求還對快速系統呼叫返回驗證程式碼進行了清理。

原文如下：

標題：Linux 6.7 Will Let You Enable/Disable 32-bit Programs Support At Boot-Time

From the perspective of Linux distributions trying to reduce their attack surface while still making it possible for users to run legacy software without recompiling their kernel, SUSE has spearheaded the effort for boot-time enabling/disabling of x86 32-bit support for whether 32-bit user-space programs and 32-bit system calls can be executed. That code has been submitted for the imminent Linux 6.7 merge window.

The Linux kernel already has the "IA32_EMULATION" Kconfig knob for toggling the 32-bit support at build time, while most (all?) Linux distributions leave it enabled for allowing 32-bit user-space software to work fine. But the new patches coming for Linux 6.7 allow optionally enabling/disabling it at boot time. So in the future Linux distributions could choose to have the support off-by-default but then users if they want to run 32-bit legacy software could add the new "ia32_emulation=1" boot time flag to have the support enabled without having to rebuild the kernel. Or alternatively, server administrators could decide to preemptively disable this 32-bit support more easily.

These patches for Linux 6.7 aren't making any default policy changes.

This boot time ia32_emulation control was sent out in Saturday's x86/entry changes for Linux 6.7. That pull request also has a clean-up to the fast syscall return validation code.

-----------------------------------