3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail

Bug #1328965 reported by Doug C on 2014-06-11
54
This bug affects 10 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Precise
Undecided
Kamal Mostafa
Trusty
Undecided
Tim Gardner
Utopic
Medium
Unassigned

Bug Description

Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available.

For this reason, I cannot move forward to new kernel releases until this is fixed.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-29-generic 3.13.0-29.53
ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11
Uname: Linux 3.13.0-27-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: soup 1783 F.... pulseaudio
CurrentDesktop: Unity
Date: Wed Jun 11 12:01:26 2014
HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4
InstallationDate: Installed on 2014-04-26 (46 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
MachineType: Hewlett-Packard HP ProBook 4530s
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-27-generic N/A
 linux-backports-modules-3.13.0-27-generic N/A
 linux-firmware 1.127.2
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/11/2011
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: 68SRR Ver. F.20
dmi.board.name: 167C
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 22.21
dmi.chassis.asset.tag: CNU1412MC3
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr:
dmi.product.name: HP ProBook 4530s
dmi.product.version: A0001D02
dmi.sys.vendor: Hewlett-Packard

Doug C (n-doug) wrote :

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed

Doug C, thank you for reporting this and helping make Ubuntu better. Could you please provide the specific commit #/URL that you would like to see backported?

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Incomplete
Doug C (n-doug) wrote :

Here's the info about the kernel patch that re-enables 16-bit segments via /proc/sys/abi/ldt16:
  https://lkml.org/lkml/2014/6/5/115
Without this, all Wine Win9x programs will fail to run.

Doug C (n-doug) wrote :

Here's the fix as committed to the 3.14.6 kernel:

( Taken from https://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.6 )

commit 461a8fe47232a42c5ba9e2ac57eed37df331a2e3
Author: Linus Torvalds <email address hidden>
Date: Wed May 14 16:33:54 2014 -0700

    x86-64, modify_ldt: Make support for 16-bit segments a runtime option

    commit fa81511bb0bbb2b1aace3695ce869da9762624ff upstream.

    Checkin:

    b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels

    disabled 16-bit segments on 64-bit kernels due to an information
    leak. However, it does seem that people are genuinely using Wine to
    run old 16-bit Windows programs on Linux.

    A proper fix for this ("espfix64") is coming in the upcoming merge
    window, but as a temporary fix, create a sysctl to allow the
    administrator to re-enable support for 16-bit segments.

    It adds a "/proc/sys/abi/ldt16" sysctl that defaults to zero (off). If
    you hit this issue and care about your old Windows program more than
    you care about a kernel stack address information leak, you can do

       echo 1 > /proc/sys/abi/ldt16

    as root (add it to your startup scripts), and you should be ok.

    The sysctl table is only added if you have COMPAT support enabled on
    x86-64, but I assume anybody who runs old windows binaries very much
    does that ;)

    Signed-off-by: H. Peter Anvin <email address hidden>
    Link: http://lkml.kernel.org/r/CA%<email address hidden>
    Signed-off-by: Greg Kroah-Hartman <email address hidden>

tags: added: bios-outdated-f.41 cherry-pick
Changed in linux (Ubuntu):
status: Incomplete → Triaged
Tim Gardner (timg-tpi) on 2014-06-16
Changed in linux (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Utopic):
status: Triaged → Fix Released
Tim Gardner (timg-tpi) on 2014-06-17
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Czako M (czakom) wrote :

Is there any information, when will this fix be released in Trusty?

Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Ivan Baldo (ibaldo) wrote :

It works!
Tested with 3.13.0-32-generic AMD64.
DOSEmu with Paradox application, I think it uses VCPI since it complained about that before.
I don't know how to change the tag though.
Also, this problem is present in Ubuntu 12.04 though I migrated from that hoping to fix the problem and I don't have it available to test now, maybe you could backport it to that kernel too.
Thanks!

Bruno Nova (brunonova) wrote :

I tested it too in Trusty.
Linux 3.13.0-32-generic from -proposed (used Synaptic to upgrade).
Package linux-generic version 3.13.0.32.38.

I can now do "sudo sysctl abi.ldt16=1" to activate 16 bit support.
Setting Windows 95 in winecfg now works correctly.
Old 16 bit executables now start correctly (tried Elifoot 98 on an older version of 32 bit Wine using PlayOnLinux).
Setting the option to 0 makes these issues return to the old behavior (as it should).

It was a short test, so I don't know if there are regressions elsewhere or if the 16 bit executables still run exactly as before this problem. But this issue seems to be fixed

@Ivan, to change the tags, look under the description of the bug, right above "Related branches", and click on the "pencil" (edit) button. But don't worry, I'll change it.

tags: added: verification-done-trusty
removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux - 3.13.0-32.57

---------------
linux (3.13.0-32.57) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP: #1328914
  * powerpc/perf: Configure BH...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Kamal Mostafa (kamalmostafa) wrote :

This is still a problem in Ubuntu Precise (12.04). Precise kernel version 3.2.0-70.104 does contain all the "espfix" commits, but also (accidentally, I think) leaves CONFIG_X86_16BIT disabled. Attached Precise patch enables it, matching the configuration in Trusty.

Changed in linux (Ubuntu Precise):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Tim Gardner (timg-tpi) on 2014-10-21
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
sw (privat-z) wrote :

Is there any information, when will this fix be released in Precise?

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise

after upgrading from -proposed all works

~# uname -a
Linux WS 3.2.0-72-generic-pae #107-Ubuntu SMP Thu Nov 6 14:44:10 UTC 2014 i686 i686 i386 GNU/Linux

tags: added: verification-done-precise
removed: verification-needed-precise
Launchpad Janitor (janitor) wrote :
Download full text (8.5 KiB)

This bug was fixed in the package linux - 3.2.0-72.107

---------------
linux (3.2.0-72.107) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1390048

  [ Upstream Kernel Changes ]

  * Revert "iwlwifi: dvm: don't enable CTS to self"
    - LP: #1389928
  * regulatory: add NUL to alpha2
    - LP: #1389928
  * percpu: fix pcpu_alloc_pages() failure path
    - LP: #1389928
  * percpu: perform tlb flush after pcpu_map_pages() failure
    - LP: #1389928
  * percpu: free percpu allocation info for uniprocessor system
    - LP: #1389928
  * cgroup: reject cgroup names with ' '
    - LP: #1389928
  * KVM: s390: Fix user triggerable bug in dead code
    - LP: #1389928
  * rtlwifi: rtl8192cu: Add new ID
    - LP: #1389928
  * MIPS: ZBOOT: add missing <linux/string.h> include
    - LP: #1389928
  * regmap: if format_write is used, declare all registers as "unreadable"
    - LP: #1389928
  * regmap: Fix handling of volatile registers for format_write() chips
    - LP: #1389928
  * drm/i915: Remove bogus __init annotation from DMI callbacks
    - LP: #1389928
  * ahci: Add Device IDs for Intel 9 Series PCH
    - LP: #1389928
  * ata_piix: Add Device IDs for Intel 9 Series PCH
    - LP: #1389928
  * USB: ftdi_sio: add support for NOVITUS Bono E thermal printer
    - LP: #1389928
  * USB: sierra: avoid CDC class functions on "68A3" devices
    - LP: #1389928
  * USB: sierra: add 1199:68AA device ID
    - LP: #1389928
  * drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle
    - LP: #1389928
  * ALSA: hda - Fix COEF setups for ALC1150 codec
    - LP: #1389928
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1389928
  * aio: add missing smp_rmb() in read_events_ring
    - LP: #1389928
  * block: Fix dev_t minor allocation lifetime
    - LP: #1389928
  * ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
    - LP: #1389928
  * usb: dwc3: core: use pm_runtime_put_sync() on remove
    - LP: #1389928
  * usb: dwc3: core: fix order of PM runtime calls
    - LP: #1389928
  * ahci: add pcid for Marvel 0x9182 controller
    - LP: #1389928
  * drm/radeon: add connector quirk for fujitsu board
    - LP: #1389928
  * usb: host: xhci: fix compliance mode workaround
    - LP: #1389928
  * Input: elantech - fix detection of touchpad on ASUS s301l
    - LP: #1389928
  * USB: ftdi_sio: Add support for GE Healthcare Nemo Tracker device
    - LP: #1389928
  * uwb: init beacon cache entry before registering uwb device
    - LP: #1389928
  * perf: Fix a race condition in perf_remove_from_context()
    - LP: #1389928
  * Input: synaptics - add support for ForcePads
    - LP: #1389928
  * libceph: rename ceph_msg::front_max to front_alloc_len
    - LP: #1389928
  * libceph: gracefully handle large reply messages from the mon
    - LP: #1389928
  * Input: serport - add compat handling for SPIOCSTYPE ioctl
    - LP: #1389928
  * usb: hub: take hub->hdev reference when processing from eventlist
    - LP: #1389928
  * storage: Add single-LUN quirk for Jaz USB Adapter
    - LP: #1389928
  * xhci: Fix null pointer dereference if xhci initialization fails
    - LP: #1389928
  * Input: i8042 - add ...

Read more...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Michael Steenbeek (gymnasiast) wrote :

In Ubuntu Wily, this seems to have regressed:

 michael@Hadrianus:~$ sudo -i
 root@Hadrianus:~# echo 1 > /proc/sys/abi/ldt16
 -bash: /proc/sys/abi/ldt16: No such file or directory

Michael Steenbeek, to advise, as this report is marked Fix Released, it is closed. Hence, your issue is ignored posting it here.

However, if you have an issue with the linux kernel specifically, please file a new report via a terminal:
ubuntu-bug linux

Please feel free to subscribe me to it.

1448412 (uli-rgbg) wrote :

Problem still persists in Ubuntu 16.04.

Kamal Mostafa (kamalmostafa) wrote :

The "/proc/sys/abi/ldt16" workaround was removed from the mainline Linux kernel two years ago* so the method described in comment #17 is only valid for older kernels. "/proc/sys/abi/ldt16" will not be present in recent or any future kernel versions.

For Ubuntu 15.10 or 16.04, the underlying problem with 16-bit apps should have been resolved by other patches that came in the same timeframe. If that functionality itself isn't working, please file a new bug report.

* 7ed6fb9 Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option"

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers