i'm guessing this wasn't just an accident. how hard would it be to
re-architect things slightly to split the user-space visible ia32
syscalls from the ia32 emulation bits that x32 needs ? and perhaps
even taking it further, removing even the native x86_64 syscall layer.
we'd like to be able to restrict the attack surface so that if we only
have a x32 userland, we'd kill off ia32 and x86_64 syscalls. examples
of how this layer has bitten people in the past:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3301
i vaguely recall others, but even this small list shows that the
attack surface is not insignificant nor trivial to verify.
-mike
This isn't very hard at all to factor out ia32, but a lot of the code is
the same, so it doesn't make the attack surface as much smaller as you
think. I don't think we want to do that until x32 is upstream, though.
Factoring out x86-64 would be substantially harder, but not impossible
by any means. The same caveat applies there, though.
-hpa