2005-04-17 02:20:36 +04:00
/*
* ( C ) Copyright 2002 Linus Torvalds
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
* Portions based on the vdso - randomization code from exec - shield :
* Copyright ( C ) 2005 - 2006 , Red Hat , Inc . , Ingo Molnar
2005-04-17 02:20:36 +04:00
*
* This file contains the needed initializations to support sysenter .
*/
# include <linux/init.h>
# include <linux/smp.h>
# include <linux/thread_info.h>
# include <linux/sched.h>
# include <linux/gfp.h>
# include <linux/string.h>
# include <linux/elf.h>
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
# include <linux/mm.h>
2007-07-30 02:36:13 +04:00
# include <linux/err.h>
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
# include <linux/module.h>
2005-04-17 02:20:36 +04:00
# include <asm/cpufeature.h>
# include <asm/msr.h>
# include <asm/pgtable.h>
# include <asm/unistd.h>
2007-05-02 21:27:12 +04:00
# include <asm/elf.h>
2007-05-02 21:27:12 +04:00
# include <asm/tlbflush.h>
2008-01-30 15:30:42 +03:00
# include <asm/vdso.h>
2008-01-30 15:30:43 +03:00
# include <asm/proto.h>
2007-05-02 21:27:12 +04:00
enum {
VDSO_DISABLED = 0 ,
VDSO_ENABLED = 1 ,
VDSO_COMPAT = 2 ,
} ;
# ifdef CONFIG_COMPAT_VDSO
# define VDSO_DEFAULT VDSO_COMPAT
# else
# define VDSO_DEFAULT VDSO_ENABLED
# endif
2005-04-17 02:20:36 +04:00
2008-01-30 15:30:43 +03:00
# ifdef CONFIG_X86_64
# define vdso_enabled sysctl_vsyscall32
# define arch_setup_additional_pages syscall32_setup_pages
# endif
/*
* This is the difference between the prelinked addresses in the vDSO images
* and the VDSO_HIGH_BASE address where CONFIG_COMPAT_VDSO places the vDSO
* in the user address space .
*/
# define VDSO_ADDR_ADJUST (VDSO_HIGH_BASE - (unsigned long)VDSO32_PRELINK)
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
/*
* Should the kernel map a VDSO page into processes and pass its
* address down to glibc upon exec ( ) ?
*/
2007-05-02 21:27:12 +04:00
unsigned int __read_mostly vdso_enabled = VDSO_DEFAULT ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
static int __init vdso_setup ( char * s )
{
vdso_enabled = simple_strtoul ( s , NULL , 0 ) ;
return 1 ;
}
2008-01-30 15:30:43 +03:00
/*
* For consistency , the argument vdso32 = [ 012 ] affects the 32 - bit vDSO
* behavior on both 64 - bit and 32 - bit kernels .
* On 32 - bit kernels , vdso = [ 012 ] means the same thing .
*/
__setup ( " vdso32= " , vdso_setup ) ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
2008-01-30 15:30:43 +03:00
# ifdef CONFIG_X86_32
__setup_param ( " vdso= " , vdso32_setup , vdso_setup , 0 ) ;
EXPORT_SYMBOL_GPL ( vdso_enabled ) ;
# endif
2005-04-17 02:20:36 +04:00
2007-05-02 21:27:12 +04:00
static __init void reloc_symtab ( Elf32_Ehdr * ehdr ,
unsigned offset , unsigned size )
{
Elf32_Sym * sym = ( void * ) ehdr + offset ;
unsigned nsym = size / sizeof ( * sym ) ;
unsigned i ;
for ( i = 0 ; i < nsym ; i + + , sym + + ) {
if ( sym - > st_shndx = = SHN_UNDEF | |
sym - > st_shndx = = SHN_ABS )
continue ; /* skip */
if ( sym - > st_shndx > SHN_LORESERVE ) {
printk ( KERN_INFO " VDSO: unexpected st_shndx %x \n " ,
sym - > st_shndx ) ;
continue ;
}
switch ( ELF_ST_TYPE ( sym - > st_info ) ) {
case STT_OBJECT :
case STT_FUNC :
case STT_SECTION :
case STT_FILE :
2008-01-30 15:30:43 +03:00
sym - > st_value + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
}
}
}
static __init void reloc_dyn ( Elf32_Ehdr * ehdr , unsigned offset )
{
Elf32_Dyn * dyn = ( void * ) ehdr + offset ;
for ( ; dyn - > d_tag ! = DT_NULL ; dyn + + )
switch ( dyn - > d_tag ) {
case DT_PLTGOT :
case DT_HASH :
case DT_STRTAB :
case DT_SYMTAB :
case DT_RELA :
case DT_INIT :
case DT_FINI :
case DT_REL :
case DT_DEBUG :
case DT_JMPREL :
case DT_VERSYM :
case DT_VERDEF :
case DT_VERNEED :
case DT_ADDRRNGLO . . . DT_ADDRRNGHI :
/* definitely pointers needing relocation */
2008-01-30 15:30:43 +03:00
dyn - > d_un . d_ptr + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
break ;
case DT_ENCODING . . . OLD_DT_LOOS - 1 :
case DT_LOOS . . . DT_HIOS - 1 :
/* Tags above DT_ENCODING are pointers if
they ' re even */
if ( dyn - > d_tag > = DT_ENCODING & &
( dyn - > d_tag & 1 ) = = 0 )
2008-01-30 15:30:43 +03:00
dyn - > d_un . d_ptr + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
break ;
case DT_VERDEFNUM :
case DT_VERNEEDNUM :
case DT_FLAGS_1 :
case DT_RELACOUNT :
case DT_RELCOUNT :
case DT_VALRNGLO . . . DT_VALRNGHI :
/* definitely not pointers */
break ;
case OLD_DT_LOOS . . . DT_LOOS - 1 :
case DT_HIOS . . . DT_VALRNGLO - 1 :
default :
if ( dyn - > d_tag > DT_ENCODING )
printk ( KERN_INFO " VDSO: unexpected DT_tag %x \n " ,
dyn - > d_tag ) ;
break ;
}
}
static __init void relocate_vdso ( Elf32_Ehdr * ehdr )
{
Elf32_Phdr * phdr ;
Elf32_Shdr * shdr ;
int i ;
BUG_ON ( memcmp ( ehdr - > e_ident , ELFMAG , 4 ) ! = 0 | |
2008-01-30 15:30:43 +03:00
! elf_check_arch_ia32 ( ehdr ) | |
2007-05-02 21:27:12 +04:00
ehdr - > e_type ! = ET_DYN ) ;
2008-01-30 15:30:43 +03:00
ehdr - > e_entry + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
/* rebase phdrs */
phdr = ( void * ) ehdr + ehdr - > e_phoff ;
for ( i = 0 ; i < ehdr - > e_phnum ; i + + ) {
2008-01-30 15:30:43 +03:00
phdr [ i ] . p_vaddr + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
/* relocate dynamic stuff */
if ( phdr [ i ] . p_type = = PT_DYNAMIC )
reloc_dyn ( ehdr , phdr [ i ] . p_offset ) ;
}
/* rebase sections */
shdr = ( void * ) ehdr + ehdr - > e_shoff ;
for ( i = 0 ; i < ehdr - > e_shnum ; i + + ) {
if ( ! ( shdr [ i ] . sh_flags & SHF_ALLOC ) )
continue ;
2008-01-30 15:30:43 +03:00
shdr [ i ] . sh_addr + = VDSO_ADDR_ADJUST ;
2007-05-02 21:27:12 +04:00
if ( shdr [ i ] . sh_type = = SHT_SYMTAB | |
shdr [ i ] . sh_type = = SHT_DYNSYM )
reloc_symtab ( ehdr , shdr [ i ] . sh_offset ,
shdr [ i ] . sh_size ) ;
}
}
2008-01-30 15:30:43 +03:00
/*
* These symbols are defined by vdso32 . S to mark the bounds
* of the ELF DSO images included therein .
*/
extern const char vdso32_default_start , vdso32_default_end ;
extern const char vdso32_sysenter_start , vdso32_sysenter_end ;
static struct page * vdso32_pages [ 1 ] ;
# ifdef CONFIG_X86_64
static int use_sysenter __read_mostly = - 1 ;
# define vdso32_sysenter() (use_sysenter > 0)
/* May not be __init: called during resume */
void syscall32_cpu_init ( void )
{
if ( use_sysenter < 0 )
use_sysenter = ( boot_cpu_data . x86_vendor = = X86_VENDOR_INTEL ) ;
/* Load these always in case some future AMD CPU supports
SYSENTER from compat mode too . */
checking_wrmsrl ( MSR_IA32_SYSENTER_CS , ( u64 ) __KERNEL_CS ) ;
checking_wrmsrl ( MSR_IA32_SYSENTER_ESP , 0ULL ) ;
checking_wrmsrl ( MSR_IA32_SYSENTER_EIP , ( u64 ) ia32_sysenter_target ) ;
wrmsrl ( MSR_CSTAR , ia32_cstar_target ) ;
}
# define compat_uses_vma 1
static inline void map_compat_vdso ( int map )
{
}
# else /* CONFIG_X86_32 */
# define vdso32_sysenter() (boot_cpu_has(X86_FEATURE_SEP))
2005-06-26 01:54:53 +04:00
void enable_sep_cpu ( void )
2005-04-17 02:20:36 +04:00
{
int cpu = get_cpu ( ) ;
struct tss_struct * tss = & per_cpu ( init_tss , cpu ) ;
2005-06-26 01:54:53 +04:00
if ( ! boot_cpu_has ( X86_FEATURE_SEP ) ) {
put_cpu ( ) ;
return ;
}
2007-05-02 21:27:13 +04:00
tss - > x86_tss . ss1 = __KERNEL_CS ;
2008-01-30 15:31:02 +03:00
tss - > x86_tss . sp1 = sizeof ( struct tss_struct ) + ( unsigned long ) tss ;
2005-04-17 02:20:36 +04:00
wrmsr ( MSR_IA32_SYSENTER_CS , __KERNEL_CS , 0 ) ;
2008-01-30 15:31:02 +03:00
wrmsr ( MSR_IA32_SYSENTER_ESP , tss - > x86_tss . sp1 , 0 ) ;
2008-01-30 15:30:43 +03:00
wrmsr ( MSR_IA32_SYSENTER_EIP , ( unsigned long ) ia32_sysenter_target , 0 ) ;
2005-04-17 02:20:36 +04:00
put_cpu ( ) ;
}
2007-05-02 21:27:12 +04:00
static struct vm_area_struct gate_vma ;
static int __init gate_vma_init ( void )
{
gate_vma . vm_mm = NULL ;
gate_vma . vm_start = FIXADDR_USER_START ;
gate_vma . vm_end = FIXADDR_USER_END ;
gate_vma . vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC ;
gate_vma . vm_page_prot = __P101 ;
/*
* Make sure the vDSO gets into every core dump .
* Dumping its contents makes post - mortem fully interpretable later
* without matching up the same kernel and hardware config to see
* what PC values meant .
*/
gate_vma . vm_flags | = VM_ALWAYSDUMP ;
return 0 ;
}
2008-01-30 15:30:43 +03:00
# define compat_uses_vma 0
2005-04-17 02:20:36 +04:00
2007-05-02 21:27:12 +04:00
static void map_compat_vdso ( int map )
{
static int vdso_mapped ;
if ( map = = vdso_mapped )
return ;
vdso_mapped = map ;
2008-01-30 15:30:43 +03:00
__set_fixmap ( FIX_VDSO , page_to_pfn ( vdso32_pages [ 0 ] ) < < PAGE_SHIFT ,
2007-05-02 21:27:12 +04:00
map ? PAGE_READONLY_EXEC : PAGE_NONE ) ;
/* flush stray tlbs */
flush_tlb_all ( ) ;
}
2008-01-30 15:30:43 +03:00
# endif /* CONFIG_X86_64 */
2007-05-02 21:27:12 +04:00
int __init sysenter_setup ( void )
2005-04-17 02:20:36 +04:00
{
2007-02-09 01:20:42 +03:00
void * syscall_page = ( void * ) get_zeroed_page ( GFP_ATOMIC ) ;
2007-05-02 21:27:12 +04:00
const void * vsyscall ;
size_t vsyscall_len ;
2008-01-30 15:30:43 +03:00
vdso32_pages [ 0 ] = virt_to_page ( syscall_page ) ;
2005-04-17 02:20:36 +04:00
2008-01-30 15:30:43 +03:00
# ifdef CONFIG_X86_32
2007-05-02 21:27:12 +04:00
gate_vma_init ( ) ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
printk ( " Compat vDSO mapped to %08lx. \n " , __fix_to_virt ( FIX_VDSO ) ) ;
2008-01-30 15:30:43 +03:00
# endif
2005-04-17 02:20:36 +04:00
2008-01-30 15:30:43 +03:00
if ( ! vdso32_sysenter ( ) ) {
vsyscall = & vdso32_default_start ;
vsyscall_len = & vdso32_default_end - & vdso32_default_start ;
2007-05-02 21:27:12 +04:00
} else {
2008-01-30 15:30:43 +03:00
vsyscall = & vdso32_sysenter_start ;
vsyscall_len = & vdso32_sysenter_end - & vdso32_sysenter_start ;
2005-04-17 02:20:36 +04:00
}
2007-05-02 21:27:12 +04:00
memcpy ( syscall_page , vsyscall , vsyscall_len ) ;
relocate_vdso ( syscall_page ) ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
/* Setup a VMA at program startup for the vsyscall page */
int arch_setup_additional_pages ( struct linux_binprm * bprm , int exstack )
{
struct mm_struct * mm = current - > mm ;
unsigned long addr ;
2007-05-02 21:27:16 +04:00
int ret = 0 ;
2007-05-02 21:27:12 +04:00
bool compat ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
2008-04-09 12:30:06 +04:00
if ( vdso_enabled = = VDSO_DISABLED )
return 0 ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
down_write ( & mm - > mmap_sem ) ;
2007-05-02 21:27:12 +04:00
/* Test compat mode once here, in case someone
changes it via sysctl */
compat = ( vdso_enabled = = VDSO_COMPAT ) ;
map_compat_vdso ( compat ) ;
if ( compat )
addr = VDSO_HIGH_BASE ;
else {
addr = get_unmapped_area ( NULL , 0 , PAGE_SIZE , 0 , 0 ) ;
if ( IS_ERR_VALUE ( addr ) ) {
ret = addr ;
goto up_fail ;
}
2008-01-30 15:30:43 +03:00
}
2007-05-02 21:27:12 +04:00
2008-01-30 15:30:43 +03:00
if ( compat_uses_vma | | ! compat ) {
2007-05-02 21:27:12 +04:00
/*
* MAYWRITE to allow gdb to COW and set breakpoints
*
* Make sure the vDSO gets into every core dump .
* Dumping its contents makes post - mortem fully
* interpretable later without matching up the same
* kernel and hardware config to see what PC values
* meant .
*/
ret = install_special_mapping ( mm , addr , PAGE_SIZE ,
VM_READ | VM_EXEC |
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC |
VM_ALWAYSDUMP ,
2008-01-30 15:30:43 +03:00
vdso32_pages ) ;
2007-05-02 21:27:12 +04:00
if ( ret )
goto up_fail ;
}
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
current - > mm - > context . vdso = ( void * ) addr ;
current_thread_info ( ) - > sysenter_return =
2008-01-30 15:30:42 +03:00
VDSO32_SYMBOL ( addr , SYSENTER_RETURN ) ;
2007-05-02 21:27:12 +04:00
up_fail :
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
up_write ( & mm - > mmap_sem ) ;
2007-05-02 21:27:12 +04:00
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
return ret ;
}
2008-01-30 15:30:43 +03:00
# ifdef CONFIG_X86_64
__initcall ( sysenter_setup ) ;
2008-01-30 15:31:55 +03:00
# ifdef CONFIG_SYSCTL
/* Register vsyscall32 into the ABI table */
# include <linux/sysctl.h>
static ctl_table abi_table2 [ ] = {
{
. procname = " vsyscall32 " ,
. data = & sysctl_vsyscall32 ,
. maxlen = sizeof ( int ) ,
. mode = 0644 ,
. proc_handler = proc_dointvec
} ,
{ }
} ;
static ctl_table abi_root_table2 [ ] = {
{
. ctl_name = CTL_ABI ,
. procname = " abi " ,
. mode = 0555 ,
. child = abi_table2
} ,
{ }
} ;
static __init int ia32_binfmt_init ( void )
{
register_sysctl_table ( abi_root_table2 ) ;
return 0 ;
}
__initcall ( ia32_binfmt_init ) ;
# endif
2008-01-30 15:30:43 +03:00
# else /* CONFIG_X86_32 */
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
const char * arch_vma_name ( struct vm_area_struct * vma )
{
if ( vma - > vm_mm & & vma - > vm_start = = ( long ) vma - > vm_mm - > context . vdso )
return " [vdso] " ;
return NULL ;
}
struct vm_area_struct * get_gate_vma ( struct task_struct * tsk )
{
2007-05-02 21:27:12 +04:00
struct mm_struct * mm = tsk - > mm ;
/* Check to see if this task was created in compat vdso mode */
if ( mm & & mm - > context . vdso = = ( void * ) VDSO_HIGH_BASE )
return & gate_vma ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
return NULL ;
}
int in_gate_area ( struct task_struct * task , unsigned long addr )
{
2007-07-21 19:10:21 +04:00
const struct vm_area_struct * vma = get_gate_vma ( task ) ;
return vma & & addr > = vma - > vm_start & & addr < vma - > vm_end ;
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 13:53:50 +04:00
}
int in_gate_area_no_task ( unsigned long addr )
{
return 0 ;
}
2008-01-30 15:30:43 +03:00
# endif /* CONFIG_X86_64 */