• Andy Lutomirski's avatar
    x86-64: Emulate legacy vsyscalls · 5cec93c2
    Andy Lutomirski authored
    There's a fair amount of code in the vsyscall page.  It contains
    a syscall instruction (in the gettimeofday fallback) and who
    knows what will happen if an exploit jumps into the middle of
    some other code.
    
    Reduce the risk by replacing the vsyscalls with short magic
    incantations that cause the kernel to emulate the real
    vsyscalls. These incantations are useless if entered in the
    middle.
    
    This causes vsyscalls to be a little more expensive than real
    syscalls.  Fortunately sensible programs don't use them.
    The only exception is time() which is still called by glibc
    through the vsyscall - but calling time() millions of times
    per second is not sensible. glibc has this fixed in the
    development tree.
    
    This patch is not perfect: the vread_tsc and vread_hpet
    functions are still at a fixed address.  Fixing that might
    involve making alternative patching work in the vDSO.
    Signed-off-by: default avatarAndy Lutomirski <luto@mit.edu>
    Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Cc: Jesper Juhl <jj@chaosbits.net>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Arjan van de Ven <arjan@infradead.org>
    Cc: Jan Beulich <JBeulich@novell.com>
    Cc: richard -rw- weinberger <richard.weinberger@gmail.com>
    Cc: Mikael Pettersson <mikpe@it.uu.se>
    Cc: Andi Kleen <andi@firstfloor.org>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Louis Rilling <Louis.Rilling@kerlabs.com>
    Cc: Valdis.Kletnieks@vt.edu
    Cc: pageexec@freemail.hu
    Link: http://lkml.kernel.org/r/e64e1b3c64858820d12c48fa739efbd1485e79d5.1307292171.git.luto@mit.edu
    [ Removed the CONFIG option - it's simpler to just do it unconditionally. Tidied up the code as well. ]
    Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
    5cec93c2
vsyscall_64.c 6.89 KB