x86-64: Rework vsyscall emulation and add vsyscall= parameter

There are three choices: vsyscall=native: Vsyscalls are native code that issues the corresponding syscalls. vsyscall=emulate (default): Vsyscalls are emulated by instruction fault traps, tested in the bad_area path. The actual contents of the vsyscall page is the same as the vsyscall=native case except that it's marked NX. This way programs that make assumptions about what the code in the page does will not be confused when they read that code. vsyscall=none: Trying to execute a vsyscall will segfault. Signed-off-by: Andy Lutomirski <luto@mit.edu> Link: http://lkml.kernel.org/r/8449fb3abf89851fd6b2260972666a6f82542284.1312988155.git.luto@mit.edu Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
author: Andy Lutomirski <luto@mit.edu> 2011-08-10 11:15:32 -0400
committer: H. Peter Anvin <hpa@linux.intel.com> 2011-08-10 20:26:46 -0400
commit: 3ae36655b97a03fa1decf72f04078ef945647c1a (patch)
tree: f6f5fbc743909d66e6823c9325ddba9d9d3646ad /Documentation
parent: fce8dc06423d6fb2709469dc5c55b04e09c1d126 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index aa47be71df4c..9cfd6bb9198e 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2657,6 +2657,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
        vmpoff=         [KNL,S390] Perform z/VM CP command after power off.
                        Format: <command>
+        vsyscall=       [X86-64]
+                        Controls the behavior of vsyscalls (i.e. calls to
+                        fixed addresses of 0xffffffffff600x00 from legacy
+                        code).  Most statically-linked binaries and older
+                        versions of glibc use these calls.  Because these
+                        functions are at fixed addresses, they make nice
+                        targets for exploits that can control RIP.
+                        emulate     [default] Vsyscalls turn into traps and are
+                                    emulated reasonably safely.
+                        native      Vsyscalls are native syscall instructions.
+                                    This is a little bit faster than trapping
+                                    and makes a few dynamic recompilers work
+                                    better than they would in emulation mode.
+                                    It also makes exploits much easier to write.
+                        none        Vsyscalls don't work at all.  This makes
+                                    them quite hard to use for exploits but
+                                    might break your system.
        vt.cur_default= [VT] Default cursor shape.
                        Format: 0xCCBBAA, where AA, BB, and CC are the same as
                        the parameters of the <Esc>[?A;B;Cc escape sequence;
author	Andy Lutomirski <luto@mit.edu>	2011-08-10 11:15:32 -0400
committer	H. Peter Anvin <hpa@linux.intel.com>	2011-08-10 20:26:46 -0400
commit	3ae36655b97a03fa1decf72f04078ef945647c1a (patch)
tree	f6f5fbc743909d66e6823c9325ddba9d9d3646ad /Documentation
parent	fce8dc06423d6fb2709469dc5c55b04e09c1d126 (diff)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index aa47be71df4c..9cfd6bb9198e 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt
@@ -2657,6 +2657,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
2657	vmpoff= [KNL,S390] Perform z/VM CP command after power off.	2657	vmpoff= [KNL,S390] Perform z/VM CP command after power off.
2658	Format: <command>	2658	Format: <command>
2659		2659
		2660	vsyscall= [X86-64]
		2661	Controls the behavior of vsyscalls (i.e. calls to
		2662	fixed addresses of 0xffffffffff600x00 from legacy
		2663	code). Most statically-linked binaries and older
		2664	versions of glibc use these calls. Because these
		2665	functions are at fixed addresses, they make nice
		2666	targets for exploits that can control RIP.
		2667
		2668	emulate [default] Vsyscalls turn into traps and are
		2669	emulated reasonably safely.
		2670
		2671	native Vsyscalls are native syscall instructions.
		2672	This is a little bit faster than trapping
		2673	and makes a few dynamic recompilers work
		2674	better than they would in emulation mode.
		2675	It also makes exploits much easier to write.
		2676
		2677	none Vsyscalls don't work at all. This makes
		2678	them quite hard to use for exploits but
		2679	might break your system.
		2680
2660	vt.cur_default= [VT] Default cursor shape.	2681	vt.cur_default= [VT] Default cursor shape.
2661	Format: 0xCCBBAA, where AA, BB, and CC are the same as	2682	Format: 0xCCBBAA, where AA, BB, and CC are the same as
2662	the parameters of the <Esc>[?A;B;Cc escape sequence;	2683	the parameters of the <Esc>[?A;B;Cc escape sequence;