x86-64: Fill unused parts of the vsyscall page with 0xcc

Jumping to 0x00 might do something depending on the following bytes. Jumping to 0xcc is a trap. So fill the unused parts of the vsyscall page with 0xcc to make it useless for exploits to jump there. Signed-off-by: Andy Lutomirski <luto@mit.edu> Cc: Jesper Juhl <jj@chaosbits.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Jan Beulich <JBeulich@novell.com> Cc: richard -rw- weinberger <richard.weinberger@gmail.com> Cc: Mikael Pettersson <mikpe@it.uu.se> Cc: Andi Kleen <andi@firstfloor.org> Cc: Brian Gerst <brgerst@gmail.com> Cc: Louis Rilling <Louis.Rilling@kerlabs.com> Cc: Valdis.Kletnieks@vt.edu Cc: pageexec@freemail.hu Link: http://lkml.kernel.org/r/ed54bfcfbe50a9070d20ec1edbe0d149e22a4568.1307292171.git.luto@mit.edu Signed-off-by: Ingo Molnar <mingo@elte.hu>
author: Andy Lutomirski <luto@MIT.EDU> 2011-06-05 13:50:23 -0400
committer: Ingo Molnar <mingo@elte.hu> 2011-06-06 03:43:14 -0400
commit: 5dfcea629a08b4684a019cd0cb59d0c9129a6c02 (patch)
tree: 0f8c7ae0db1cc4d7bf75dc7dd5612de7c741145c /arch
parent: bb5fe2f78eadf5a52d8dcbf9a57728fd107af97b (diff)
1 files changed, 7 insertions, 9 deletions
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4f90082fd640..80174719910c 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -166,22 +166,20 @@ SECTIONS
        __vsyscall_0 = .;
        . = VSYSCALL_ADDR;
-        .vsyscall_0 : AT(VLOAD(.vsyscall_0)) {
+        .vsyscall : AT(VLOAD(.vsyscall)) {
                *(.vsyscall_0)
-        } :user
-        . = ALIGN(L1_CACHE_BYTES);
+                . = ALIGN(L1_CACHE_BYTES);
-        .vsyscall_fn : AT(VLOAD(.vsyscall_fn)) {
                *(.vsyscall_fn)
-        }
-        .vsyscall_1 ADDR(.vsyscall_0) + 1024: AT(VLOAD(.vsyscall_1)) {
+                . = 1024;
                *(.vsyscall_1)
-        }
-        .vsyscall_2 ADDR(.vsyscall_0) + 2048: AT(VLOAD(.vsyscall_2)) {
+                . = 2048;
                *(.vsyscall_2)
-        }
+                . = 4096;  /* Pad the whole page. */
+        } :user =0xcc
        . = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE);
 #undef VSYSCALL_ADDR
author	Andy Lutomirski <luto@MIT.EDU>	2011-06-05 13:50:23 -0400
committer	Ingo Molnar <mingo@elte.hu>	2011-06-06 03:43:14 -0400
commit	5dfcea629a08b4684a019cd0cb59d0c9129a6c02 (patch)
tree	0f8c7ae0db1cc4d7bf75dc7dd5612de7c741145c /arch
parent	bb5fe2f78eadf5a52d8dcbf9a57728fd107af97b (diff)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 4f90082fd640..80174719910c 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S
@@ -166,22 +166,20 @@ SECTIONS
166	__vsyscall_0 = .;	166	__vsyscall_0 = .;
167		167
168	. = VSYSCALL_ADDR;	168	. = VSYSCALL_ADDR;
169	.vsyscall_0 : AT(VLOAD(.vsyscall_0)) {	169	.vsyscall : AT(VLOAD(.vsyscall)) {
170	*(.vsyscall_0)	170	*(.vsyscall_0)
171	} :user
172		171
173	. = ALIGN(L1_CACHE_BYTES);	172	. = ALIGN(L1_CACHE_BYTES);
174	.vsyscall_fn : AT(VLOAD(.vsyscall_fn)) {
175	*(.vsyscall_fn)	173	*(.vsyscall_fn)
176	}
177		174
178	.vsyscall_1 ADDR(.vsyscall_0) + 1024: AT(VLOAD(.vsyscall_1)) {	175	. = 1024;
179	*(.vsyscall_1)	176	*(.vsyscall_1)
180	}	177
181	.vsyscall_2 ADDR(.vsyscall_0) + 2048: AT(VLOAD(.vsyscall_2)) {	178	. = 2048;
182	*(.vsyscall_2)	179	*(.vsyscall_2)
183	}
184		180
		181	. = 4096; /* Pad the whole page. */
		182	} :user =0xcc
185	. = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE);	183	. = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE);
186		184
187	#undef VSYSCALL_ADDR	185	#undef VSYSCALL_ADDR