diff options
| author | Ingo Molnar <mingo@elte.hu> | 2006-06-27 05:53:50 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-27 20:32:38 -0400 |
| commit | e6e5494cb23d1933735ee47cc674ffe1c4afed6f (patch) | |
| tree | c8945bb3ae5bec38693d801fb589d22d48d6f8eb /include/asm-i386/elf.h | |
| parent | d5fb34261dcd32c9cb3b28121fdc46308db513a1 (diff) | |
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/asm-i386/elf.h')
| -rw-r--r-- | include/asm-i386/elf.h | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/include/asm-i386/elf.h b/include/asm-i386/elf.h index 4153d80e4d2b..1eac92cb5b16 100644 --- a/include/asm-i386/elf.h +++ b/include/asm-i386/elf.h | |||
| @@ -10,6 +10,7 @@ | |||
| 10 | #include <asm/processor.h> | 10 | #include <asm/processor.h> |
| 11 | #include <asm/system.h> /* for savesegment */ | 11 | #include <asm/system.h> /* for savesegment */ |
| 12 | #include <asm/auxvec.h> | 12 | #include <asm/auxvec.h> |
| 13 | #include <asm/desc.h> | ||
| 13 | 14 | ||
| 14 | #include <linux/utsname.h> | 15 | #include <linux/utsname.h> |
| 15 | 16 | ||
| @@ -129,15 +130,41 @@ extern int dump_task_extended_fpu (struct task_struct *, struct user_fxsr_struct | |||
| 129 | #define ELF_CORE_COPY_FPREGS(tsk, elf_fpregs) dump_task_fpu(tsk, elf_fpregs) | 130 | #define ELF_CORE_COPY_FPREGS(tsk, elf_fpregs) dump_task_fpu(tsk, elf_fpregs) |
| 130 | #define ELF_CORE_COPY_XFPREGS(tsk, elf_xfpregs) dump_task_extended_fpu(tsk, elf_xfpregs) | 131 | #define ELF_CORE_COPY_XFPREGS(tsk, elf_xfpregs) dump_task_extended_fpu(tsk, elf_xfpregs) |
| 131 | 132 | ||
| 132 | #define VSYSCALL_BASE (__fix_to_virt(FIX_VSYSCALL)) | 133 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) |
| 133 | #define VSYSCALL_EHDR ((const struct elfhdr *) VSYSCALL_BASE) | 134 | #define VDSO_BASE ((unsigned long)current->mm->context.vdso) |
| 134 | #define VSYSCALL_ENTRY ((unsigned long) &__kernel_vsyscall) | 135 | |
| 136 | #ifdef CONFIG_COMPAT_VDSO | ||
| 137 | # define VDSO_COMPAT_BASE VDSO_HIGH_BASE | ||
| 138 | # define VDSO_PRELINK VDSO_HIGH_BASE | ||
| 139 | #else | ||
| 140 | # define VDSO_COMPAT_BASE VDSO_BASE | ||
| 141 | # define VDSO_PRELINK 0 | ||
| 142 | #endif | ||
| 143 | |||
| 144 | #define VDSO_COMPAT_SYM(x) \ | ||
| 145 | (VDSO_COMPAT_BASE + (unsigned long)(x) - VDSO_PRELINK) | ||
| 146 | |||
| 147 | #define VDSO_SYM(x) \ | ||
| 148 | (VDSO_BASE + (unsigned long)(x) - VDSO_PRELINK) | ||
| 149 | |||
| 150 | #define VDSO_HIGH_EHDR ((const struct elfhdr *) VDSO_HIGH_BASE) | ||
| 151 | #define VDSO_EHDR ((const struct elfhdr *) VDSO_COMPAT_BASE) | ||
| 152 | |||
| 135 | extern void __kernel_vsyscall; | 153 | extern void __kernel_vsyscall; |
| 136 | 154 | ||
| 155 | #define VDSO_ENTRY VDSO_SYM(&__kernel_vsyscall) | ||
| 156 | |||
| 157 | #define ARCH_HAS_SETUP_ADDITIONAL_PAGES | ||
| 158 | struct linux_binprm; | ||
| 159 | extern int arch_setup_additional_pages(struct linux_binprm *bprm, | ||
| 160 | int executable_stack); | ||
| 161 | |||
| 162 | extern unsigned int vdso_enabled; | ||
| 163 | |||
| 137 | #define ARCH_DLINFO \ | 164 | #define ARCH_DLINFO \ |
| 138 | do { \ | 165 | do if (vdso_enabled) { \ |
| 139 | NEW_AUX_ENT(AT_SYSINFO, VSYSCALL_ENTRY); \ | 166 | NEW_AUX_ENT(AT_SYSINFO, VDSO_ENTRY); \ |
| 140 | NEW_AUX_ENT(AT_SYSINFO_EHDR, VSYSCALL_BASE); \ | 167 | NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_COMPAT_BASE); \ |
| 141 | } while (0) | 168 | } while (0) |
| 142 | 169 | ||
| 143 | /* | 170 | /* |
| @@ -148,15 +175,15 @@ do { \ | |||
| 148 | * Dumping its extra ELF program headers includes all the other information | 175 | * Dumping its extra ELF program headers includes all the other information |
| 149 | * a debugger needs to easily find how the vsyscall DSO was being used. | 176 | * a debugger needs to easily find how the vsyscall DSO was being used. |
| 150 | */ | 177 | */ |
| 151 | #define ELF_CORE_EXTRA_PHDRS (VSYSCALL_EHDR->e_phnum) | 178 | #define ELF_CORE_EXTRA_PHDRS (VDSO_HIGH_EHDR->e_phnum) |
| 152 | #define ELF_CORE_WRITE_EXTRA_PHDRS \ | 179 | #define ELF_CORE_WRITE_EXTRA_PHDRS \ |
| 153 | do { \ | 180 | do { \ |
| 154 | const struct elf_phdr *const vsyscall_phdrs = \ | 181 | const struct elf_phdr *const vsyscall_phdrs = \ |
| 155 | (const struct elf_phdr *) (VSYSCALL_BASE \ | 182 | (const struct elf_phdr *) (VDSO_HIGH_BASE \ |
| 156 | + VSYSCALL_EHDR->e_phoff); \ | 183 | + VDSO_HIGH_EHDR->e_phoff); \ |
| 157 | int i; \ | 184 | int i; \ |
| 158 | Elf32_Off ofs = 0; \ | 185 | Elf32_Off ofs = 0; \ |
| 159 | for (i = 0; i < VSYSCALL_EHDR->e_phnum; ++i) { \ | 186 | for (i = 0; i < VDSO_HIGH_EHDR->e_phnum; ++i) { \ |
| 160 | struct elf_phdr phdr = vsyscall_phdrs[i]; \ | 187 | struct elf_phdr phdr = vsyscall_phdrs[i]; \ |
| 161 | if (phdr.p_type == PT_LOAD) { \ | 188 | if (phdr.p_type == PT_LOAD) { \ |
| 162 | BUG_ON(ofs != 0); \ | 189 | BUG_ON(ofs != 0); \ |
| @@ -174,10 +201,10 @@ do { \ | |||
| 174 | #define ELF_CORE_WRITE_EXTRA_DATA \ | 201 | #define ELF_CORE_WRITE_EXTRA_DATA \ |
| 175 | do { \ | 202 | do { \ |
| 176 | const struct elf_phdr *const vsyscall_phdrs = \ | 203 | const struct elf_phdr *const vsyscall_phdrs = \ |
| 177 | (const struct elf_phdr *) (VSYSCALL_BASE \ | 204 | (const struct elf_phdr *) (VDSO_HIGH_BASE \ |
| 178 | + VSYSCALL_EHDR->e_phoff); \ | 205 | + VDSO_HIGH_EHDR->e_phoff); \ |
| 179 | int i; \ | 206 | int i; \ |
| 180 | for (i = 0; i < VSYSCALL_EHDR->e_phnum; ++i) { \ | 207 | for (i = 0; i < VDSO_HIGH_EHDR->e_phnum; ++i) { \ |
| 181 | if (vsyscall_phdrs[i].p_type == PT_LOAD) \ | 208 | if (vsyscall_phdrs[i].p_type == PT_LOAD) \ |
| 182 | DUMP_WRITE((void *) vsyscall_phdrs[i].p_vaddr, \ | 209 | DUMP_WRITE((void *) vsyscall_phdrs[i].p_vaddr, \ |
| 183 | PAGE_ALIGN(vsyscall_phdrs[i].p_memsz)); \ | 210 | PAGE_ALIGN(vsyscall_phdrs[i].p_memsz)); \ |