From 5cec93c216db77c45f7ce970d46283bcb1933884 Mon Sep 17 00:00:00 2001 From: Andy Lutomirski Date: Sun, 5 Jun 2011 13:50:24 -0400 Subject: x86-64: Emulate legacy vsyscalls There's a fair amount of code in the vsyscall page. It contains a syscall instruction (in the gettimeofday fallback) and who knows what will happen if an exploit jumps into the middle of some other code. Reduce the risk by replacing the vsyscalls with short magic incantations that cause the kernel to emulate the real vsyscalls. These incantations are useless if entered in the middle. This causes vsyscalls to be a little more expensive than real syscalls. Fortunately sensible programs don't use them. The only exception is time() which is still called by glibc through the vsyscall - but calling time() millions of times per second is not sensible. glibc has this fixed in the development tree. This patch is not perfect: the vread_tsc and vread_hpet functions are still at a fixed address. Fixing that might involve making alternative patching work in the vDSO. Signed-off-by: Andy Lutomirski Acked-by: Linus Torvalds Cc: Jesper Juhl Cc: Borislav Petkov Cc: Arjan van de Ven Cc: Jan Beulich Cc: richard -rw- weinberger Cc: Mikael Pettersson Cc: Andi Kleen Cc: Brian Gerst Cc: Louis Rilling Cc: Valdis.Kletnieks@vt.edu Cc: pageexec@freemail.hu Link: http://lkml.kernel.org/r/e64e1b3c64858820d12c48fa739efbd1485e79d5.1307292171.git.luto@mit.edu [ Removed the CONFIG option - it's simpler to just do it unconditionally. Tidied up the code as well. ] Signed-off-by: Ingo Molnar --- include/linux/seccomp.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include') diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 167c33361d9c..cc7a4e9cc7ad 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -19,6 +19,11 @@ static inline void secure_computing(int this_syscall) extern long prctl_get_seccomp(void); extern long prctl_set_seccomp(unsigned long); +static inline int seccomp_mode(seccomp_t *s) +{ + return s->mode; +} + #else /* CONFIG_SECCOMP */ #include @@ -37,6 +42,11 @@ static inline long prctl_set_seccomp(unsigned long arg2) return -EINVAL; } +static inline int seccomp_mode(seccomp_t *s) +{ + return 0; +} + #endif /* CONFIG_SECCOMP */ #endif /* _LINUX_SECCOMP_H */ -- cgit v1.2.2 From 433bd805e5fd2c731b3a9025b034f066272d336e Mon Sep 17 00:00:00 2001 From: Andy Lutomirski Date: Wed, 13 Jul 2011 09:24:13 -0400 Subject: clocksource: Replace vread with generic arch data The vread field was bloating struct clocksource everywhere except x86_64, and I want to change the way this works on x86_64, so let's split it out into per-arch data. Cc: x86@kernel.org Cc: Clemens Ladisch Cc: linux-ia64@vger.kernel.org Cc: Tony Luck Cc: Fenghua Yu Cc: John Stultz Cc: Thomas Gleixner Signed-off-by: Andy Lutomirski Link: http://lkml.kernel.org/r/3ae5ec76a168eaaae63f08a2a1060b91aa0b7759.1310563276.git.luto@mit.edu Signed-off-by: H. Peter Anvin --- include/asm-generic/clocksource.h | 4 ++++ include/linux/clocksource.h | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 include/asm-generic/clocksource.h (limited to 'include') diff --git a/include/asm-generic/clocksource.h b/include/asm-generic/clocksource.h new file mode 100644 index 000000000000..0a462d3fb05e --- /dev/null +++ b/include/asm-generic/clocksource.h @@ -0,0 +1,4 @@ +/* + * Architectures should override this file to add private userspace + * clock magic if needed. + */ diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h index d4646b48dc4a..0fb83c224471 100644 --- a/include/linux/clocksource.h +++ b/include/linux/clocksource.h @@ -22,6 +22,8 @@ typedef u64 cycle_t; struct clocksource; +#include + /** * struct cyclecounter - hardware abstraction for a free running counter * Provides completely state-free accessors to the underlying hardware. @@ -153,7 +155,7 @@ extern u64 timecounter_cyc2time(struct timecounter *tc, * @shift: cycle to nanosecond divisor (power of two) * @max_idle_ns: max idle time permitted by the clocksource (nsecs) * @flags: flags describing special properties - * @vread: vsyscall based read + * @archdata: arch-specific data * @suspend: suspend function for the clocksource, if necessary * @resume: resume function for the clocksource, if necessary */ @@ -175,10 +177,14 @@ struct clocksource { #else #define CLKSRC_FSYS_MMIO_SET(mmio, addr) do { } while (0) #endif + +#ifdef __ARCH_HAS_CLOCKSOURCE_DATA + struct arch_clocksource_data archdata; +#endif + const char *name; struct list_head list; int rating; - cycle_t (*vread)(void); int (*enable)(struct clocksource *cs); void (*disable)(struct clocksource *cs); unsigned long flags; -- cgit v1.2.2 From 574c44fa8fa6262ffd5939789ef51a6e98ed62d7 Mon Sep 17 00:00:00 2001 From: Andy Lutomirski Date: Wed, 13 Jul 2011 09:24:15 -0400 Subject: ia64: Replace clocksource.fsys_mmio with generic arch data Now that clocksource.archdata is available, use it for ia64-specific code. Cc: Clemens Ladisch Cc: linux-ia64@vger.kernel.org Cc: Tony Luck Cc: Fenghua Yu Cc: John Stultz Cc: Thomas Gleixner Signed-off-by: Andy Lutomirski Link: http://lkml.kernel.org/r/d31de0ee0842a0e322fb6441571c2b0adb323fa2.1310563276.git.luto@mit.edu Signed-off-by: H. Peter Anvin --- include/linux/clocksource.h | 7 ------- 1 file changed, 7 deletions(-) (limited to 'include') diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h index 0fb83c224471..6bb69702c4fa 100644 --- a/include/linux/clocksource.h +++ b/include/linux/clocksource.h @@ -171,13 +171,6 @@ struct clocksource { u32 shift; u64 max_idle_ns; -#ifdef CONFIG_IA64 - void *fsys_mmio; /* used by fsyscall asm code */ -#define CLKSRC_FSYS_MMIO_SET(mmio, addr) ((mmio) = (addr)) -#else -#define CLKSRC_FSYS_MMIO_SET(mmio, addr) do { } while (0) -#endif - #ifdef __ARCH_HAS_CLOCKSOURCE_DATA struct arch_clocksource_data archdata; #endif -- cgit v1.2.2 From ae7bd11b471931752e5609094ca0a49386590524 Mon Sep 17 00:00:00 2001 From: "H. Peter Anvin" Date: Thu, 21 Jul 2011 13:34:05 -0700 Subject: clocksource: Change __ARCH_HAS_CLOCKSOURCE_DATA to a CONFIG option The machinery for __ARCH_HAS_CLOCKSOURCE_DATA assumed a file in asm-generic would be the default for architectures without their own file in asm/, but that is not how it works. Replace it with a Kconfig option instead. Link: http://lkml.kernel.org/r/4E288AA6.7090804@zytor.com Signed-off-by: H. Peter Anvin Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Tony Luck --- include/asm-generic/clocksource.h | 4 ---- include/linux/clocksource.h | 4 +++- 2 files changed, 3 insertions(+), 5 deletions(-) delete mode 100644 include/asm-generic/clocksource.h (limited to 'include') diff --git a/include/asm-generic/clocksource.h b/include/asm-generic/clocksource.h deleted file mode 100644 index 0a462d3fb05e..000000000000 --- a/include/asm-generic/clocksource.h +++ /dev/null @@ -1,4 +0,0 @@ -/* - * Architectures should override this file to add private userspace - * clock magic if needed. - */ diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h index 6bb69702c4fa..59ee970cf89e 100644 --- a/include/linux/clocksource.h +++ b/include/linux/clocksource.h @@ -22,7 +22,9 @@ typedef u64 cycle_t; struct clocksource; +#ifdef CONFIG_ARCH_CLOCKSOURCE_DATA #include +#endif /** * struct cyclecounter - hardware abstraction for a free running counter @@ -171,7 +173,7 @@ struct clocksource { u32 shift; u64 max_idle_ns; -#ifdef __ARCH_HAS_CLOCKSOURCE_DATA +#ifdef CONFIG_ARCH_CLOCKSOURCE_DATA struct arch_clocksource_data archdata; #endif -- cgit v1.2.2