e6e5494cb2
Move the i386 VDSO down into a vma and thus randomize it. Besides the security implications, this feature also helps debuggers, which can COW a vma-backed VDSO just like a normal DSO and can thus do single-stepping and other debugging features. It's good for hypervisors (Xen, VMWare) too, which typically live in the same high-mapped address space as the VDSO, hence whenever the VDSO is used, they get lots of guest pagefaults and have to fix such guest accesses up - which slows things down instead of speeding things up (the primary purpose of the VDSO). There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support for older glibcs that still rely on a prelinked high-mapped VDSO. Newer distributions (using glibc 2.3.3 or later) can turn this option off. Turning it off is also recommended for security reasons: attackers cannot use the predictable high-mapped VDSO page as syscall trampoline anymore. There is a new vdso=[0|1] boot option as well, and a runtime /proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned on/off. (This version of the VDSO-randomization patch also has working ELF coredumping, the previous patch crashed in the coredumping code.) This code is a combined work of the exec-shield VDSO randomization code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell started this patch and i completed it. [akpm@osdl.org: cleanups] [akpm@osdl.org: compile fix] [akpm@osdl.org: compile fix 2] [akpm@osdl.org: compile fix 3] [akpm@osdl.org: revernt MAXMEM change] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Arjan van de Ven <arjan@infradead.org> Cc: Gerd Hoffmann <kraxel@suse.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Zachary Amsden <zach@vmware.com> Cc: Andi Kleen <ak@muc.de> Cc: Jan Beulich <jbeulich@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
66 lines
1.8 KiB
ArmAsm
66 lines
1.8 KiB
ArmAsm
/*
|
|
* Linker script for vsyscall DSO. The vsyscall page is an ELF shared
|
|
* object prelinked to its virtual address, and with only one read-only
|
|
* segment (that fits in one page). This script controls its layout.
|
|
*/
|
|
#include <asm/asm-offsets.h>
|
|
|
|
SECTIONS
|
|
{
|
|
. = VDSO_PRELINK + SIZEOF_HEADERS;
|
|
|
|
.hash : { *(.hash) } :text
|
|
.dynsym : { *(.dynsym) }
|
|
.dynstr : { *(.dynstr) }
|
|
.gnu.version : { *(.gnu.version) }
|
|
.gnu.version_d : { *(.gnu.version_d) }
|
|
.gnu.version_r : { *(.gnu.version_r) }
|
|
|
|
/* This linker script is used both with -r and with -shared.
|
|
For the layouts to match, we need to skip more than enough
|
|
space for the dynamic symbol table et al. If this amount
|
|
is insufficient, ld -shared will barf. Just increase it here. */
|
|
. = VDSO_PRELINK + 0x400;
|
|
|
|
.text : { *(.text) } :text =0x90909090
|
|
.note : { *(.note.*) } :text :note
|
|
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr
|
|
.eh_frame : { KEEP (*(.eh_frame)) } :text
|
|
.dynamic : { *(.dynamic) } :text :dynamic
|
|
.useless : {
|
|
*(.got.plt) *(.got)
|
|
*(.data .data.* .gnu.linkonce.d.*)
|
|
*(.dynbss)
|
|
*(.bss .bss.* .gnu.linkonce.b.*)
|
|
} :text
|
|
}
|
|
|
|
/*
|
|
* We must supply the ELF program headers explicitly to get just one
|
|
* PT_LOAD segment, and set the flags explicitly to make segments read-only.
|
|
*/
|
|
PHDRS
|
|
{
|
|
text PT_LOAD FILEHDR PHDRS FLAGS(5); /* PF_R|PF_X */
|
|
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
|
|
note PT_NOTE FLAGS(4); /* PF_R */
|
|
eh_frame_hdr 0x6474e550; /* PT_GNU_EH_FRAME, but ld doesn't match the name */
|
|
}
|
|
|
|
/*
|
|
* This controls what symbols we export from the DSO.
|
|
*/
|
|
VERSION
|
|
{
|
|
LINUX_2.5 {
|
|
global:
|
|
__kernel_vsyscall;
|
|
__kernel_sigreturn;
|
|
__kernel_rt_sigreturn;
|
|
|
|
local: *;
|
|
};
|
|
}
|
|
|
|
/* The ELF entry point can be used to set the AT_SYSINFO value. */
|
|
ENTRY(__kernel_vsyscall);
|