|
|
|
/*
|
|
|
|
* Linker script for vsyscall DSO. The vsyscall page is an ELF shared
|
|
|
|
* object prelinked to its virtual address, and with only one read-only
|
|
|
|
* segment (that fits in one page). This script controls its layout.
|
|
|
|
*/
|
|
|
|
#include <asm/asm-offsets.h>
|
|
|
|
|
|
|
|
SECTIONS
|
|
|
|
{
|
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
19 years ago
|
|
|
. = VDSO_PRELINK + SIZEOF_HEADERS;
|
|
|
|
|
|
|
|
.hash : { *(.hash) } :text
|
|
|
|
.dynsym : { *(.dynsym) }
|
|
|
|
.dynstr : { *(.dynstr) }
|
|
|
|
.gnu.version : { *(.gnu.version) }
|
|
|
|
.gnu.version_d : { *(.gnu.version_d) }
|
|
|
|
.gnu.version_r : { *(.gnu.version_r) }
|
|
|
|
|
|
|
|
/* This linker script is used both with -r and with -shared.
|
|
|
|
For the layouts to match, we need to skip more than enough
|
|
|
|
space for the dynamic symbol table et al. If this amount
|
|
|
|
is insufficient, ld -shared will barf. Just increase it here. */
|
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
19 years ago
|
|
|
. = VDSO_PRELINK + 0x400;
|
|
|
|
|
|
|
|
.text : { *(.text) } :text =0x90909090
|
|
|
|
.note : { *(.note.*) } :text :note
|
|
|
|
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr
|
|
|
|
.eh_frame : { KEEP (*(.eh_frame)) } :text
|
|
|
|
.dynamic : { *(.dynamic) } :text :dynamic
|
|
|
|
.useless : {
|
|
|
|
*(.got.plt) *(.got)
|
|
|
|
*(.data .data.* .gnu.linkonce.d.*)
|
|
|
|
*(.dynbss)
|
|
|
|
*(.bss .bss.* .gnu.linkonce.b.*)
|
|
|
|
} :text
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We must supply the ELF program headers explicitly to get just one
|
|
|
|
* PT_LOAD segment, and set the flags explicitly to make segments read-only.
|
|
|
|
*/
|
|
|
|
PHDRS
|
|
|
|
{
|
|
|
|
text PT_LOAD FILEHDR PHDRS FLAGS(5); /* PF_R|PF_X */
|
|
|
|
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
|
|
|
|
note PT_NOTE FLAGS(4); /* PF_R */
|
|
|
|
eh_frame_hdr 0x6474e550; /* PT_GNU_EH_FRAME, but ld doesn't match the name */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This controls what symbols we export from the DSO.
|
|
|
|
*/
|
|
|
|
VERSION
|
|
|
|
{
|
|
|
|
LINUX_2.5 {
|
|
|
|
global:
|
|
|
|
__kernel_vsyscall;
|
|
|
|
__kernel_sigreturn;
|
|
|
|
__kernel_rt_sigreturn;
|
|
|
|
|
|
|
|
local: *;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The ELF entry point can be used to set the AT_SYSINFO value. */
|
|
|
|
ENTRY(__kernel_vsyscall);
|