9fd67b4ed0
Move vvars out of the vsyscall page into their own page and mark it NX. Without this patch, an attacker who can force a daemon to call some fixed address could wait until the time contains, say, 0xCD80, and then execute the current time. Signed-off-by: Andy Lutomirski <luto@mit.edu> Cc: Jesper Juhl <jj@chaosbits.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Jan Beulich <JBeulich@novell.com> Cc: richard -rw- weinberger <richard.weinberger@gmail.com> Cc: Mikael Pettersson <mikpe@it.uu.se> Cc: Andi Kleen <andi@firstfloor.org> Cc: Brian Gerst <brgerst@gmail.com> Cc: Louis Rilling <Louis.Rilling@kerlabs.com> Cc: Valdis.Kletnieks@vt.edu Cc: pageexec@freemail.hu Link: http://lkml.kernel.org/r/b1460f81dc4463d66ea3f2b5ce240f58d48effec.1307292171.git.luto@mit.edu Signed-off-by: Ingo Molnar <mingo@elte.hu>
51 lines
1.5 KiB
C
51 lines
1.5 KiB
C
/*
|
|
* vvar.h: Shared vDSO/kernel variable declarations
|
|
* Copyright (c) 2011 Andy Lutomirski
|
|
* Subject to the GNU General Public License, version 2
|
|
*
|
|
* A handful of variables are accessible (read-only) from userspace
|
|
* code in the vsyscall page and the vdso. They are declared here.
|
|
* Some other file must define them with DEFINE_VVAR.
|
|
*
|
|
* In normal kernel code, they are used like any other variable.
|
|
* In user code, they are accessed through the VVAR macro.
|
|
*
|
|
* These variables live in a page of kernel data that has an extra RO
|
|
* mapping for userspace. Each variable needs a unique offset within
|
|
* that page; specify that offset with the DECLARE_VVAR macro. (If
|
|
* you mess up, the linker will catch it.)
|
|
*/
|
|
|
|
/* Base address of vvars. This is not ABI. */
|
|
#define VVAR_ADDRESS (-10*1024*1024 - 4096)
|
|
|
|
#if defined(__VVAR_KERNEL_LDS)
|
|
|
|
/* The kernel linker script defines its own magic to put vvars in the
|
|
* right place.
|
|
*/
|
|
#define DECLARE_VVAR(offset, type, name) \
|
|
EMIT_VVAR(name, offset)
|
|
|
|
#else
|
|
|
|
#define DECLARE_VVAR(offset, type, name) \
|
|
static type const * const vvaraddr_ ## name = \
|
|
(void *)(VVAR_ADDRESS + (offset));
|
|
|
|
#define DEFINE_VVAR(type, name) \
|
|
type name \
|
|
__attribute__((section(".vvar_" #name), aligned(16)))
|
|
|
|
#define VVAR(name) (*vvaraddr_ ## name)
|
|
|
|
#endif
|
|
|
|
/* DECLARE_VVAR(offset, type, name) */
|
|
|
|
DECLARE_VVAR(0, volatile unsigned long, jiffies)
|
|
DECLARE_VVAR(16, int, vgetcpu_mode)
|
|
DECLARE_VVAR(128, struct vsyscall_gtod_data, vsyscall_gtod_data)
|
|
|
|
#undef DECLARE_VVAR
|