kernel-ark/kernel
Ingo Molnar e6e5494cb2 [PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.

Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.

It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).

There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO.  Newer
distributions (using glibc 2.3.3 or later) can turn this option off.  Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.

There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.

(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)

This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.

[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 17:32:38 -07:00
..
irq [PATCH] adjust handle_IRR_event() return type 2006-06-23 07:43:08 -07:00
power [PATCH] pm_trace is dangerous 2006-06-27 17:32:35 -07:00
time [PATCH] time: rename clocksource functions 2006-06-26 09:58:21 -07:00
.gitignore
acct.c [PATCH] kernel/acct: fix function definition 2006-06-27 17:32:35 -07:00
audit.c
audit.h
auditfilter.c
auditsc.c [PATCH] Doc: add audit & acct to DocBook 2006-06-23 07:43:07 -07:00
capability.c
compat.c [PATCH] N32 sigset and __COMPAT_ENDIAN_SWAP__ 2006-06-25 10:01:15 -07:00
configs.c
cpu.c [PATCH] Convert kernel/cpu.c to mutexes 2006-06-26 09:58:16 -07:00
cpuset.c [PATCH] proc: Use struct pid not struct task_ref 2006-06-26 09:58:26 -07:00
dma.c
exec_domain.c
exit.c [PATCH] proc: Rewrite the proc dentry flush on exit optimization 2006-06-26 09:58:24 -07:00
extable.c
fork.c [PATCH] coredump: copy_process: don't check SIGNAL_GROUP_EXIT 2006-06-26 09:58:27 -07:00
futex_compat.c
futex.c
hrtimer.c [PATCH] ktime/hrtimer: fix kernel-doc comments 2006-06-25 10:01:23 -07:00
itimer.c
kallsyms.c
Kconfig.hz
Kconfig.preempt
kexec.c [PATCH] Add a sysfs file to determine if a kexec kernel is loaded 2006-06-23 07:43:02 -07:00
kfifo.c
kmod.c
kprobes.c [PATCH] Notify page fault call chain 2006-06-26 09:58:22 -07:00
ksysfs.c [PATCH] Add a sysfs file to determine if a kexec kernel is loaded 2006-06-23 07:43:02 -07:00
kthread.c [PATCH] kthread: move kernel-doc and put it into DocBook 2006-06-25 10:01:24 -07:00
Makefile Merge branch 'x86-64' 2006-06-26 10:51:09 -07:00
module.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild 2006-06-26 11:05:15 -07:00
mutex-debug.c [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
mutex-debug.h [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
mutex.c [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
mutex.h [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
panic.c
params.c
pid.c
posix-cpu-timers.c
posix-timers.c
printk.c [PATCH] printk time parameter 2006-06-25 10:01:13 -07:00
profile.c
ptrace.c [PATCH] coredump: kill ptrace related stuff 2006-06-26 09:58:27 -07:00
rcupdate.c [PATCH] Make RCU API inaccessible to non-GPL Linux kernel modules 2006-06-23 07:43:07 -07:00
rcutorture.c
relay.c
resource.c [PATCH] catch valid mem range at onlining memory 2006-06-27 17:32:36 -07:00
sched.c Merge branch 'x86-64' 2006-06-26 10:51:09 -07:00
seccomp.c
signal.c [PATCH] coredump: kill ptrace related stuff 2006-06-26 09:58:27 -07:00
softirq.c [PATCH] cpu hotplug: fix CPU_UP_CANCEL handling 2006-06-25 10:01:22 -07:00
softlockup.c [PATCH] cpu hotplug: fix CPU_UP_CANCEL handling 2006-06-25 10:01:22 -07:00
spinlock.c
stop_machine.c [PATCH] kthread: convert stop_machine into a kthread 2006-06-25 10:01:22 -07:00
sys_ni.c
sys.c [PATCH] kernel/sys.c: cleanups 2006-06-25 10:01:06 -07:00
sysctl.c [PATCH] vdso: randomize the i386 vDSO by moving it into a vma 2006-06-27 17:32:38 -07:00
time.c [PATCH] Time: Introduce arch generic time accessors 2006-06-26 09:58:20 -07:00
timer.c [PATCH] fix and optimize clock source update 2006-06-26 09:58:21 -07:00
uid16.c
unwind.c [PATCH] x86_64: allow unwinder to build without module support 2006-06-26 10:48:18 -07:00
user.c
wait.c
workqueue.c [PATCH] cpu hotplug: fix CPU_UP_CANCEL handling 2006-06-25 10:01:22 -07:00