• Ingo Molnar's avatar
    [PATCH] vdso: randomize the i386 vDSO by moving it into a vma · e6e5494c
    Ingo Molnar authored
    Move the i386 VDSO down into a vma and thus randomize it.
    
    Besides the security implications, this feature also helps debuggers, which
    can COW a vma-backed VDSO just like a normal DSO and can thus do
    single-stepping and other debugging features.
    
    It's good for hypervisors (Xen, VMWare) too, which typically live in the same
    high-mapped address space as the VDSO, hence whenever the VDSO is used, they
    get lots of guest pagefaults and have to fix such guest accesses up - which
    slows things down instead of speeding things up (the primary purpose of the
    VDSO).
    
    There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
    for older glibcs that still rely on a prelinked high-mapped VDSO.  Newer
    distributions (using glibc 2.3.3 or later) can turn this option off.  Turning
    it off is also recommended for security reasons: attackers cannot use the
    predictable high-mapped VDSO page as syscall trampoline anymore.
    
    There is a new vdso=[0|1] boot option as well, and a runtime
    /proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
    on/off.
    
    (This version of the VDSO-randomization patch also has working ELF
    coredumping, the previous patch crashed in the coredumping code.)
    
    This code is a combined work of the exec-shield VDSO randomization
    code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
    started this patch and i completed it.
    
    [akpm@osdl.org: cleanups]
    [akpm@osdl.org: compile fix]
    [akpm@osdl.org: compile fix 2]
    [akpm@osdl.org: compile fix 3]
    [akpm@osdl.org: revernt MAXMEM change]
    Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
    Signed-off-by: default avatarArjan van de Ven <arjan@infradead.org>
    Cc: Gerd Hoffmann <kraxel@suse.de>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Zachary Amsden <zach@vmware.com>
    Cc: Andi Kleen <ak@muc.de>
    Cc: Jan Beulich <jbeulich@novell.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    e6e5494c
kernel-parameters.txt 49.4 KB