Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch

From: Ingo Molnar
Date: Tue May 16 2006 - 02:47:03 EST

* Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

> AFAICT we'll pay one extra TLB entry for this patch. Zach had a patch
> which left the vsyscall page at the top of memory (minus hole for
> hypervisor) and patched the ELF header at boot.

i'd suggest the solution from exec-shield (which has been there for a
long time), which also randomizes the vsyscall vma. Exploits are already
starting to use the vsyscall page (with predictable addresses) to
circumvent randomization, it provides 'interesting' instructions to act
as a syscall-functionality building block. Moving that address to
another predictable place solves the virtualization problem, but doesnt
solve the address-space randomization problem.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at