Re: [PATCH v3 08/10] x86-64: Emulate legacy vsyscalls

From: Andrew Lutomirski
Date: Wed Jun 01 2011 - 08:36:47 EST

On Wed, Jun 1, 2011 at 7:54 AM, Brian Gerst <brgerst@xxxxxxxxx> wrote:
> On Tue, May 31, 2011 at 9:16 AM, Andy Lutomirski <luto@xxxxxxx> wrote:
>> There's a fair amount of code in the vsyscall page.  It contains a
>> syscall instruction (in the gettimeofday fallback) and who knows
>> what will happen if an exploit jumps into the middle of some other
>> code.
>> Reduce the risk by replacing the vsyscalls with short magic
>> incantations that cause the kernel to emulate the real vsyscalls.
>> These incantations are useless if entered in the middle.
> How about remapping the vsyscall page into a random page in the
> modules area, and make the fixed page simply have stubs that jump to
> the code in that page.  That would solve the fixed address syscall
> problem without any more overhead.

It wouldn't give any protection against local attacks, though.


> --
> Brian Gerst
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at