Re: [3.1 patch] x86: default to vsyscall=native

From: Andrew Lutomirski
Date: Thu Oct 06 2011 - 14:17:24 EST

On Thu, Oct 6, 2011 at 8:37 AM, richard -rw- weinberger
<richard.weinberger@xxxxxxxxx> wrote:
> On Thu, Oct 6, 2011 at 5:06 AM, Andrew Lutomirski <luto@xxxxxxx> wrote:
>> I'll see how ugly the patch to get this all correct is.  It may not be
>> all that pretty because we won't be able to use sys_gettimeofday
>> anymore.
> BTW: The attached program triggers the issue.
> on 3.1-rc8+:
> # ./sig.dyn
> faulting address: 0xdeadbeef
> # ./sig.static
> [   19.075106] sig.static[863] vsyscall fault (exploit attempt?)
> ip:ffffffffff600000 cs:33 sp:7fff9e53d8c8 ax:ffffffffff600000 si:0
> di:deadbeef
> faulting address: 0x0
> I guess UML is not the only user of this feature...

I assume you wrote this to detect the problem :)

Fixing it will be annoying because the attached fancier version needs
to work, too. I could implement the whole mess in software, but it
might be nicer to arrange for uaccess errors to stash some information
somewhere (like in the thread_struct cr2 variable).

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/mman.h>

static void sighandler(int sig, siginfo_t *si, void *uc)
printf("faulting address: 0x%lx\n", (unsigned long)si->si_addr);


int main()
char *page = mmap(0, 8192, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
mprotect(page, 4096, PROT_READ | PROT_WRITE);

struct sigaction sa;

sa.sa_sigaction = (void *)sighandler;
sa.sa_flags = SA_SIGINFO| SA_NODEFER;
sigaction(SIGSEGV, &sa, NULL);

void *access_addr = page + 4095;

printf("Mapped page = %p; will access %p\n", page, access_addr);

gettimeofday(access_addr, NULL);

return 0;