[RFC PATCH 2/2] x86/vsyscall: Avoid vsyscall emulation for some unexpected fault types
From: Sohil Mehta
Date: Fri Mar 13 2026 - 15:26:27 EST
Currently, vsyscall emulation is rejected for write faults and
kernel-privilege faults. Other page fault error codes such as X86_PF_PK
and X86_PF_SHSTK are unlikely to be set in the vsyscall context.
However, it is good to explicitly reject them from a defensive point of
view. So, avoid vsyscall emulation if X86_PF_PK or X86_PF_SHSTK is set.
Note, X86_PF_RSVD is already handled in do_user_addr_fault() before
vsyscall emulation is attempted.
Suggested-by: H. Peter Anvin (Intel) <hpa@xxxxxxxxx>
Signed-off-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>
---
arch/x86/entry/vsyscall/vsyscall_64.c | 5 +++--
arch/x86/mm/fault.c | 3 ---
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index b1f8f8a57b02..bf0ae314a0fb 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -257,8 +257,9 @@ static bool __emulate_vsyscall(struct pt_regs *regs, unsigned long address)
bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs,
unsigned long address)
{
- /* Write faults or kernel-privilege faults never get fixed up. */
- if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER)
+ /* Only simple user read faults get fixed up (no write, PK or shadow stack). */
+ if ((error_code & (X86_PF_WRITE | X86_PF_PK | X86_PF_SHSTK | X86_PF_USER)) !=
+ X86_PF_USER)
return false;
/*
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index f0e77e084482..004b242ebbf8 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1309,9 +1309,6 @@ void do_user_addr_fault(struct pt_regs *regs,
*
* The vsyscall page does not have a "real" VMA, so do this
* emulation before we go searching for VMAs.
- *
- * PKRU never rejects instruction fetches, so we don't need
- * to consider the PF_PK bit.
*/
if (is_vsyscall_vaddr(address)) {
if (emulate_vsyscall_pf(error_code, regs, address))
--
2.43.0