Re: [PATCH v4 03/10] x86-64: Give vvars their own page
From: Louis Rilling
Date: Tue May 31 2011 - 13:23:15 EST
On 31/05/11 10:14 -0400, Andy Lutomirski wrote:
> Move vvars out of the vsyscall page into their own page and mark it
> NX.
>
> Without this patch, an attacker who can force a daemon to call some
> fixed address could wait until the time contains, say, 0xCD80, and
> then execute the current time.
>
> Signed-off-by: Andy Lutomirski <luto@xxxxxxx>
> ---
> arch/x86/include/asm/fixmap.h | 1 +
> arch/x86/include/asm/pgtable_types.h | 2 ++
> arch/x86/include/asm/vvar.h | 22 ++++++++++------------
> arch/x86/kernel/vmlinux.lds.S | 27 ++++++++++++++++-----------
> arch/x86/kernel/vsyscall_64.c | 5 +++++
> 5 files changed, 34 insertions(+), 23 deletions(-)
>
[...]
> diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
> index 89aed99..3d89a00 100644
> --- a/arch/x86/kernel/vmlinux.lds.S
> +++ b/arch/x86/kernel/vmlinux.lds.S
> @@ -161,12 +161,6 @@ SECTIONS
>
> #define VVIRT_OFFSET (VSYSCALL_ADDR - __vsyscall_0)
> #define VVIRT(x) (ADDR(x) - VVIRT_OFFSET)
> -#define EMIT_VVAR(x, offset) .vsyscall_var_ ## x \
> - ADDR(.vsyscall_0) + offset \
> - : AT(VLOAD(.vsyscall_var_ ## x)) { \
> - *(.vsyscall_var_ ## x) \
> - } \
> - x = VVIRT(.vsyscall_var_ ## x);
>
> . = ALIGN(4096);
> __vsyscall_0 = .;
> @@ -192,17 +186,28 @@ SECTIONS
> *(.vsyscall_3)
> }
>
> -#define __VVAR_KERNEL_LDS
> -#include <asm/vvar.h>
> -#undef __VVAR_KERNEL_LDS
> -
> - . = __vsyscall_0 + PAGE_SIZE;
> + . = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE);
>
> #undef VSYSCALL_ADDR
> #undef VLOAD_OFFSET
> #undef VLOAD
> #undef VVIRT_OFFSET
> #undef VVIRT
> +
> + __vvar_page = .;
> +
> +#define EMIT_VVAR(name, offset) .vvar_ ## name \
> + (__vvar_page + offset) : \
> + AT(ADDR(.vvar_ ## name) - LOAD_OFFSET) { \
> + *(.vvar_ ## x) \
^
Maybe s/x/name/ ? -----------|
Thanks,
Louis
> + } :data
> +
> +#define __VVAR_KERNEL_LDS
> +#include <asm/vvar.h>
> +#undef __VVAR_KERNEL_LDS
> +
> + . = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
> +
> #undef EMIT_VVAR
>
> #endif /* CONFIG_X86_64 */
> diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
> index 3e68218..3cf1cef 100644
> --- a/arch/x86/kernel/vsyscall_64.c
> +++ b/arch/x86/kernel/vsyscall_64.c
> @@ -284,9 +284,14 @@ void __init map_vsyscall(void)
> {
> extern char __vsyscall_0;
> unsigned long physaddr_page0 = __pa_symbol(&__vsyscall_0);
> + extern char __vvar_page;
> + unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page);
>
> /* Note that VSYSCALL_MAPPED_PAGES must agree with the code below. */
> __set_fixmap(VSYSCALL_FIRST_PAGE, physaddr_page0, PAGE_KERNEL_VSYSCALL);
> + __set_fixmap(VVAR_PAGE, physaddr_vvar_page, PAGE_KERNEL_VVAR);
> + BUILD_BUG_ON((unsigned long)__fix_to_virt(VVAR_PAGE) !=
> + (unsigned long)VVAR_ADDRESS);
> }
>
> static int __init vsyscall_init(void)
> --
> 1.7.5.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Dr Louis Rilling Kerlabs
Skype: louis.rilling Batiment Germanium
Phone: (+33|0) 6 80 89 08 23 80 avenue des Buttes de Coesmes
http://www.kerlabs.com/ 35700 Rennes
Attachment:
signature.asc
Description: Digital signature