git.baikalelectronics.ru Git - kernel.git/commit

author	Andy Lutomirski <luto@kernel.org>
	Thu, 27 Jun 2019 04:45:03 +0000 (21:45 -0700)
committer	Thomas Gleixner <tglx@linutronix.de>
	Thu, 27 Jun 2019 22:04:38 +0000 (00:04 +0200)
commit	53766a3606af1cd4e7a82e20bc957daa8d19b8d2
tree	daccbea6996578898949597e3132980fe2baf046	tree \| snapshot
parent	451459099cb49675ea5df0f8325bde97d7779f4b	commit \| diff

x86/vsyscall: Add a new vsyscall=xonly mode

With vsyscall emulation on, a readable vsyscall page is still exposed that
contains syscall instructions that validly implement the vsyscalls.

This is required because certain dynamic binary instrumentation tools
attempt to read the call targets of call instructions in the instrumented
code. If the instrumented code uses vsyscalls, then the vsyscall page needs
to contain readable code.

Unfortunately, leaving readable memory at a deterministic address can be
used to help various ASLR bypasses, so some hardening value can be gained
by disallowing vsyscall reads.

Given how rarely the vsyscall page needs to be readable, add a mechanism to
make the vsyscall page be execute only.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Kernel Hardening <kernel-hardening@lists.openwall.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lkml.kernel.org/r/d17655777c21bc09a7af1bbcf74e6f2b69a51152.1561610354.git.luto@kernel.org

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
arch/x86/Kconfig		diff \| blob \| history
arch/x86/entry/vsyscall/vsyscall_64.c		diff \| blob \| history