From: "Andi Kleen" Nop out system call instruction in vsyscall page when not needed. This may make some attacks more difficult. Signed-off-by: Andi Kleen Signed-off-by: Andrew Morton --- 25-akpm/arch/x86_64/kernel/vsyscall.c | 74 +++++++++++++++++++++++++++++++--- 1 files changed, 69 insertions(+), 5 deletions(-) diff -puN arch/x86_64/kernel/vsyscall.c~x86_64-nop-out-system-call-instruction-in-vsyscall-page arch/x86_64/kernel/vsyscall.c --- 25/arch/x86_64/kernel/vsyscall.c~x86_64-nop-out-system-call-instruction-in-vsyscall-page Wed Mar 23 15:38:30 2005 +++ 25-akpm/arch/x86_64/kernel/vsyscall.c Wed Mar 23 15:38:30 2005 @@ -13,8 +13,8 @@ * vsyscalls. One vsyscall can reserve more than 1 slot to avoid * jumping out of line if necessary. * - * Note: the concept clashes with user mode linux. If you use UML just - * set the kernel.vsyscall sysctl to 0. + * Note: the concept clashes with user mode linux. If you use UML and + * want per guest time just set the kernel.vsyscall64 sysctl to 0. */ /* @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -107,7 +108,7 @@ static force_inline void do_get_tz(struc static force_inline int gettimeofday(struct timeval *tv, struct timezone *tz) { int ret; - asm volatile("syscall" + asm volatile("vsysc2: syscall" : "=a" (ret) : "0" (__NR_gettimeofday),"D" (tv),"S" (tz) : __syscall_clobber ); return ret; @@ -116,7 +117,7 @@ static force_inline int gettimeofday(str static force_inline long time_syscall(long *t) { long secs; - asm volatile("syscall" + asm volatile("vsysc1: syscall" : "=a" (secs) : "0" (__NR_time),"D" (t) : __syscall_clobber); return secs; @@ -154,6 +155,69 @@ static long __vsyscall(3) venosys_1(void return -ENOSYS; } +#ifdef CONFIG_SYSCTL + +#define SYSCALL 0x050f +#define NOP2 0x9090 + +/* + * NOP out syscall in vsyscall page when not needed. + */ +static int vsyscall_sysctl_change(ctl_table *ctl, int write, struct file * filp, + void __user *buffer, size_t *lenp, loff_t *ppos) +{ + extern u16 vsysc1, vsysc2; + u16 *map1, *map2; + int ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); + if (!write) + return ret; + /* gcc has some trouble with __va(__pa()), so just do it this + way. */ + map1 = ioremap(__pa_symbol(&vsysc1), 2); + if (!map1) + return -ENOMEM; + map2 = ioremap(__pa_symbol(&vsysc2), 2); + if (!map2) { + ret = -ENOMEM; + goto out; + } + if (!sysctl_vsyscall) { + *map1 = SYSCALL; + *map2 = SYSCALL; + } else { + *map1 = NOP2; + *map2 = NOP2; + } + iounmap(map2); +out: + iounmap(map1); + return ret; +} + +static int vsyscall_sysctl_nostrat(ctl_table *t, int __user *name, int nlen, + void __user *oldval, size_t __user *oldlenp, + void __user *newval, size_t newlen, + void **context) +{ + return -ENOSYS; +} + +static ctl_table kernel_table2[] = { + { .ctl_name = 99, .procname = "vsyscall64", + .data = &sysctl_vsyscall, .maxlen = sizeof(int), .mode = 0644, + .strategy = vsyscall_sysctl_nostrat, + .proc_handler vsyscall_sysctl_change }, + { 0, } +}; + +static ctl_table kernel_root_table2[] = { + { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555, + .child = kernel_table2 }, + { 0 }, +}; + +#endif + static void __init map_vsyscall(void) { extern char __vsyscall_0; @@ -170,7 +234,7 @@ static int __init vsyscall_init(void) BUG_ON((VSYSCALL_ADDR(0) != __fix_to_virt(VSYSCALL_FIRST_PAGE))); map_vsyscall(); sysctl_vsyscall = 1; - + register_sysctl_table(kernel_root_table2, 0); return 0; } _