|author||Andy Lutomirski <firstname.lastname@example.org>||2011-08-10 11:15:32 -0400|
|committer||H. Peter Anvin <email@example.com>||2011-08-10 19:26:46 -0500|
x86-64: Rework vsyscall emulation and add vsyscall= parameter
There are three choices: vsyscall=native: Vsyscalls are native code that issues the corresponding syscalls. vsyscall=emulate (default): Vsyscalls are emulated by instruction fault traps, tested in the bad_area path. The actual contents of the vsyscall page is the same as the vsyscall=native case except that it's marked NX. This way programs that make assumptions about what the code in the page does will not be confused when they read that code. vsyscall=none: Trying to execute a vsyscall will segfault. Signed-off-by: Andy Lutomirski <firstname.lastname@example.org> Link: http://email@example.com Signed-off-by: H. Peter Anvin <firstname.lastname@example.org>
Diffstat (limited to 'Documentation')
1 files changed, 21 insertions, 0 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index aa47be71df4c..9cfd6bb9198e 100644
@@ -2657,6 +2657,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
vmpoff= [KNL,S390] Perform z/VM CP command after power off.
+ vsyscall= [X86-64]
+ Controls the behavior of vsyscalls (i.e. calls to
+ fixed addresses of 0xffffffffff600x00 from legacy
+ code). Most statically-linked binaries and older
+ versions of glibc use these calls. Because these
+ functions are at fixed addresses, they make nice
+ targets for exploits that can control RIP.
+ emulate [default] Vsyscalls turn into traps and are
+ emulated reasonably safely.
+ native Vsyscalls are native syscall instructions.
+ This is a little bit faster than trapping
+ and makes a few dynamic recompilers work
+ better than they would in emulation mode.
+ It also makes exploits much easier to write.
+ none Vsyscalls don't work at all. This makes
+ them quite hard to use for exploits but
+ might break your system.
vt.cur_default= [VT] Default cursor shape.
Format: 0xCCBBAA, where AA, BB, and CC are the same as
the parameters of the <Esc>[?A;B;Cc escape sequence;