x86-64: Fill unused parts of the vsyscall page with 0xcc

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Jumping to 0x00 might do something depending on the following
bytes. Jumping to 0xcc is a trap. So fill the unused parts of
the vsyscall page with 0xcc to make it useless for exploits to
jump there.

Signed-off-by: Andy Lutomirski <luto@mit.edu>
Cc: Jesper Juhl <jj@chaosbits.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Jan Beulich <JBeulich@novell.com>
Cc: richard -rw- weinberger <richard.weinberger@gmail.com>
Cc: Mikael Pettersson <mikpe@it.uu.se>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Louis Rilling <Louis.Rilling@kerlabs.com>
Cc: Valdis.Kletnieks@vt.edu
Cc: pageexec@freemail.hu
Link: http://lkml.kernel.org/r/ed54bfcfbe50a9070d20ec1edbe0d149e22a4568.1307292171.git.luto@mit.edu
Signed-off-by: Ingo Molnar <mingo@elte.hu>

authored by

Andy Lutomirski and committed by

Ingo Molnar 15 years ago 5dfcea62 bb5fe2f7

+8 -10

1 changed file

expand all

arch

x86

kernel

vmlinux.lds.S

+8 -10

arch/x86/kernel/vmlinux.lds.S

··· 166 166 __vsyscall_0 = .; 167 167 168 168 . = VSYSCALL_ADDR; 169 - .vsyscall_0 : AT(VLOAD(.vsyscall_0)) { 169 + .vsyscall : AT(VLOAD(.vsyscall)) { 170 170 *(.vsyscall_0) 171 - } :user 172 171 173 - . = ALIGN(L1_CACHE_BYTES); 174 - .vsyscall_fn : AT(VLOAD(.vsyscall_fn)) { 172 + . = ALIGN(L1_CACHE_BYTES); 175 173 *(.vsyscall_fn) 176 - } 177 174 178 - .vsyscall_1 ADDR(.vsyscall_0) + 1024: AT(VLOAD(.vsyscall_1)) { 175 + . = 1024; 179 176 *(.vsyscall_1) 180 - } 181 - .vsyscall_2 ADDR(.vsyscall_0) + 2048: AT(VLOAD(.vsyscall_2)) { 182 - *(.vsyscall_2) 183 - } 184 177 178 + . = 2048; 179 + *(.vsyscall_2) 180 + 181 + . = 4096; /* Pad the whole page. */ 182 + } :user =0xcc 185 183 . = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE); 186 184 187 185 #undef VSYSCALL_ADDR