mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-21 10:05:00 +08:00
e6e5494cb2
Move the i386 VDSO down into a vma and thus randomize it. Besides the security implications, this feature also helps debuggers, which can COW a vma-backed VDSO just like a normal DSO and can thus do single-stepping and other debugging features. It's good for hypervisors (Xen, VMWare) too, which typically live in the same high-mapped address space as the VDSO, hence whenever the VDSO is used, they get lots of guest pagefaults and have to fix such guest accesses up - which slows things down instead of speeding things up (the primary purpose of the VDSO). There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support for older glibcs that still rely on a prelinked high-mapped VDSO. Newer distributions (using glibc 2.3.3 or later) can turn this option off. Turning it off is also recommended for security reasons: attackers cannot use the predictable high-mapped VDSO page as syscall trampoline anymore. There is a new vdso=[0|1] boot option as well, and a runtime /proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned on/off. (This version of the VDSO-randomization patch also has working ELF coredumping, the previous patch crashed in the coredumping code.) This code is a combined work of the exec-shield VDSO randomization code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell started this patch and i completed it. [akpm@osdl.org: cleanups] [akpm@osdl.org: compile fix] [akpm@osdl.org: compile fix 2] [akpm@osdl.org: compile fix 3] [akpm@osdl.org: revernt MAXMEM change] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Arjan van de Ven <arjan@infradead.org> Cc: Gerd Hoffmann <kraxel@suse.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Zachary Amsden <zach@vmware.com> Cc: Andi Kleen <ak@muc.de> Cc: Jan Beulich <jbeulich@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
150 lines
4.4 KiB
C
150 lines
4.4 KiB
C
/*
|
|
* fixmap.h: compile-time virtual memory allocation
|
|
*
|
|
* This file is subject to the terms and conditions of the GNU General Public
|
|
* License. See the file "COPYING" in the main directory of this archive
|
|
* for more details.
|
|
*
|
|
* Copyright (C) 1998 Ingo Molnar
|
|
*
|
|
* Support of BIGMEM added by Gerhard Wichert, Siemens AG, July 1999
|
|
*/
|
|
|
|
#ifndef _ASM_FIXMAP_H
|
|
#define _ASM_FIXMAP_H
|
|
|
|
|
|
/* used by vmalloc.c, vsyscall.lds.S.
|
|
*
|
|
* Leave one empty page between vmalloc'ed areas and
|
|
* the start of the fixmap.
|
|
*/
|
|
#define __FIXADDR_TOP 0xfffff000
|
|
|
|
#ifndef __ASSEMBLY__
|
|
#include <linux/kernel.h>
|
|
#include <asm/acpi.h>
|
|
#include <asm/apicdef.h>
|
|
#include <asm/page.h>
|
|
#ifdef CONFIG_HIGHMEM
|
|
#include <linux/threads.h>
|
|
#include <asm/kmap_types.h>
|
|
#endif
|
|
|
|
/*
|
|
* Here we define all the compile-time 'special' virtual
|
|
* addresses. The point is to have a constant address at
|
|
* compile time, but to set the physical address only
|
|
* in the boot process. We allocate these special addresses
|
|
* from the end of virtual memory (0xfffff000) backwards.
|
|
* Also this lets us do fail-safe vmalloc(), we
|
|
* can guarantee that these special addresses and
|
|
* vmalloc()-ed addresses never overlap.
|
|
*
|
|
* these 'compile-time allocated' memory buffers are
|
|
* fixed-size 4k pages. (or larger if used with an increment
|
|
* highger than 1) use fixmap_set(idx,phys) to associate
|
|
* physical memory with fixmap indices.
|
|
*
|
|
* TLB entries of such buffers will not be flushed across
|
|
* task switches.
|
|
*/
|
|
enum fixed_addresses {
|
|
FIX_HOLE,
|
|
FIX_VDSO,
|
|
#ifdef CONFIG_X86_LOCAL_APIC
|
|
FIX_APIC_BASE, /* local (CPU) APIC) -- required for SMP or not */
|
|
#endif
|
|
#ifdef CONFIG_X86_IO_APIC
|
|
FIX_IO_APIC_BASE_0,
|
|
FIX_IO_APIC_BASE_END = FIX_IO_APIC_BASE_0 + MAX_IO_APICS-1,
|
|
#endif
|
|
#ifdef CONFIG_X86_VISWS_APIC
|
|
FIX_CO_CPU, /* Cobalt timer */
|
|
FIX_CO_APIC, /* Cobalt APIC Redirection Table */
|
|
FIX_LI_PCIA, /* Lithium PCI Bridge A */
|
|
FIX_LI_PCIB, /* Lithium PCI Bridge B */
|
|
#endif
|
|
#ifdef CONFIG_X86_F00F_BUG
|
|
FIX_F00F_IDT, /* Virtual mapping for IDT */
|
|
#endif
|
|
#ifdef CONFIG_X86_CYCLONE_TIMER
|
|
FIX_CYCLONE_TIMER, /*cyclone timer register*/
|
|
#endif
|
|
#ifdef CONFIG_HIGHMEM
|
|
FIX_KMAP_BEGIN, /* reserved pte's for temporary kernel mappings */
|
|
FIX_KMAP_END = FIX_KMAP_BEGIN+(KM_TYPE_NR*NR_CPUS)-1,
|
|
#endif
|
|
#ifdef CONFIG_ACPI
|
|
FIX_ACPI_BEGIN,
|
|
FIX_ACPI_END = FIX_ACPI_BEGIN + FIX_ACPI_PAGES - 1,
|
|
#endif
|
|
#ifdef CONFIG_PCI_MMCONFIG
|
|
FIX_PCIE_MCFG,
|
|
#endif
|
|
__end_of_permanent_fixed_addresses,
|
|
/* temporary boot-time mappings, used before ioremap() is functional */
|
|
#define NR_FIX_BTMAPS 16
|
|
FIX_BTMAP_END = __end_of_permanent_fixed_addresses,
|
|
FIX_BTMAP_BEGIN = FIX_BTMAP_END + NR_FIX_BTMAPS - 1,
|
|
FIX_WP_TEST,
|
|
__end_of_fixed_addresses
|
|
};
|
|
|
|
extern void __set_fixmap (enum fixed_addresses idx,
|
|
unsigned long phys, pgprot_t flags);
|
|
|
|
#define set_fixmap(idx, phys) \
|
|
__set_fixmap(idx, phys, PAGE_KERNEL)
|
|
/*
|
|
* Some hardware wants to get fixmapped without caching.
|
|
*/
|
|
#define set_fixmap_nocache(idx, phys) \
|
|
__set_fixmap(idx, phys, PAGE_KERNEL_NOCACHE)
|
|
|
|
#define clear_fixmap(idx) \
|
|
__set_fixmap(idx, 0, __pgprot(0))
|
|
|
|
#define FIXADDR_TOP ((unsigned long)__FIXADDR_TOP)
|
|
|
|
#define __FIXADDR_SIZE (__end_of_permanent_fixed_addresses << PAGE_SHIFT)
|
|
#define __FIXADDR_BOOT_SIZE (__end_of_fixed_addresses << PAGE_SHIFT)
|
|
#define FIXADDR_START (FIXADDR_TOP - __FIXADDR_SIZE)
|
|
#define FIXADDR_BOOT_START (FIXADDR_TOP - __FIXADDR_BOOT_SIZE)
|
|
|
|
#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT))
|
|
#define __virt_to_fix(x) ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT)
|
|
|
|
extern void __this_fixmap_does_not_exist(void);
|
|
|
|
/*
|
|
* 'index to address' translation. If anyone tries to use the idx
|
|
* directly without tranlation, we catch the bug with a NULL-deference
|
|
* kernel oops. Illegal ranges of incoming indices are caught too.
|
|
*/
|
|
static __always_inline unsigned long fix_to_virt(const unsigned int idx)
|
|
{
|
|
/*
|
|
* this branch gets completely eliminated after inlining,
|
|
* except when someone tries to use fixaddr indices in an
|
|
* illegal way. (such as mixing up address types or using
|
|
* out-of-range indices).
|
|
*
|
|
* If it doesn't get removed, the linker will complain
|
|
* loudly with a reasonably clear error message..
|
|
*/
|
|
if (idx >= __end_of_fixed_addresses)
|
|
__this_fixmap_does_not_exist();
|
|
|
|
return __fix_to_virt(idx);
|
|
}
|
|
|
|
static inline unsigned long virt_to_fix(const unsigned long vaddr)
|
|
{
|
|
BUG_ON(vaddr >= FIXADDR_TOP || vaddr < FIXADDR_START);
|
|
return __virt_to_fix(vaddr);
|
|
}
|
|
|
|
#endif /* !__ASSEMBLY__ */
|
|
#endif
|