2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* Linker script for vsyscall DSO. The vsyscall page is an ELF shared
|
|
|
|
* object prelinked to its virtual address, and with only one read-only
|
|
|
|
* segment (that fits in one page). This script controls its layout.
|
|
|
|
*/
|
2005-09-09 17:28:28 +00:00
|
|
|
#include <asm/asm-offsets.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
SECTIONS
|
|
|
|
{
|
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 09:53:50 +00:00
|
|
|
. = VDSO_PRELINK + SIZEOF_HEADERS;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
.hash : { *(.hash) } :text
|
[PATCH] vDSO hash-style fix
The latest toolchains can produce a new ELF section in DSOs and
dynamically-linked executables. The new section ".gnu.hash" replaces
".hash", and allows for more efficient runtime symbol lookups by the
dynamic linker. The new ld option --hash-style={sysv|gnu|both} controls
whether to produce the old ".hash", the new ".gnu.hash", or both. In some
new systems such as Fedora Core 6, gcc by default passes --hash-style=gnu
to the linker, so that a standard invocation of "gcc -shared" results in
producing a DSO with only ".gnu.hash". The new ".gnu.hash" sections need
to be dealt with the same way as ".hash" sections in all respects; only the
dynamic linker cares about their contents. To work with older dynamic
linkers (i.e. preexisting releases of glibc), a binary must have the old
".hash" section. The --hash-style=both option produces binaries that a new
dynamic linker can use more efficiently, but an old dynamic linker can
still handle.
The new section runs afoul of the custom linker scripts used to build vDSO
images for the kernel. On ia64, the failure mode for this is a boot-time
panic because the vDSO's PT_IA_64_UNWIND segment winds up ill-formed.
This patch addresses the problem in two ways.
First, it mentions ".gnu.hash" in all the linker scripts alongside ".hash".
This produces correct vDSO images with --hash-style=sysv (or old tools),
with --hash-style=gnu, or with --hash-style=both.
Second, it passes the --hash-style=sysv option when building the vDSO
images, so that ".gnu.hash" is not actually produced. This is the most
conservative choice for compatibility with any old userland. There is some
concern that some ancient glibc builds (though not any known old production
system) might choke on --hash-style=both binaries. The optimizations
provided by the new style of hash section do not really matter for a DSO
with a tiny number of symbols, as the vDSO has. If someone wants to use
=gnu or =both for their vDSO builds and worry less about that
compatibility, just change the option and the linker script changes will
make any choice work fine.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-30 10:04:06 +00:00
|
|
|
.gnu.hash : { *(.gnu.hash) }
|
2005-04-16 22:20:36 +00:00
|
|
|
.dynsym : { *(.dynsym) }
|
|
|
|
.dynstr : { *(.dynstr) }
|
|
|
|
.gnu.version : { *(.gnu.version) }
|
|
|
|
.gnu.version_d : { *(.gnu.version_d) }
|
|
|
|
.gnu.version_r : { *(.gnu.version_r) }
|
|
|
|
|
|
|
|
/* This linker script is used both with -r and with -shared.
|
|
|
|
For the layouts to match, we need to skip more than enough
|
|
|
|
space for the dynamic symbol table et al. If this amount
|
|
|
|
is insufficient, ld -shared will barf. Just increase it here. */
|
[PATCH] vdso: randomize the i386 vDSO by moving it into a vma
Move the i386 VDSO down into a vma and thus randomize it.
Besides the security implications, this feature also helps debuggers, which
can COW a vma-backed VDSO just like a normal DSO and can thus do
single-stepping and other debugging features.
It's good for hypervisors (Xen, VMWare) too, which typically live in the same
high-mapped address space as the VDSO, hence whenever the VDSO is used, they
get lots of guest pagefaults and have to fix such guest accesses up - which
slows things down instead of speeding things up (the primary purpose of the
VDSO).
There's a new CONFIG_COMPAT_VDSO (default=y) option, which provides support
for older glibcs that still rely on a prelinked high-mapped VDSO. Newer
distributions (using glibc 2.3.3 or later) can turn this option off. Turning
it off is also recommended for security reasons: attackers cannot use the
predictable high-mapped VDSO page as syscall trampoline anymore.
There is a new vdso=[0|1] boot option as well, and a runtime
/proc/sys/vm/vdso_enabled sysctl switch, that allows the VDSO to be turned
on/off.
(This version of the VDSO-randomization patch also has working ELF
coredumping, the previous patch crashed in the coredumping code.)
This code is a combined work of the exec-shield VDSO randomization
code and Gerd Hoffmann's hypervisor-centric VDSO patch. Rusty Russell
started this patch and i completed it.
[akpm@osdl.org: cleanups]
[akpm@osdl.org: compile fix]
[akpm@osdl.org: compile fix 2]
[akpm@osdl.org: compile fix 3]
[akpm@osdl.org: revernt MAXMEM change]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Cc: Gerd Hoffmann <kraxel@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@muc.de>
Cc: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 09:53:50 +00:00
|
|
|
. = VDSO_PRELINK + 0x400;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
.text : { *(.text) } :text =0x90909090
|
2005-04-16 22:24:48 +00:00
|
|
|
.note : { *(.note.*) } :text :note
|
2005-04-16 22:20:36 +00:00
|
|
|
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr
|
|
|
|
.eh_frame : { KEEP (*(.eh_frame)) } :text
|
|
|
|
.dynamic : { *(.dynamic) } :text :dynamic
|
|
|
|
.useless : {
|
|
|
|
*(.got.plt) *(.got)
|
|
|
|
*(.data .data.* .gnu.linkonce.d.*)
|
|
|
|
*(.dynbss)
|
|
|
|
*(.bss .bss.* .gnu.linkonce.b.*)
|
|
|
|
} :text
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We must supply the ELF program headers explicitly to get just one
|
|
|
|
* PT_LOAD segment, and set the flags explicitly to make segments read-only.
|
|
|
|
*/
|
|
|
|
PHDRS
|
|
|
|
{
|
|
|
|
text PT_LOAD FILEHDR PHDRS FLAGS(5); /* PF_R|PF_X */
|
|
|
|
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
|
2005-04-16 22:24:48 +00:00
|
|
|
note PT_NOTE FLAGS(4); /* PF_R */
|
2005-04-16 22:20:36 +00:00
|
|
|
eh_frame_hdr 0x6474e550; /* PT_GNU_EH_FRAME, but ld doesn't match the name */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This controls what symbols we export from the DSO.
|
|
|
|
*/
|
|
|
|
VERSION
|
|
|
|
{
|
|
|
|
LINUX_2.5 {
|
|
|
|
global:
|
|
|
|
__kernel_vsyscall;
|
|
|
|
__kernel_sigreturn;
|
|
|
|
__kernel_rt_sigreturn;
|
|
|
|
|
|
|
|
local: *;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The ELF entry point can be used to set the AT_SYSINFO value. */
|
|
|
|
ENTRY(__kernel_vsyscall);
|