From: "Jan Beulich" <JBeulich@novell.com>
To: "Ingo Molnar" <mingo@elte.hu>, "Andy Lutomirski" <luto@MIT.EDU>
Cc: "Borislav Petkov" <bp@alien8.de>,
"Jesper Juhl" <jj@chaosbits.net>,
"richard -rw- weinberger" <richard.weinberger@gmail.com>,
"Arjan van de Ven" <arjan@infradead.org>,
"Mikael Pettersson" <mikpe@it.uu.se>, <x86@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls
Date: Mon, 30 May 2011 08:51:09 +0100 [thread overview]
Message-ID: <4DE3688D020000780004427E@vpn.id2.novell.com> (raw)
In-Reply-To: <07445623494a3d9f02581eb06326420f5f443043.1306724657.git.luto@mit.edu>
>>> On 30.05.11 at 05:48, Andy Lutomirski <luto@MIT.EDU> wrote:
> This causes vsyscalls to be a little more expensive than real
> syscalls. Fortunately sensible programs don't use them.
Hmm - weren't vsyscalls there for performance reasons?
Besides that, just a mostly cosmetic remark:
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1650,6 +1650,23 @@ config COMPAT_VDSO
>
> If unsure, say Y.
>
> +config UNSAFE_VSYSCALLS
> + def_bool y
> + prompt "Unsafe fast legacy vsyscalls"
> + depends on X86_64
> + ---help---
> + Legacy user code expects to be able to issue three syscalls
> + by calling fixed addresses in kernel space. If you say N,
> + then the kernel traps and emulates these calls. If you say
> + Y, then there is actual executable code at a fixed address
> + to implement these calls efficiently.
> +
> + On a system with recent enough glibc (probably 2.14 or
> + newer) and no static binaries, you can say N without a
> + performance penalty to improve security
> +
> + If unsure, say Y.
> +
> config CMDLINE_BOOL
> bool "Built-in kernel command line"
> ---help---
> --- a/arch/x86/kernel/Makefile
> +++ b/arch/x86/kernel/Makefile
> @@ -42,6 +42,9 @@ obj-$(CONFIG_X86_32) += probe_roms_32.o
> obj-$(CONFIG_X86_32) += sys_i386_32.o i386_ksyms_32.o
> obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o
> obj-$(CONFIG_X86_64) += syscall_64.o vsyscall_64.o vread_tsc_64.o
> +ifndef CONFIG_UNSAFE_VSYSCALLS
> + obj-$(CONFIG_X86_64) += vsyscall_emu_64.o
> +endif
With the Kconfig dependency on X86_64 above and the new
variable being a boolean one, these three lines can be written
as just
obj-$(CONFIG_UNSAFE_VSYSCALLS) += vsyscall_emu_64.o
Jan
> obj-y += bootflag.o e820.o
> obj-y += pci-dma.o quirks.o topology.o kdebugfs.o
> obj-y += alternative.o i8253.o pci-nommu.o hw_breakpoint.o
next prev parent reply other threads:[~2011-05-30 7:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-30 3:48 [PATCH v2 00/10] Remove syscall instructions at fixed addresses Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 01/10] x86-64: Fix alignment of jiffies variable Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 02/10] x86-64: Give vvars their own page Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 03/10] x86-64: Remove kernel.vsyscall64 sysctl Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 04/10] x86-64: Replace vsyscall gettimeofday fallback with int 0xcc Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 05/10] x86-64: Map the HPET NX Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 06/10] x86-64: Remove vsyscall number 3 (venosys) Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 07/10] x86-64: Fill unused parts of the vsyscall page with 0xcc Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 08/10] x86-64: Emulate vsyscalls Andy Lutomirski
2011-05-30 7:35 ` Borislav Petkov
2011-05-30 10:43 ` Andrew Lutomirski
2011-05-30 7:46 ` Ingo Molnar
2011-05-30 10:57 ` Andrew Lutomirski
2011-05-30 10:59 ` Ingo Molnar
2011-05-30 11:35 ` Andrew Lutomirski
2011-05-30 12:15 ` Ingo Molnar
2011-05-30 12:25 ` Andrew Lutomirski
2011-05-30 14:12 ` Ingo Molnar
2011-05-30 7:51 ` Jan Beulich [this message]
2011-05-30 8:07 ` Ingo Molnar
2011-05-31 2:29 ` Andrew Lutomirski
2011-05-30 3:48 ` [PATCH v2 09/10] x86-64: Randomize int 0xcc magic al values at boot Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 10/10] x86-64: Document some of entry_64.S Andy Lutomirski
2011-05-30 7:59 ` Borislav Petkov
2011-05-30 10:40 ` Andrew Lutomirski
2011-05-30 10:50 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DE3688D020000780004427E@vpn.id2.novell.com \
--to=jbeulich@novell.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=bp@alien8.de \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@MIT.EDU \
--cc=mikpe@it.uu.se \
--cc=mingo@elte.hu \
--cc=richard.weinberger@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.