x86-64: Fill unused parts of the vsyscall page with 0xcc
Jumping to 0x00 might do something depending on the following bytes. Jumping to 0xcc is a trap. So fill the unused parts of the vsyscall page with 0xcc to make it useless for exploits to jump there. Signed-off-by: Andy Lutomirski <luto@mit.edu> Cc: Jesper Juhl <jj@chaosbits.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Jan Beulich <JBeulich@novell.com> Cc: richard -rw- weinberger <richard.weinberger@gmail.com> Cc: Mikael Pettersson <mikpe@it.uu.se> Cc: Andi Kleen <andi@firstfloor.org> Cc: Brian Gerst <brgerst@gmail.com> Cc: Louis Rilling <Louis.Rilling@kerlabs.com> Cc: Valdis.Kletnieks@vt.edu Cc: pageexec@freemail.hu Link: http://lkml.kernel.org/r/ed54bfcfbe50a9070d20ec1edbe0d149e22a4568.1307292171.git.luto@mit.edu Signed-off-by: Ingo Molnar <mingo@elte.hu>
This commit is contained in:
parent
bb5fe2f78e
commit
5dfcea629a
1 changed files with 8 additions and 10 deletions
|
@ -166,22 +166,20 @@ SECTIONS
|
|||
__vsyscall_0 = .;
|
||||
|
||||
. = VSYSCALL_ADDR;
|
||||
.vsyscall_0 : AT(VLOAD(.vsyscall_0)) {
|
||||
.vsyscall : AT(VLOAD(.vsyscall)) {
|
||||
*(.vsyscall_0)
|
||||
} :user
|
||||
|
||||
. = ALIGN(L1_CACHE_BYTES);
|
||||
.vsyscall_fn : AT(VLOAD(.vsyscall_fn)) {
|
||||
. = ALIGN(L1_CACHE_BYTES);
|
||||
*(.vsyscall_fn)
|
||||
}
|
||||
|
||||
.vsyscall_1 ADDR(.vsyscall_0) + 1024: AT(VLOAD(.vsyscall_1)) {
|
||||
. = 1024;
|
||||
*(.vsyscall_1)
|
||||
}
|
||||
.vsyscall_2 ADDR(.vsyscall_0) + 2048: AT(VLOAD(.vsyscall_2)) {
|
||||
*(.vsyscall_2)
|
||||
}
|
||||
|
||||
. = 2048;
|
||||
*(.vsyscall_2)
|
||||
|
||||
. = 4096; /* Pad the whole page. */
|
||||
} :user =0xcc
|
||||
. = ALIGN(__vsyscall_0 + PAGE_SIZE, PAGE_SIZE);
|
||||
|
||||
#undef VSYSCALL_ADDR
|
||||
|
|
Loading…
Reference in a new issue