Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp891489iob; Thu, 12 May 2022 06:56:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzpCe9FwyabaG160wd/4CSVNLH8brKjX9yeOf/5f/04wo1fGcUQJWyuGgAy14BGAQKS3sN2 X-Received: by 2002:a17:907:100e:b0:6f3:8efd:107b with SMTP id ox14-20020a170907100e00b006f38efd107bmr29416047ejb.745.1652363770861; Thu, 12 May 2022 06:56:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652363770; cv=none; d=google.com; s=arc-20160816; b=R5Rq08LJw139bU6ZjlyhK16UwI0vWk9rP2uXn0Wk5lpjGQXVTw/H++bgPfbG3Uc+bJ M3tXXSA7CoRvHtbMc7u32m53f5OUSTT6BBg2PXdiXozKPbzqnNyH4MuMoJcVNM8zSLFp /IJkiTyLDYZp/78zW37ISlhVpB1DfMd06PtT2/LNHWFr0SdPLOlPtU/rgL/U2llVP/ZQ WzN4+RE9p4zFqRAQwKRbAeWhI6Lcz9uWPft803Cf0kXve+VZ3ID0Kr8Pxx6Yhy3O4Kh2 p/rQm81DdKpuD9a8OIOEmVQLyyD/D6ZtcCwQ61xY20cFeAJDIqenzpEk70EqnVrftONS bCTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XHLxW3xrz+QxrJarMGJXGWAFAXQv1h3RAXm3OAdp+Xo=; b=x6CUIud9n491iSKc5PHvrn8sZF0RVPJsvgYN77Unue/xJOsOt3nyALM7OCVV5yxt1i RZjiDCqS4joaSHsNrMq+y0mnEqhAifB8iBDF7pyayR0IsVNXhOEDFRmUjNu83c4SlETx 3INezr317rU9SX8746Q8zIO/iYxKoea7GiHawicWk1HsbLWFp61LOI2dUGkVaFnJw7Sh ceKoJdwopdnIto8I4sECIumpQYavh5IbeSKhvdZIjIi6Uvo7sN1TrUV2nCmTRErI6QmP uQFA6kTTFeqviMAnSWIKdYp3DUldJ5x4nVataQnqls8Q+t4Fv6hIoYaiS1iNOq0nWWTv 8LIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SbRJTBcw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p9-20020a170906614900b006e7f5d0f45asi5732205ejl.791.2022.05.12.06.55.44; Thu, 12 May 2022 06:56:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SbRJTBcw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345691AbiEKRjA (ORCPT + 99 others); Wed, 11 May 2022 13:39:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233838AbiEKRi5 (ORCPT ); Wed, 11 May 2022 13:38:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CFFFC6EC67 for ; Wed, 11 May 2022 10:38:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 50C4F61D41 for ; Wed, 11 May 2022 17:38:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C233C34113; Wed, 11 May 2022 17:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652290735; bh=syIKHRhgy3Ko+vIqW2rsVLjtccP6pVBn9FOZ1vI6eqU=; h=From:To:Cc:Subject:Date:From; b=SbRJTBcw7K2fFL78Gm/QGQKqgk0GXCKKDxrn6+yUnVwkeWvelJ91h1vri7arXbSPf DwfLL89F4v1HJwkvmfpHqCRf7CPLLH94K8pY4zlqUKY7pU2SoGgqxaPzRi5+hq920u uGZhcA6o4lPG1dOJLWqd+TgqH0NWr2L7YTGv96LO/ax9dlKvHu2apWJD2ltknrFkXN hbp1kmSkHFa4ZAEpeujrNoBMOmruZXfuh/JQHvxs+reHAOG7lqbaULEoIQAmTij2oI 42rjHpSfDGctQg1yLbGxKhux9OFkAjDB40tesSRJE1Ef34E288nXWP1JN6oBHDC3bW jxyYbOsjUqTRA== From: Andy Lutomirski To: x86@kernel.org Cc: LKML , Andy Lutomirski , Kees Cook , Florian Weimer Subject: [PATCH] x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE Date: Wed, 11 May 2022 10:38:53 -0700 Message-Id: <898932fe61db6a9d61bc2458fa2f6049f1ca9f5c.1652290558.git.luto@kernel.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CONFIG_LEGACY_VSYSCALL_EMULATE is, as far as I know, only needed for the combined use of exotic and outdated debugging mechanisms with outdated binaries. At this point, no one should be using it. We would like to implement dynamic switching of vsyscalls, but this is much more complicated to support in EMULATE mode than XONLY mode. So let's force all the distros off of EMULATE mode. If anyone actually needs it, they can set vsyscall=emulate, and we can then get away with refusing to support newer security models if that option is set. Cc: x86@kernel.org Cc: Kees Cook Cc: Florian Weimer Signed-off-by: Andy Lutomirski --- arch/x86/Kconfig | 18 +++--------------- arch/x86/entry/vsyscall/vsyscall_64.c | 2 +- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4bed3abf444d..68c669680c16 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2326,7 +2326,9 @@ choice it can be used to assist security vulnerability exploitation. This setting can be changed at boot time via the kernel command - line parameter vsyscall=[emulate|xonly|none]. + line parameter vsyscall=[emulate|xonly|none]. Emulate mode + is deprecated and can only be enabled using the kernel command + line. On a system with recent enough glibc (2.14 or newer) and no static binaries, you can say None without a performance penalty @@ -2334,20 +2336,6 @@ choice If unsure, select "Emulate execution only". - config LEGACY_VSYSCALL_EMULATE - bool "Full emulation" - help - The kernel traps and emulates calls into the fixed vsyscall - address mapping. This makes the mapping non-executable, but - it still contains readable known contents, which could be - used in certain rare security vulnerability exploits. This - configuration is recommended when using legacy userspace - that still uses vsyscalls along with legacy binary - instrumentation tools that require code to be readable. - - An example of this type of legacy userspace is running - Pin on an old binary that still uses vsyscalls. - config LEGACY_VSYSCALL_XONLY bool "Emulate execution only" help diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index fd2ee9408e91..4af81df133ee 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -48,7 +48,7 @@ static enum { EMULATE, XONLY, NONE } vsyscall_mode __ro_after_init = #elif defined(CONFIG_LEGACY_VSYSCALL_XONLY) XONLY; #else - EMULATE; + #error VSYSCALL config is broken #endif static int __init vsyscall_setup(char *str) -- 2.35.1