Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 229304 - [patch] vdso is in user's way when exec-shield is off
[patch] vdso is in user's way when exec-shield is off
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2007-02-19 22:48 EST by John Reiser
Modified: 2008-06-06 03:44 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-06 03:44:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
put vdso at STACK_TOP when 0==exec_shield (888 bytes, patch)
2007-02-19 22:48 EST, John Reiser
no flags Details | Diff
linux-2.6-x86-vdso-place.patch (1.25 KB, patch)
2007-02-21 17:13 EST, John Reiser
no flags Details | Diff

  None (edit)
Description John Reiser 2007-02-19 22:48:32 EST
Description of problem: On i386 the vdso is still being placed randomly even
when exec-shield is off.  This interferes with the user address space, because
the vdso cannot be moved.  Random placement reduces the contiguous space that
otherwise would be available to the user.  This is somewhat OK when exec-shield
is on, but is not reasonable when exec-shield is off.  Instead, when exec-shield
is off, then the vdso should be placed at STACK_TOP, in order to interfere as
little as possible with the user's use of address space.  i686 boxes still must
provide service for a while longer [before being replaced by x86_64 with 64-bit
address space where the problem does not arise], including running applications
that want maximal contiguous address space.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. echo 0 >/proc/sys/kernel/exec-shield  # turn off exec-shield
2. grep vdso /proc/self/maps
Actual results:
00924000-00925000 r-xp 00924000 00:00 0          [vdso]
# or other address below 0x08048000

Expected results:
bffff000-c0000000 r-xp bffff000 00:00 0          [vdso]
# one page below TASK_SIZE

Additional info:
Related: bug 207020 (vDSO placement ignores exec-shield; inhibits NX simulation)

See suggested patch linux-2.6-x86-vdso-stacktop-0.patch (attached.)
Comment 1 John Reiser 2007-02-19 22:48:32 EST
Created attachment 148397 [details]
put vdso at STACK_TOP when 0==exec_shield
Comment 2 Chuck Ebbert 2007-02-20 09:43:24 EST
vDSO randomization is a feature added to the upstream kernel.
I don't think anybody thought about an off switch for it.
You could try:
    echo 0>/proc/sys/kernel/randomize_va_space

The only other thing I can suggest is trying the kernel boot parameter
"vdso=0", which will disable it completely. This may or may not be useful,
and your system might not even boot with that set.
Comment 3 John Reiser 2007-02-20 11:20:05 EST
Setting to zero all three of vdso, vdso_populate, and randomize_va_space still
gives a random page for vdso in 2.6.19-1.2911.fc6.  The f7 development
installers via rescue CD and diskboot.img fail today; I'll test there soon.
Comment 4 Chuck Ebbert 2007-02-20 11:47:48 EST
Try /proc/sys/vm/vdso_enabled?

Comment 5 John Reiser 2007-02-20 15:24:32 EST
Also setting vdso_enabled to zero (along with the three other variables
mentioned before) still gives a random page for vdso in 2.6.19-1.2911.fc6.
Comment 6 John Reiser 2007-02-21 17:13:33 EST
Created attachment 148544 [details]

This patch to kernel-2.6.20-1.2936.fc7 places vdso for i386 according to the
value in /proc/sys/vm/vdso_enabled:
0: no vdso at all
1: random free page
3: just below the .text of main
4: just below the .text of PT_INTERP
Comment 7 Chuck Ebbert 2007-02-21 19:23:56 EST
Did you send your patch to the linux-kernel mailing list?
If not, please do.
Comment 8 John Reiser 2007-02-22 16:09:12 EST
fully honor vdso_enabled [i386, sh; x86_64?]	John Reiser
Comment 9 Chuck Ebbert 2007-03-01 14:26:34 EST
Hmm, /proc/sys/vm/legacy_va_layout changes things. Not sure if it's
what you want, though.

Comment 10 Bill Nottingham 2007-03-02 12:41:52 EST
Moving to 'devel' as discussed on
Comment 11 Chuck Ebbert 2007-04-27 16:18:40 EDT
You need to disable the vdso at boot time. Once booted it can't be changed
AFAICT. So try booting with "vdso=0".
Comment 12 Bug Zapper 2008-04-03 15:12:01 EDT
Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.

If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we're following is outlined here:

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 13 John Reiser 2008-04-06 22:42:53 EDT
The problem persists in 2.6.25-0.195.rc8.git1.fc9.i686, and has gotten worse. 
There is no way to turn off the vdso, not even booting with " vdso=0" appended
to the kernel boot commandline.  /proc/sys/vm/vdso_enabled says 0, but "grep
vdso /proc/self/maps" still shows a vdso:
$ grep vdso /proc/self/maps
00131000-00132000 r-xp 00131000 00:00 0          [vdso]

Comment 14 Chuck Ebbert 2008-04-08 15:14:24 EDT
Does 'nosep' work?
Comment 15 Chuck Ebbert 2008-04-27 00:46:18 EDT
'nosep' should completely disable any VDSO by pretending the CPU doesn't support
the sysenter instruction.
Comment 16 Roland McGrath 2008-04-27 16:12:22 EDT
That's not so, Chuck.  That only affects the choice of which vDSO image to use.
Comment 17 Chuck Ebbert 2008-04-29 15:36:32 EDT
Patches were merged upstream for this:

x86 vDSO: don't map 32-bit vdso when disabled


x86 vDSO: don't use disabled vDSO for signal trampoline
Comment 18 Bug Zapper 2008-05-13 22:38:09 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
Comment 19 Chuck Ebbert 2008-05-20 03:16:08 EDT
Patches in
Comment 20 Fedora Update System 2008-05-22 11:33:08 EDT
kernel- has been submitted as an update for Fedora 9
Comment 21 Fedora Update System 2008-05-28 22:51:17 EDT
kernel- has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update kernel'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-4630
Comment 22 Fedora Update System 2008-06-06 03:44:15 EDT
kernel- has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.