Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 835935

Summary: document a change in the vsyscalls in the v3.2 kernels
Product: Red Hat Enterprise MRG Reporter: Beth Uptagrafft <bhu>
Component: Release_NotesAssignee: Tomas Capek <tcapek>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.2CC: chetan, jskeoch, williams
Target Milestone: 2.2   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-20 01:01:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Beth Uptagrafft 2012-06-27 14:58:00 UTC 
There has been a change in the vsyscalls in the v3.2 kernels which includes the MRG / rt kernels and we think it would be good to alert the customer of this change 

The kernel parameter options are documented in Documentation/kernel-parameters.txt in the vsyscall section.

Vsyscalls are used in many binaries and in some important libraries such as glibc. They allow certain calls such as gettimeofday() to work without changing from user-mode to kernel-mode. This works by having the kernel map memory to user space with read-only values of the current time. This memory also includes native code that emulates the system call, in this case reading the current time and returning the value.

Since this native code is at a fixed address, it could theoretically be used in security exploits. This has now been changed to make it a little more secure by emulating the vsyscalls and removing dangerous instructions from the vsyscall page. The vsyscalls are now emulated by being trapped in the kernel. This emulation occurs without breaking any APIs. It could potentially be slower than the old native code.

This kernel emulation of vsyscalls in the new default and you don't need to do anything to get it. It is also the configuration we have used when testing the MRG kernel.

You can explicitly request it with the kernel parameter. (but this is not necessary)

vsyscall=emulate

However, if you want the vsyscalls to operate as they did previously, you can use the kernel parameter
 
vsyscall=native

There is also a third option which provides the most security but could break existing binaries and critical libraries such as glibc, so it is not recommended. However, if you think you need it you get it with

vsyscall=none.
Comment 1 Tomas Capek 2012-08-30 15:31:38 UTC 
Added to:

Red_Hat_Enterprise_MRG-MRG_Release_Notes-2-en-US-1-8.2

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/MRG_Release_Notes/chap-MRG_Release_Notes-RT.html#Realtime_Known_Issues_2.2