runtime: provide no-vdso no-vsyscall fallback on linux/amd64 #8200
Comments
|
This just got a bit important to me as there are kernels configured to no longer let you use vsyscalls at all. So Go won't run on those systems. Changing the config of said kernels is not an option, since vsyscalls are viewed as a security problem. I can try to fix this but I want to see if (a) someone already has so I don't net to, or it not, (b) this is something people are open to changing should I try to fix it. |
|
/cc @ianlancetaylor, @randall77, @minux |
|
Supporting non-VDSO on linux/amd64 should be easy as we
only use clock_gettime and gettimeofday vsyscalls. However, I'd
like to know more about the security problem of vsyscalls if possible.
Thanks.
On non-amd64 Linux systems, we always invoke syscall directly,
so this issue only affects amd64.
On amd64, when VDSO is not available, we fallback to the fixed
mapped helpers function for gettimeofday (at 0xffffffffff600000), if
Go binary doesn't work for VDSO-disabled kernels, then the fixed
gettimeofday mapping is not available, right? Is there a way for
Go binary to detect such a case easily?
|
quentinmit
added
the
NeedsFix
|
@rminnich, can you say more about what's available or how to detect that vsyscall (the 0xffffffffff600000 page) is not there? I'd really like to avoid going into the kernel for gettimeofday unless absolutely necessary (i.e., only on the crazy systems you are describing). |
rsc
changed the title
|
Still waiting for reply from @rminnich, but work will not happen for Go 1.8. |
|
Ping @rminnich. |
aclements
added
the
WaitingForInfo
|
Timed out in state WaitingForInfo. Closing. (I am just a bot, though. Please speak up if this is a mistake or you have the requested information.) |
The text was updated successfully, but these errors were encountered: