什么是VDSO和vsyscall？ [英] What are vdso and vsyscall?

问题描述

我做了 sudo的执行cat / proc / 1 /图-vv

我试图让output.I感可以看到很多共享库映射到预期的内存映射段。

I am attempting to make sense of the output.I can see a lot of shared libraries being mapped to the memory mapping segment as expected.

7f3c00137000-7f3c00179000 r-xp 00000000 08:01 21233923                   /lib/x86_64-linux-gnu/libdbus-1.so.3.5.8
7f3c00179000-7f3c00379000 ---p 00042000 08:01 21233923                   /lib/x86_64-linux-gnu/libdbus-1.so.3.5.8
7f3c00379000-7f3c0037a000 r--p 00042000 08:01 21233923                   /lib/x86_64-linux-gnu/libdbus-1.so.3.5.8
7f3c0037a000-7f3c0037b000 rw-p 00043000 08:01 21233923                   /lib/x86_64-linux-gnu/libdbus-1.so.3.5.8
7f3c0037b000-7f3c00383000 r-xp 00000000 08:01 21237216                   /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
7f3c00383000-7f3c00583000 ---p 00008000 08:01 21237216                   /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
7f3c00583000-7f3c00584000 r--p 00008000 08:01 21237216                   /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
7f3c00584000-7f3c00585000 rw-p 00009000 08:01 21237216                   /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
7f3c00585000-7f3c0059b000 r-xp 00000000 08:01 21237220                   /lib/x86_64-linux-gnu/libnih.so.1.0.0
7f3c0059b000-7f3c0079b000 ---p 00016000 08:01 21237220                   /lib/x86_64-linux-gnu/libnih.so.1.0.0
7f3c0079b000-7f3c0079c000 r--p 00016000 08:01 21237220                   /lib/x86_64-linux-gnu/libnih.so.1.0.0

接近年底有类似

7f3c0165b000-7f3c0177e000 rw-p 00000000 00:00 0                          [heap]
7fff97863000-7fff97884000 rw-p 00000000 00:00 0                          [stack]
7fff97945000-7fff97946000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

这是什么 VDSO 和 vsyscall 是什么意思？是vsyscall内存的内核部分？这将是巨大的，如果任何人都可以扔在这个问题上的一些情况。

What does vdso and vsyscall mean? is vsyscall the kernel portion of the memory? It would be great if anyone can throw some light on the issue.

推荐答案

的 vsyscall 的和的 VDSO 的段是用于加速某些系统在Linux中调用两种机制。例如， gettimeofday的通常是通过这个机制调用。引入第一机构是 vsyscall 的，其中加入作为一种方式来执行其不需要特权的任何真正水平，以便减少系统调用开销运行特定的系统调用。继previous例如，所有的 gettimeofday的需要做的是阅读内核的当前时间。有迹象表明，经常叫 gettimeofday的（例如生成时间戳），到他们关心的开销哪怕是一点点的点应用。为了解决这个问题，内核映射到用户空间包含当前时间和快速的 gettimeofday的实施网页（即只是一个功能，读取存入的 vsyscall时间的）。使用这个虚拟的系统调用，C库可以提供快速的 gettimeofday的不具有由内核空间和用户空间通常由经典的系统介绍的上下文切换引入的开销呼叫模型 0x80的INT 或 SYSCALL 。

The vsyscall and vDSO segments are two mechanisms used to accelerate certain system calls in Linux. For instance, gettimeofday is usually invoked through this mechanism. The first mechanism introduced was vsyscall, which was added as a way to execute specific system calls which do not need any real level of privilege to run in order to reduce the system call overhead. Following the previous example, all gettimeofday needs to do is to read the kernel's the current time. There are applications that call gettimeofday frequently (e.g to generate timestamps), to the point that they care about even a little bit of overhead. To address this concern, the kernel maps into user space a page containing the current time and a fast gettimeofday implementation (i.e. just a function which reads the time saved into vsyscall). Using this virtual system call, the C library can provide a fast gettimeofday which does not have the overhead introduced by the context switch between kernel space and user space usually introduced by the classic system call model INT 0x80 or SYSCALL.

然而，这 vsyscall 的机构有一定的局限性：分配的存储器较小，只允许4系统调用，并且，更重要的和严重的，在 vsyscall 的页是静态分配给每个进程中相同的地址，因为该位置的 vsyscall 的网页是在内核中ABI明确了。这个vsyscall的静态分配妥协由Linux的常用内存空间随机化引进的好处。攻击者，通过利用堆栈溢出影响的应用程序后，可以调用从任意参数的 vsyscall 的网页系统调用。他需要的是系统调用的地址，这是很容易predicable，因为它是静态分配（如果你试图即使有不同的应用程序再次运行命令，你会发现，的的 vsyscall地址的并不改变）。
这将是很好的消除或至少随机的vsyscall页的位置以阻止这种类型的攻击。不幸的是，应用程序依赖于是否存在，以及页面的确切地址，所以没有什么可以做的。

However, this vsyscall mechanism has some limitations: the memory allocated is small and allows only 4 system calls, and, more important and serious, the vsyscall page is statically allocated to the same address in each process, since the location of the vsyscall page is nailed down in the kernel ABI. This static allocation of the vsyscall compromises the benefit introduced by the memory space randomisation commonly used by Linux. An attacker, after compromising an application by exploiting a stack-overflow, can invoke a system call from the vsyscall page with arbitrary parameters. All he needs is the address of the system call, which is easily predicable as it is statically allocated (if you try to run again your command even with different applications, you'll notice that the address of the vsyscall does not change). It would be nice to remove or at least randomize the location of the vsyscall page to thwart this type of attack. Unfortunately, applications depend on the existence and exact address of that page, so nothing can be done.

此安全问题已经由一种特殊的陷阱指令将在固定地址替换所有的系统调用指令寻址。试图调用到应用程序中的 vsyscall 的页面将捕获到内核中，然后将模拟在内核空间所需的虚拟系统调用。其结果是内核的系统调用模拟一个虚拟的系统调用它放在那里，避免在首位内核系统调用。其结果是 vsyscall 的这需要更长的时间来执行，但重要的是，不打破现有ABI。在任何情况下，经济放缓将只看到当应用程序试图使用的 vsyscall 的网页，而不是的 VDSO 的

This security issue has been addressed by replacing all system call instructions at fixed addresses by a special trap instruction. An application trying to call into the vsyscall page will trap into the kernel, which will then emulate the desired virtual system call in kernel space. The result is a kernel system call emulating a virtual system call which was put there to avoid the kernel system call in the first place. The result is a vsyscall which takes longer to execute but, crucially, does not break the existing ABI. In any case, the slowdown will only be seen if the application is trying to use the vsyscall page instead of the vDSO.

的 VDSO 的提供相同的功能vsyscall，同时克服其局限性。该VDSO（虚拟动态链接的共享对象）是在暴露在用户空间内核的一些功能以安全的方式用户空间分配的内存区域。
这已被引入到解决由 vsyscall 的安全威胁。
该VDSO是动态分配的解决了安全问题，可以有4个以上的系统调用。在 VDSO 的链接通过glibc库提供的。链接器将在glibc的链接的 VDSO 的功能，提供了这样一个程序都有一个伴随的 VDSO 的版本，如 gettimeofday的。当你的程序执行时，如果你的内核没有的 VDSO 的支持，传统的系统调用将会作出修改。

The vDSO offers the same functionality as the vsyscall, while overcoming its limitations. The vDSO (Virtual Dynamically linked Shared Objects) is a memory area allocated in user space which exposes some kernel functionalities at user space in a safe manner. This has been introduced to solve the security threats caused by the vsyscall. The vDSO is dynamically allocated which solves security concerns and can have more than 4 system calls. The vDSO links are provided via the glibc library. The linker will link in the glibc vDSO functionality, provided that such a routine has an accompanying vDSO version, such as gettimeofday. When your program executes, if your kernel does not have vDSO support, a traditional syscall will be made.

积分和有用的链接：

• 真棒教程，如何创建自己的VDSO 。


• vsyscall和VDSO，好的文章


• useful文章和链接


• 什么是Linux-gate.so.1？

• Awesome tutorial, how to create your own vDSO.
• vsyscall and vDSO, nice article
• useful article and links
• What is linux-gate.so.1?

这篇关于什么是VDSO和vsyscall？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！