What happens if we run the kernel with "vsyscall=none" being added to the cmdline for hardening?

Solution Verified - Updated -

Issue

  • What happens if we run the kernel with "vsyscall=none" being added to the cmdline for hardening?
  • It is stated in the kernel documentation that it might break my system if vsyscall is none. What actually is broken with "vsyscall=none"?
        vsyscall=       [X86-64]
                        Controls the behavior of vsyscalls (i.e. calls to
                        fixed addresses of 0xffffffffff600x00 from legacy
                        code).  Most statically-linked binaries and older
                        versions of glibc use these calls.  Because these
                        functions are at fixed addresses, they make nice 
                        targets for exploits that can control RIP. 

                        emulate     [default] Vsyscalls turn into traps and are
                                    emulated reasonably safely.

                        native      Vsyscalls are native syscall instructions.
                                    This is a little bit faster than trapping
                                    and makes a few dynamic recompilers work 
                                    better than they would in emulation mode.
                                    It also makes exploits much easier to write.

                        none        Vsyscalls don't work at all.  This makes
                                    them quite hard to use for exploits but
                                    might break your system.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content