x86/vsyscall: Change the default vsyscall mode to xonly

The use case for full emulation over xonly is very esoteric, e.g. magic
instrumentation tools.

Change the default to the safer xonly mode.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Kernel Hardening <kernel-hardening@lists.openwall.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lkml.kernel.org/r/30539f8072d2376b9c9efcc07e6ed0d6bf20e882.1561610354.git.luto@kernel.org

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0182d2c6759063dd9af8a5a2ae261e4da8234c4a..32028edc1b0e7ce291e5a85b8ce13f6b6bd6cd5d 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2285,7 +2285,7 @@ config COMPAT_VDSO
 choice
        prompt "vsyscall table for legacy applications"
        depends on X86_64
-       default LEGACY_VSYSCALL_EMULATE
+       default LEGACY_VSYSCALL_XONLY
        help
          Legacy user code that does not know how to find the vDSO expects
          to be able to issue three syscalls by calling fixed addresses in