1 .\" Written by Mike Frysinger <vapier@gentoo.org>
3 .\" %%%LICENSE_START(PUBLIC_DOMAIN)
4 .\" This page is in the public domain.
8 .\" http://articles.manugarg.com/systemcallinlinux2_6.html
9 .\" https://lwn.net/Articles/446528/
10 .\" http://www.linuxjournal.com/content/creating-vdso-colonels-other-chicken
11 .\" http://www.trilithium.com/johan/2005/08/linux-gate/
13 .TH VDSO 7 2021-08-27 "Linux" "Linux Programmer's Manual"
15 vdso \- overview of the virtual ELF dynamic shared object
18 .B #include <sys/auxv.h>
20 .B void *vdso = (uintptr_t) getauxval(AT_SYSINFO_EHDR);
23 The "vDSO" (virtual dynamic shared object) is a small shared library that
24 the kernel automatically maps into the
25 address space of all user-space applications.
26 Applications usually do not need to concern themselves with these details
27 as the vDSO is most commonly called by the C library.
28 This way you can code in the normal way using standard functions
29 and the C library will take care
30 of using any functionality that is available via the vDSO.
32 Why does the vDSO exist at all?
33 There are some system calls the kernel provides that
34 user-space code ends up using frequently,
35 to the point that such calls can dominate overall performance.
36 This is due both to the frequency of the call as well as the
37 context-switch overhead that results
38 from exiting user space and entering the kernel.
40 The rest of this documentation is geared toward the curious and/or
41 C library writers rather than general developers.
42 If you're trying to call the vDSO in your own application rather than using
43 the C library, you're most likely doing it wrong.
44 .SS Example background
45 Making system calls can be slow.
46 In x86 32-bit systems, you can trigger a software interrupt
48 to tell the kernel you wish to make a system call.
49 However, this instruction is expensive: it goes through
50 the full interrupt-handling paths
51 in the processor's microcode as well as in the kernel.
52 Newer processors have faster (but backward incompatible) instructions to
53 initiate system calls.
54 Rather than require the C library to figure out if this functionality is
55 available at run time,
56 the C library can use functions provided by the kernel in
59 Note that the terminology can be confusing.
60 On x86 systems, the vDSO function
61 used to determine the preferred method of making a system call is
62 named "__kernel_vsyscall", but on x86-64,
63 the term "vsyscall" also refers to an obsolete way to ask the kernel
64 what time it is or what CPU the caller is on.
66 One frequently used system call is
68 This system call is called both directly by user-space applications
69 as well as indirectly by
71 Think timestamps or timing loops or polling\(emall of these
72 frequently need to know what time it is right now.
73 This information is also not secret\(emany application in any
74 privilege mode (root or any unprivileged user) will get the same answer.
75 Thus the kernel arranges for the information required to answer
76 this question to be placed in memory the process can access.
79 changes from a system call to a normal function
80 call and a few memory accesses.
82 The base address of the vDSO (if one exists) is passed by the kernel to
83 each program in the initial auxiliary vector (see
89 You must not assume the vDSO is mapped at any particular location in the
91 The base address will usually be randomized at run time every time a new
92 process image is created (at
95 This is done for security reasons,
96 to prevent "return-to-libc" attacks.
98 For some architectures, there is also an
101 This is used only for locating the vsyscall entry point and is frequently
102 omitted or set to 0 (meaning it's not available).
103 This tag is a throwback to the initial vDSO work (see
105 below) and its use should be avoided.
107 Since the vDSO is a fully formed ELF image, you can do symbol lookups on it.
108 This allows new symbols to be added with newer kernel releases,
109 and allows the C library to detect available functionality at
110 run time when running under different kernel versions.
111 Oftentimes the C library will do detection with the first call and then
112 cache the result for subsequent calls.
114 All symbols are also versioned (using the GNU version format).
115 This allows the kernel to update the function signature without breaking
116 backward compatibility.
117 This means changing the arguments that the function accepts as well as the
119 Thus, when looking up a symbol in the vDSO,
120 you must always include the version
121 to match the ABI you expect.
123 Typically the vDSO follows the naming convention of prefixing
124 all symbols with "__vdso_" or "__kernel_"
125 so as to distinguish them from other standard symbols.
126 For example, the "gettimeofday" function is named "__vdso_gettimeofday".
128 You use the standard C calling conventions when calling
129 any of these functions.
130 No need to worry about weird register or stack behavior.
133 When you compile the kernel,
134 it will automatically compile and link the vDSO code for you.
135 You will frequently find it under the architecture-specific directory:
137 find arch/$ARCH/ \-name \(aq*vdso*.so*\(aq \-o \-name \(aq*gate*.so*\(aq
140 The name of the vDSO varies across architectures.
141 It will often show up in things like glibc's
144 The exact name should not matter to any code, so do not hardcode it.
152 aarch64 linux\-vdso.so.1
154 ia64 linux\-gate.so.1
155 mips linux\-vdso.so.1
156 ppc/32 linux\-vdso32.so.1
157 ppc/64 linux\-vdso64.so.1
158 riscv linux\-vdso.so.1
159 s390 linux\-vdso32.so.1
160 s390x linux\-vdso64.so.1
162 i386 linux\-gate.so.1
163 x86-64 linux\-vdso.so.1
164 x86/x32 linux\-vdso.so.1
170 .SS strace(1), seccomp(2), and the vDSO
171 When tracing systems calls with
173 symbols (system calls) that are exported by the vDSO will
175 appear in the trace output.
176 Those system calls will likewise not be visible to
179 .SH ARCHITECTURE-SPECIFIC NOTES
180 The subsections below provide architecture-specific notes
183 Note that the vDSO that is used is based on the ABI of your user-space code
184 and not the ABI of the kernel.
186 when you run an i386 32-bit ELF binary,
187 you'll get the same vDSO regardless of whether you run it under
188 an i386 32-bit kernel or under an x86-64 64-bit kernel.
189 Therefore, the name of the user-space ABI should be used to determine
190 which of the sections below is relevant.
192 .\" See linux/arch/arm/vdso/vdso.lds.S
193 .\" Commit: 8512287a8165592466cb9cb347ba94892e9c56a5
194 The table below lists the symbols exported by the vDSO.
202 __vdso_gettimeofday LINUX_2.6 (exported since Linux 4.1)
203 __vdso_clock_gettime LINUX_2.6 (exported since Linux 4.1)
210 .\" See linux/arch/arm/kernel/entry-armv.S
211 .\" See linux/Documentation/arm/kernel_user_helpers.txt
212 Additionally, the ARM port has a code page full of utility functions.
213 Since it's just a raw page of code, there is no ELF information for doing
214 symbol lookups or versioning.
215 It does provide support for different versions though.
217 For information on this code page,
218 it's best to refer to the kernel documentation
219 as it's extremely detailed and covers everything you need to know:
220 .IR Documentation/arm/kernel_user_helpers.txt .
221 .SS aarch64 functions
222 .\" See linux/arch/arm64/kernel/vdso/vdso.lds.S
223 The table below lists the symbols exported by the vDSO.
231 __kernel_rt_sigreturn LINUX_2.6.39
232 __kernel_gettimeofday LINUX_2.6.39
233 __kernel_clock_gettime LINUX_2.6.39
234 __kernel_clock_getres LINUX_2.6.39
240 .SS bfin (Blackfin) functions (port removed in Linux 4.17)
241 .\" See linux/arch/blackfin/kernel/fixed_code.S
242 .\" See http://docs.blackfin.uclinux.org/doku.php?id=linux-kernel:fixed-code
243 As this CPU lacks a memory management unit (MMU),
244 it doesn't set up a vDSO in the normal sense.
245 Instead, it maps at boot time a few raw functions into
246 a fixed location in memory.
247 User-space applications then call directly into that region.
248 There is no provision for backward compatibility
249 beyond sniffing raw opcodes,
250 but as this is an embedded CPU, it can get away with things\(emsome of the
251 object formats it runs aren't even ELF based (they're bFLT/FLAT).
253 For information on this code page,
254 it's best to refer to the public documentation:
256 http://docs.blackfin.uclinux.org/doku.php?id=linux\-kernel:fixed\-code
258 .\" See linux/arch/mips/vdso/vdso.ld.S
259 The table below lists the symbols exported by the vDSO.
267 __kernel_gettimeofday LINUX_2.6 (exported since Linux 4.4)
268 __kernel_clock_gettime LINUX_2.6 (exported since Linux 4.4)
274 .SS ia64 (Itanium) functions
275 .\" See linux/arch/ia64/kernel/gate.lds.S
276 .\" Also linux/arch/ia64/kernel/fsys.S and linux/Documentation/ia64/fsys.txt
277 The table below lists the symbols exported by the vDSO.
285 __kernel_sigtramp LINUX_2.5
286 __kernel_syscall_via_break LINUX_2.5
287 __kernel_syscall_via_epc LINUX_2.5
294 The Itanium port is somewhat tricky.
295 In addition to the vDSO above, it also has "light-weight system calls"
296 (also known as "fast syscalls" or "fsys").
297 You can invoke these via the
298 .I __kernel_syscall_via_epc
300 The system calls listed here have the same semantics as if you called them
303 so refer to the relevant
304 documentation for each.
305 The table below lists the functions available via this mechanism.
324 .SS parisc (hppa) functions
325 .\" See linux/arch/parisc/kernel/syscall.S
326 .\" See linux/Documentation/parisc/registers
327 The parisc port has a code page with utility functions
328 called a gateway page.
329 Rather than use the normal ELF auxiliary vector approach,
330 it passes the address of
331 the page to the process via the SR2 register.
332 The permissions on the page are such that merely executing those addresses
333 automatically executes with kernel privileges and not in user space.
334 This is done to match the way HP-UX works.
336 Since it's just a raw page of code, there is no ELF information for doing
337 symbol lookups or versioning.
338 Simply call into the appropriate offset via the branch instruction,
341 ble <offset>(%sr2, %r0)
349 00b0 lws_entry (CAS operations)
350 00e0 set_thread_pointer (used by glibc)
351 0100 linux_gateway_entry (syscall)
358 .\" See linux/arch/powerpc/kernel/vdso32/vdso32.lds.S
359 The table below lists the symbols exported by the vDSO.
360 The functions marked with a
362 are available only when the kernel is
363 a PowerPC64 (64-bit) kernel.
371 __kernel_clock_getres LINUX_2.6.15
372 __kernel_clock_gettime LINUX_2.6.15
373 __kernel_clock_gettime64 LINUX_5.11
374 __kernel_datapage_offset LINUX_2.6.15
375 __kernel_get_syscall_map LINUX_2.6.15
376 __kernel_get_tbfreq LINUX_2.6.15
377 __kernel_getcpu \fI*\fR LINUX_2.6.15
378 __kernel_gettimeofday LINUX_2.6.15
379 __kernel_sigtramp_rt32 LINUX_2.6.15
380 __kernel_sigtramp32 LINUX_2.6.15
381 __kernel_sync_dicache LINUX_2.6.15
382 __kernel_sync_dicache_p5 LINUX_2.6.15
389 In kernel versions before Linux 5.6,
390 .\" commit 654abc69ef2e69712e6d4e8a6cb9292b97a4aa39
392 .B CLOCK_REALTIME_COARSE
394 .B CLOCK_MONOTONIC_COARSE
398 .I __kernel_clock_getres
400 .I __kernel_clock_gettime
402 the kernel falls back to the real system call.
404 .\" See linux/arch/powerpc/kernel/vdso64/vdso64.lds.S
405 The table below lists the symbols exported by the vDSO.
413 __kernel_clock_getres LINUX_2.6.15
414 __kernel_clock_gettime LINUX_2.6.15
415 __kernel_datapage_offset LINUX_2.6.15
416 __kernel_get_syscall_map LINUX_2.6.15
417 __kernel_get_tbfreq LINUX_2.6.15
418 __kernel_getcpu LINUX_2.6.15
419 __kernel_gettimeofday LINUX_2.6.15
420 __kernel_sigtramp_rt64 LINUX_2.6.15
421 __kernel_sync_dicache LINUX_2.6.15
422 __kernel_sync_dicache_p5 LINUX_2.6.15
429 In kernel versions before Linux 4.16,
430 .\" commit 5c929885f1bb4b77f85b1769c49405a0e0f154a1
432 .B CLOCK_REALTIME_COARSE
434 .B CLOCK_MONOTONIC_COARSE
438 .I __kernel_clock_getres
440 .I __kernel_clock_gettime
442 the kernel falls back to the real system call.
444 .\" See linux/arch/riscv/kernel/vdso/vdso.lds.S
445 The table below lists the symbols exported by the vDSO.
453 __kernel_rt_sigreturn LINUX_4.15
454 __kernel_gettimeofday LINUX_4.15
455 __kernel_clock_gettime LINUX_4.15
456 __kernel_clock_getres LINUX_4.15
457 __kernel_getcpu LINUX_4.15
458 __kernel_flush_icache LINUX_4.15
465 .\" See linux/arch/s390/kernel/vdso32/vdso32.lds.S
466 The table below lists the symbols exported by the vDSO.
474 __kernel_clock_getres LINUX_2.6.29
475 __kernel_clock_gettime LINUX_2.6.29
476 __kernel_gettimeofday LINUX_2.6.29
483 .\" See linux/arch/s390/kernel/vdso64/vdso64.lds.S
484 The table below lists the symbols exported by the vDSO.
492 __kernel_clock_getres LINUX_2.6.29
493 __kernel_clock_gettime LINUX_2.6.29
494 __kernel_gettimeofday LINUX_2.6.29
500 .SS sh (SuperH) functions
501 .\" See linux/arch/sh/kernel/vsyscall/vsyscall.lds.S
502 The table below lists the symbols exported by the vDSO.
510 __kernel_rt_sigreturn LINUX_2.6
511 __kernel_sigreturn LINUX_2.6
512 __kernel_vsyscall LINUX_2.6
519 .\" See linux/arch/x86/vdso/vdso32/vdso32.lds.S
520 The table below lists the symbols exported by the vDSO.
528 __kernel_sigreturn LINUX_2.5
529 __kernel_rt_sigreturn LINUX_2.5
530 __kernel_vsyscall LINUX_2.5
531 .\" Added in 7a59ed415f5b57469e22e41fc4188d5399e0b194 and updated
532 .\" in 37c975545ec63320789962bf307f000f08fabd48.
533 __vdso_clock_gettime LINUX_2.6 (exported since Linux 3.15)
534 __vdso_gettimeofday LINUX_2.6 (exported since Linux 3.15)
535 __vdso_time LINUX_2.6 (exported since Linux 3.15)
542 .\" See linux/arch/x86/vdso/vdso.lds.S
543 The table below lists the symbols exported by the vDSO.
544 All of these symbols are also available without the "__vdso_" prefix, but
545 you should ignore those and stick to the names below.
553 __vdso_clock_gettime LINUX_2.6
554 __vdso_getcpu LINUX_2.6
555 __vdso_gettimeofday LINUX_2.6
556 __vdso_time LINUX_2.6
562 .SS x86/x32 functions
563 .\" See linux/arch/x86/vdso/vdso32.lds.S
564 The table below lists the symbols exported by the vDSO.
572 __vdso_clock_gettime LINUX_2.6
573 __vdso_getcpu LINUX_2.6
574 __vdso_gettimeofday LINUX_2.6
575 __vdso_time LINUX_2.6
582 The vDSO was originally just a single function\(emthe vsyscall.
583 In older kernels, you might see that name
584 in a process's memory map rather than "vdso".
585 Over time, people realized that this mechanism
586 was a great way to pass more functionality
587 to user space, so it was reconceived as a vDSO in the current format.
593 The documents, examples, and source code in the Linux source code tree:
597 Documentation/ABI/stable/vdso
598 Documentation/ia64/fsys.txt
599 Documentation/vDSO/* (includes examples of using the vDSO)
601 find arch/ \-iname \(aq*vdso*\(aq \-o \-iname \(aq*gate*\(aq