Add logic for patching calls to the x86-64 vsyscall page

Add logic for patching calls to the x86-64 vsyscall page

This is necessary on Linux 3.1 because the vsyscalls now make real
syscalls to the kernel, rather than just reading memory as they
usually did before, which means they fail in seccomp mode.

Although the vsyscall page is deprecated, glibc still contains some
calls to it.  We detect and patch the instruction sequence that
matters.  (We do this because, unfortunately, the kernel does not let
us change the permissions on the vsyscall page to patch it.)

glibc still contains a code path that could call vgettimeofday via a
different instruction sequence, which is much harder to patch, and we
don't try to.  libc.so has code to store vgettimeofday's address
(0xffffffffff600000) in TLS, but in practice this code path is not
used when the vdso is present.

To apply the patch we replace the instructions with a syscall, which
later gets re-patched to be a jump.

BUG=http://code.google.com/p/seccompsandbox/issues/detail?id=17
TEST=test_patching_vsyscall_* on any Linux version,
  plus test_time and test_sched_getcpu on Linux 3.1

Committed: http://code.google.com/p/seccompsandbox/source/detail?r=178

[Markus (顧孟勤), 2011-11-19 02:41:18]

lgtm