On 16/01/17(Mon) 23:53, Alexander Bluhm wrote: > On Mon, Jan 16, 2017 at 08:34:43PM +0100, Alexander Bluhm wrote: > > If I implement the same trick for newp, I can avoid the "netlock > > locking against myself" with sysctl on memory mapped files over > > NFS. Of course other copyin/copyout paths like pf(4) ioctl(2) still > > have to be checked. IPsec pfkey seem to use the sysctl mechanism. > > Hrvoje Popovski has tested the diff and found some ugly > pmap_unwire: wiring for pmap 0xffffff00075f5210 va 0x7f7ffffd5000 didn't > change! > kernel printfs. The happens when sysctl(8) writes a value. > > If oldp and newp are in the same page, I have called uvm_vsunlock() > twice on the same address. I have added a simple check that does > not cover complicated overlappings but catches the common case. > > Also I think PROT_READ for the newp should be enough. > Does anybody know, why the oldp is mapped PROT_READ | PROT_WRITE? > Is PROT_WRITE not sufficient?
I don't think this is the way to go. I'd prefer a solution that work for the other code paths as well.