Re: userland clock_gettime proof of concept

Mon, 22 Jun 2020 03:45:03 -0700 

On Mon, Jun 22, 2020 at 01:27:22AM +0200, Mark Kettenis wrote:
> > Date: Mon, 22 Jun 2020 02:06:39 +0300
> > From: Paul Irofti <p...@irofti.net>
> > 
> > În 22 iunie 2020 00:15:59 EEST, Christian Weisgerber <na...@mips.inka.de> a 
> > scris:
> > >Paul Irofti:
> > >
> > >[Unrelated, just to mark where we're at]
> > >> Right. Just reproduced it here. This moves the check at the top so
> > >that
> > >> each CPU checks its own skew and disables tc_user if necessary.
> > >
> > >I tweaked the patch locally to make _timekeep a visible global
> > >symbol in libc.
> > >
> > >Printing its value has revealed two issues:
> > >
> > >* The timekeep page is mapped to the same address for every process.
> > >  It changes across reboots, but once running, it's always the same.
> > >  kettenis suggested
> > >  - vaddr_t va;
> > >  + vaddr_t va = 0;
> > >  in exec_timekeep_map(), but that doesn't make a difference.
> > 
> > The va is set a few lines down the line. No point in
> > initialization. This is identical behavior to the emul mapping
> > before timekeep.
> 
> Well, uvm_map() picks a virtual address based on the value of va that
> is passed in.  If it is zero, it picks a random address.  If not, it
> uses the value as a hint and tries to pick something nearby.  So
> passing in stack garbage is a bad thing.

But uoffset=0 means it is not UVM_UNKNOWN_OFFSET (-1) and we have a
non-NULL uobj, so my understanding is that the va address is ignored in
this case. So it does not need to be initialized. Right?

  if (uvm_map(kernel_map, &va, round_page(timekeep_sz), timekeep_object,
      0, 0, UVM_MAPFLAG(PROT_READ | PROT_WRITE, PROT_READ | PROT_WRITE,
      MAP_INHERIT_SHARE, MADV_RANDOM, 0))) {


None the less, I added va=0 in my diff. But I think it is pointless. If
you disagree, then do you OK the following diff?


diff --git sys/kern/kern_exec.c sys/kern/kern_exec.c
index 20480c2fc28..2b2b4f15222 100644
--- sys/kern/kern_exec.c
+++ sys/kern/kern_exec.c
@@ -828,7 +828,7 @@ exec_sigcode_map(struct process *pr, struct emul *e)
                extern int sigfillsiz;
                extern u_char sigfill[];
                size_t off;
-               vaddr_t va;
+               vaddr_t va = 0;
                int r;
 
                e->e_sigobject = uao_create(sz, 0);

Reply via email to