On Mon, Jun 22, 2020 at 05:35:48PM +0200, Christian Weisgerber wrote:
> Paul Irofti:
>
> > 683 /* map the process's timekeep page */
> > 684 if (exec_timekeep_map(pr))
> > 685 goto free_pack_abort;
> > 686 /* setup new registers and do misc. setup. */
> > 687 if (pack.ep_emul->e_fixup != NULL) {
> > 688 if ((*pack.ep_emul->e_fixup)(p, &pack) != 0)
> > 689 goto free_pack_abort;
> > 690 }
>
> Yes, with this init(8) gets a proper _timekeep instead of 0x0.
>
> For randomization of the userland page...
>
> + if (uvm_map(&pr->ps_vmspace->vm_map, &pr->ps_timekeep,
> round_page(timekeep_sz),
>
> ... ps_timekeep need to be 0 here. At the moment, it inherits the
> value from the parent process in fork().
>
> In struct process in sys/proc.h, there is this:
>
> /* The following fields are all zeroed upon creation in process_new. */
> ...
> /* End area that is zeroed on creation. */
>
> If I move
>
> vaddr_t ps_timekeep; /* User pointer to timekeep */
>
> up into the zeroed area, I get a properly randomized _timekeep in
> userland.
Nice, I bet the other mapping suffers from the same problem, checking
now with what Theo said.
