Christian Weisgerber <[email protected]> wrote: > Paul Irofti: > > > 683 /* map the process's timekeep page */ > > 684 if (exec_timekeep_map(pr)) > > 685 goto free_pack_abort; > > 686 /* setup new registers and do misc. setup. */ > > 687 if (pack.ep_emul->e_fixup != NULL) { > > 688 if ((*pack.ep_emul->e_fixup)(p, &pack) != 0) > > 689 goto free_pack_abort; > > 690 } > > Yes, with this init(8) gets a proper _timekeep instead of 0x0. > > For randomization of the userland page... > > + if (uvm_map(&pr->ps_vmspace->vm_map, &pr->ps_timekeep, > round_page(timekeep_sz), > > ... ps_timekeep need to be 0 here. At the moment, it inherits the > value from the parent process in fork(). > > In struct process in sys/proc.h, there is this: > > /* The following fields are all zeroed upon creation in process_new. */ > ... > /* End area that is zeroed on creation. */ > > If I move > > vaddr_t ps_timekeep; /* User pointer to timekeep */ > > up into the zeroed area, I get a properly randomized _timekeep in > userland.
Right. BTW, why is this important? One could say this does not need to be randomized. It has no secret. But a significant downside occurs with visible effects. If that 1 page is always in the same place, then address-space randomizated mappings of future objects will not be able to place an object over that one page. The address space is significantly less randomized as soon as it contains one fixed object. Less randomized in a severe way impacting security.
