I guess the rest of the page contains 0? It would be better if it contained "trap" instructions. We still don't have an ideal way of doing that tho.
Miod Vallat <[email protected]> wrote: > The code responsible for filling a page with repeated copies of the > signal trampoline code assumes that PAGE_SIZE % sigfillsz == 0. > > While this is true on all currently supported OpenBSD platforms, this > might not be the case in the future (and isn't the case on some > no-longer official platforms). > > The following diff makes sure that we don't try to write more than > PAGE_SIZE bytes in this page. Another possibility would be to assert > that PAGE_SIZE % sigfillsz == 0 and only apply this diff once it becomes > truly needed. > > Index: sys/kern/kern_exec.c > =================================================================== > RCS file: /OpenBSD/src/sys/kern/kern_exec.c,v > retrieving revision 1.208 > diff -u -p -r1.208 kern_exec.c > --- sys/kern/kern_exec.c 2 Aug 2019 02:17:35 -0000 1.208 > +++ sys/kern/kern_exec.c 25 Nov 2019 10:09:48 -0000 > @@ -832,7 +832,7 @@ exec_sigcode_map(struct process *pr, str > if (e->e_sigobject == NULL) { > extern int sigfillsiz; > extern u_char sigfill[]; > - size_t off; > + size_t off, left; > vaddr_t va; > int r; > > @@ -846,8 +846,12 @@ exec_sigcode_map(struct process *pr, str > return (ENOMEM); > } > > - for (off = 0; off < round_page(sz); off += sigfillsiz) > - memcpy((caddr_t)va + off, sigfill, sigfillsiz); > + for (off = 0, left = round_page(sz); left != 0; > + off += sigfillsiz) { > + size_t chunk = ulmin(left, sigfillsiz); > + memcpy((caddr_t)va + off, sigfill, chunk); > + left -= chunk; > + } > memcpy((caddr_t)va, e->e_sigcode, sz); > uvm_unmap(kernel_map, va, va + round_page(sz)); > } >
