提交 1277580f 编写于 作者: M Martin Schwidefsky

[S390] vdso: clock_gettime of CLOCK_THREAD_CPUTIME_ID with noexec=on

The combination of noexec=on and a clock_gettime call with clock id
CLOCK_THREAD_CPUTIME_ID is broken. The vdso code switches to the
access register mode to get access to the per-cpu data structure to
execute the magic ectg instruction. After the ectg instruction the
code always switches back to the primary mode but for noexec=on the
correct mode is the secondary mode. The effect of the bug is that the
user space program looses the access to all mappings without PROT_EXEC,
e.g. the stack. The problem is fixed by restoring the mode that has
been active before the switch to the access register mode.
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
上级 3a6ba460
...@@ -88,10 +88,17 @@ __kernel_clock_gettime: ...@@ -88,10 +88,17 @@ __kernel_clock_gettime:
llilh %r4,0x0100 llilh %r4,0x0100
sar %a4,%r4 sar %a4,%r4
lghi %r4,0 lghi %r4,0
epsw %r5,0
sacf 512 /* Magic ectg instruction */ sacf 512 /* Magic ectg instruction */
.insn ssf,0xc80100000000,__VDSO_ECTG_BASE(4),__VDSO_ECTG_USER(4),4 .insn ssf,0xc80100000000,__VDSO_ECTG_BASE(4),__VDSO_ECTG_USER(4),4
sacf 0 tml %r5,0x4000
sar %a4,%r2 jo 11f
tml %r5,0x8000
jno 10f
sacf 256
j 11f
10: sacf 0
11: sar %a4,%r2
algr %r1,%r0 /* r1 = cputime as TOD value */ algr %r1,%r0 /* r1 = cputime as TOD value */
mghi %r1,1000 /* convert to nanoseconds */ mghi %r1,1000 /* convert to nanoseconds */
srlg %r1,%r1,12 /* r1 = cputime in nanosec */ srlg %r1,%r1,12 /* r1 = cputime in nanosec */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册