From: wcohen@redhat.com (William Cohen)
To: linux-arm-kernel@lists.infradead.org
Subject: Kernel oops on 32-bit arm with syscall with invalid sysno
Date: Fri, 29 May 2015 11:50:15 -0400 [thread overview]
Message-ID: <55688AB7.7000101@redhat.com> (raw)
In-Reply-To: <20150528214256.GF2067@n2100.arm.linux.org.uk>
On 05/28/2015 05:42 PM, Russell King - ARM Linux wrote:
> On Thu, May 28, 2015 at 04:41:14PM -0400, William Cohen wrote:
>> When reviewing testsuite failures for systemtap I found that the
>> 32-bit arm kernels (both 4.1.0-rc5 and 3.19.8) were not handling the
>> libc syscall with invalid sysno in the manner described by
>> http://www.gnu.org/software/libc/manual/html_node/System-Calls.html.
>> Rather than returning -1 and setting errno to ENOSYS the invalid
>> syscall gives segfault and a kernel oops.
>
> Looking at this, it seems that we're triggering this:
>
> BUG_ON(context->in_syscall || context->name_count);
>
> which seems to imply that we've called audit_syscall_entry() twice
> without a call to audit_syscall_exit(). That is something we can
> fix - and something which only happens with the syscall of "-1"
> (which is our "syscall was cancelled" value.)
Hi Russell,
The patch below does eliminate the kernel oops for -1, but it breaks things for other invalid/unimplemented syscalls. For the attached test, invalid_syscall_plus.c:
$ gcc -g -o invalid_syscall_plus invalid_syscall_plus.c
$ ./invalid_syscall_plus
Illegal instruction (core dumped)
Previously this would print out the expected messages.
-Will
>
> If I have diagnosed this correctly, the following patch should fix
> it. However, as you're asking for the "cancelled" syscall value,
> what you'll get returned from the syscall is the r0 value preserved
> as the result of the syscall. In other words, you won't get -1 and
> errno set to ENOSYS. Not much can be done about that without breaking
> syscall cancelling, so expect your test case to continue failing.
>
> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
> index f8ccc21fa032..2c40c1214a72 100644
> --- a/arch/arm/kernel/entry-common.S
> +++ b/arch/arm/kernel/entry-common.S
> @@ -241,11 +241,11 @@ __sys_trace:
> cmp scno, #-1 @ skip the syscall?
> bne 2b
> add sp, sp, #S_OFF @ restore stack
> - b ret_slow_syscall
> + b 3f
>
> __sys_trace_return:
> str r0, [sp, #S_R0 + S_OFF]! @ save returned r0
> - mov r0, sp
> +3: mov r0, sp
> bl syscall_trace_exit
> b ret_slow_syscall
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invalid_syscall_plus.c
Type: text/x-csrc
Size: 586 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20150529/c835618a/attachment.bin>
next prev parent reply other threads:[~2015-05-29 15:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-28 20:41 Kernel oops on 32-bit arm with syscall with invalid sysno William Cohen
2015-05-28 21:42 ` Russell King - ARM Linux
2015-05-29 15:50 ` William Cohen [this message]
2015-05-29 16:10 ` Russell King - ARM Linux
2015-05-29 18:43 ` William Cohen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55688AB7.7000101@redhat.com \
--to=wcohen@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).