From: Bobby Bingham <koorogi@koorogi.info>
To: akpm@linux-foundation.org, linux-sh@vger.kernel.org
Cc: Bobby Bingham <koorogi@koorogi.info>, linux-kernel@vger.kernel.org
Subject: [PATCH v2 0/3] Don't let system calls clobber userspace registers
Date: Wed, 19 Feb 2014 06:03:13 +0000 [thread overview]
Message-ID: <cover.1392789383.git.koorogi@koorogi.info> (raw)
When invoking syscall handlers on sh32, the saved userspace registers
are at the top of the stack. This seems to have been intentional, as it
is an easy way to pass r0, r1, ... to the handler as parameters 5, 6,
...
It causes problems, however, because the compiler is allowed to generate
code for a function which clobbers that function's own parameters. For
example, gcc generates the following code for clone:
<SyS_clone>:
mov.l 8c020714 <SyS_clone+0xc>,r1 ! 8c020540 <do_fork>
mov.l r7,@r15
mov r6,r7
jmp @r1
mov #0,r6
nop
.word 0x0540
.word 0x8c02
The `mov.l r7,@r15` clobbers the saved value of r0 passed from
userspace. For most system calls, this might not be a problem, because
we'll be overwriting r0 with the return value anyway. But in the case
of clone, copy_thread will need the original value of r0 if the
CLONE_SETTLS flag was specified.
The first patch in this series fixes this issue for system calls by
pushing to the stack and extra copy of r0-r2 before invoking the
handler. We discard this copy before restoring the userspace registers,
so it is not a problem if they are clobbered.
Exception handlers also receive the userspace register values in a
similar manner, and may hit the same problem. The second patch removes
the do_fpu_error handler, which looks susceptible to this problem and
which, as far as I can tell, has not been used in some time. The third
patch addresses other exception handlers.
Changes since V1:
- Update messages for [2/3] to quote the short log of the previous
commit that left do_fpu_error unused.
Bobby Bingham (3):
sh: push extra copy of r0-r2 for syscall parameters
sh: remove unused do_fpu_error
sh: don't pass saved userspace state to exception handlers
arch/sh/include/asm/syscalls_32.h | 12 +++---------
arch/sh/include/asm/traps_32.h | 16 ++++------------
arch/sh/kernel/entry-common.S | 15 +++++++++++----
arch/sh/kernel/signal_32.c | 12 ++++--------
arch/sh/kernel/sys_sh32.c | 7 ++-----
arch/sh/kernel/traps_32.c | 23 +++++++----------------
arch/sh/math-emu/math.c | 18 ------------------
7 files changed, 31 insertions(+), 72 deletions(-)
--
1.8.5.5
next reply other threads:[~2014-02-19 6:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-19 6:03 Bobby Bingham [this message]
2014-02-19 6:03 ` [PATCH v2 1/3] sh: push extra copy of r0-r2 for syscall parameters Bobby Bingham
2014-02-19 6:03 ` [PATCH v2 2/3] sh: remove unused do_fpu_error Bobby Bingham
2014-02-19 6:03 ` [PATCH v2 3/3] sh: don't pass saved userspace state to exception handlers Bobby Bingham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1392789383.git.koorogi@koorogi.info \
--to=koorogi@koorogi.info \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox