Bad code path in DoSyscall

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

From: John Whitney <john.whitney@timesys.com>
To: "Mailing List: linuxppc-dev" <linuxppc-dev@lists.linuxppc.org>
Subject: Bad code path in DoSyscall
Date: Mon, 10 Nov 2003 10:56:08 -0500	[thread overview]
Message-ID: <BBD51F48.2329%john.whitney@timesys.com> (raw)

There seems to be a bad code path in the assembly routine DoSyscall()
(arch/ppc/kernel/entry.S).  In the case of an invalid syscall being made (in
my case, from user space), DoSyscall is called and eventually branches to
label 66.  Note that before the branch, r12 is set to zero.

_GLOBAL(DoSyscall)
    stw r0,THREAD+LAST_SYSCALL(r2)
    stw r3,ORIG_GPR3(r1)
    li  r12,0
    stw r12,RESULT(r1)
    lwz r11,_CCR(r1)    /* Clear SO bit in CR */
    rlwinm  r11,r11,0,4,2
    stw r11,_CCR(r1)
#ifdef SHOW_SYSCALLS
    bl  do_show_syscall
#endif /* SHOW_SYSCALLS */
    cmpli   0,r0,NR_syscalls
    bge-    66f

Code at label 66 sets ENOSYS, and branches to label 22.

66: li  r3,ENOSYS
    b   22b

Code after label 22 presumes that r12 is set to the current thread, and
tries to access off of it:

22: lwz r10,_CCR(r1)    /* Set SO bit in CR */
    oris    r10,r10,0x1000
    stw r10,_CCR(r1)

    /* disable interrupts so current_thread_info()->flags can't change */
30: LOAD_MSR_KERNEL(r10,MSR_KERNEL) /* doesn't include MSR_EE */
    SYNC
    MTMSRD(r10)
    lwz r9,TI_FLAGS(r12)

Which immediately causes a bad page fault kernel oops.  I haven't come up
with a patch yet, but will try to when I get the time unless someone with
more knowledge in this area wants to do it.  Just wanted to let the list
know about the problem.

John Whitney
TimeSys corporation

** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

next             reply	other threads:[~2003-11-10 15:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-10 15:56 John Whitney [this message]
2003-11-10 16:46 ` Bad code path in DoSyscall Matt Porter
2003-11-11  0:14 ` Paul Mackerras

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BBD51F48.2329%john.whitney@timesys.com \
    --to=john.whitney@timesys.com \
    --cc=linuxppc-dev@lists.linuxppc.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).