From: Russell King <rmk@arm.linux.org.uk>
To: Linux Kernel List <linux-kernel@vger.kernel.org>
Subject: force_successful_syscall_return() buggy?
Date: Sun, 15 Jun 2003 19:36:04 +0100 [thread overview]
Message-ID: <20030615193604.L5417@flint.arm.linux.org.uk> (raw)
While looking at the new bits'n'pieces which has appeared in 2.5.71, I
noticed the following in alpha and ia64:
#define alpha_task_regs(task) \
((struct pt_regs *) ((long) (task)->thread_info + 2*PAGE_SIZE) - 1)
#define force_successful_syscall_return() (alpha_task_regs(current)->r0 = 0)
# define ia64_task_regs(t) (((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1)
#define force_successful_syscall_return() \
do { \
ia64_task_regs(current)->r8 = 0; \
} while (0)
I don't know what happens on these architectures, but I have a suspicion
that there is a case which the above will fail, maybe with dramatic
consequences.
Consider what happens when a userspace program is started from kernel
space, eg the init(8) or hotplug programs. In these, we call execve()
from within kernel space function. This implies that we have some
frames already on the stack.
AFAIK, sys_execve() does not ensure that the kernel stack will be empty
before starting the user space thread, so these programs are running with
a slightly reduced kernel stack.
In turn, this means that the user registers are not stored at the top
of the kernel stack when the user space program subsequently calls a
kernel system call, which means the *_task_regs() macro doesn't point
at the saved user registers.
--
Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux
http://www.arm.linux.org.uk/personal/aboutme.html
next reply other threads:[~2003-06-15 18:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-15 18:36 Russell King [this message]
2003-06-15 23:11 ` force_successful_syscall_return() buggy? Richard Henderson
2003-06-16 2:30 ` Paul Mackerras
2003-06-16 17:38 ` David Mosberger
2003-06-16 17:55 ` Russell King
2003-06-16 18:02 ` David S. Miller
2003-06-16 18:25 ` David Mosberger
[not found] <fa.it5uct2.s4s8om@ifi.uio.no>
[not found] ` <fa.gvpfoqi.ngk8p2@ifi.uio.no>
2003-06-17 6:54 ` Aneesh Kumar K.V
2003-06-17 19:01 ` David Mosberger
2003-06-17 18:58 ` David S. Miller
2003-06-19 17:35 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030615193604.L5417@flint.arm.linux.org.uk \
--to=rmk@arm.linux.org.uk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox