public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] /arch/microblaze/kernel/entry.S kernel 3.14 Fix crash when calling invalid syscall ID
@ 2015-02-23 13:43 Jamie Garside
  2015-02-23 13:54 ` Michal Simek
  0 siblings, 1 reply; 2+ messages in thread
From: Jamie Garside @ 2015-02-23 13:43 UTC (permalink / raw)
  To: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1234 bytes --]

There appears to be a couple of bugs in the initial syscall handler on
Microblaze when passing an invalid syscall ID.

The code at line 351 should check for a syscall ID above __NR_syscalls,
then jump to the error exit routine. In this case, _user_exception returns
using the wrong register (r15 instead of r14), and doesn't clean up the
stack, causing the running user-land to hang.

Additionally, it does not cause an error if the syscall ID is negative (as
can be returned from do_syscall_trace_enter), causing the kernel to attempt
to jump to an invalid syscall handler and cause a kernel oops.

This patch adds a check for negative syscall ID, and modifies the error
exit to jump to ret_from_trap instead (as would happen after a successful
syscall) to perform cleanup, returning -ENOSYS. I believe this should be
safe in this condition.

This patch has been edited against the Linux 3.14 code, but a glance over
the git logs shows this file has not been changed in the past two years,
hence this patch should be safe for the most recent kernel version.

Thanks,
Jamie

-- 
Jamie Garside
Department of Computer Science
University of York
United Kingdom

Disclaimer: http://www.york.ac.uk/about/legal-statements/email-disclaimer/

[-- Attachment #2: entry.S.patch --]
[-- Type: application/octet-stream, Size: 1645 bytes --]

*** entry.S     2015-02-23 11:55:49.209507374 +0000
--- entry.S.new 2015-02-23 11:55:42.525460005 +0000
***************
*** 348,355 ****
   * The LP register should point to the location where the called function
   * should return.  [note that MAKE_SYS_CALL uses label 1] */
        /* See if the system call number is valid */
        addi    r11, r12, -__NR_syscalls;
!       bgei    r11,5f;
        /* Figure out which function to use for this system call.  */
        /* Note Microblaze barrel shift is optional, so don't rely on it */
        add     r12, r12, r12;                  /* convert num -> ptr */
--- 348,356 ----
   * The LP register should point to the location where the called function
   * should return.  [note that MAKE_SYS_CALL uses label 1] */
        /* See if the system call number is valid */
+       blti    r12, 5f;
        addi    r11, r12, -__NR_syscalls;
!       bgei    r11, 5f;
        /* Figure out which function to use for this system call.  */
        /* Note Microblaze barrel shift is optional, so don't rely on it */
        add     r12, r12, r12;                  /* convert num -> ptr */
***************
*** 375,381 ****
  
        /* The syscall number is invalid, return an error.  */
  5:
!       rtsd    r15, 8;         /* looks like a normal subroutine return */
        addi    r3, r0, -ENOSYS;
  
  /* Entry point used to return from a syscall/trap */
--- 376,382 ----
  
        /* The syscall number is invalid, return an error.  */
  5:
!       brad ret_from_trap;      /* Go to cleanup routine */
        addi    r3, r0, -ENOSYS;
  
  /* Entry point used to return from a syscall/trap */

[-- Attachment #3: README --]
[-- Type: application/octet-stream, Size: 98 bytes --]

Fixed Microblaze syscall handling on invalid syscall IDs
Jamie Garside <jamie.garside@york.ac.uk>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-23 13:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-23 13:43 [PATCH] /arch/microblaze/kernel/entry.S kernel 3.14 Fix crash when calling invalid syscall ID Jamie Garside
2015-02-23 13:54 ` Michal Simek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox