On Thu, Nov 01, 2012 at 12:46:38PM -0700, Kees Cook wrote:
> From: Will Drewry <w...@chromium.org>
>
> On tracehook-friendly platforms, a system call number of -1 falls
> through without running much code or taking much action.
>
> ARM is different. This adds a lightweight check to arm_syscall()
> to make sure that ARM behaves the same way.
>
> Signed-off-by: Will Drewry <w...@chromium.org>
> Signed-off-by: Kees Cook <keesc...@chromium.org>
> ---
> arch/arm/kernel/traps.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
> index b0179b8..f303ea6 100644
> --- a/arch/arm/kernel/traps.c
> +++ b/arch/arm/kernel/traps.c
> @@ -540,6 +540,10 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
> struct thread_info *thread = current_thread_info();
> siginfo_t info;
>
> + /* Emulate/fallthrough. */
> + if (no == -1)
> + return regs->ARM_r0;
> +
This won't work properly with OABI. The problem is that OABI has an
offset on its syscall numbers which is removed/added at appropriate
times, and this is one of the places where it's put back. So you end
up with -1 XOR 0x900000 here, not -1.
It'd probably be better to do this check in the asm code here, which
prevents that yuckyness from affecting this.
__sys_trace:
mov r1, scno
add r0, sp, #S_OFF
bl syscall_trace_enter
adr lr, BSYM(__sys_trace_return) @ return address
mov scno, r0 @ syscall number (possibly new)
add r1, sp, #S_R0 + S_OFF @ pointer to regs
cmp scno, #NR_syscalls @ check upper syscall limit
ldmccia r1, {r0 - r6} @ have to reload r0 - r6
stmccia sp, {r4, r5} @ and update the stack args
ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine
+ cmp scno, #-1
bne 2b
+ b ret_slow_syscall
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
