There appears to be a couple of bugs in the initial syscall handler on
Microblaze when passing an invalid syscall ID.
The code at line 351 should check for a syscall ID above __NR_syscalls,
then jump to the error exit routine. In this case, _user_exception returns
using the wrong register (r15 instead of r14), and doesn't clean up the
stack, causing the running user-land to hang.
Additionally, it does not cause an error if the syscall ID is negative (as
can be returned from do_syscall_trace_enter), causing the kernel to attempt
to jump to an invalid syscall handler and cause a kernel oops.
This patch adds a check for negative syscall ID, and modifies the error
exit to jump to ret_from_trap instead (as would happen after a successful
syscall) to perform cleanup, returning -ENOSYS. I believe this should be
safe in this condition.
This patch has been edited against the Linux 3.14 code, but a glance over
the git logs shows this file has not been changed in the past two years,
hence this patch should be safe for the most recent kernel version.
Thanks,
Jamie
--
Jamie Garside
Department of Computer Science
University of York
United Kingdom
Disclaimer: http://www.york.ac.uk/about/legal-statements/email-disclaimer/
Hi Jamie,
On 02/23/2015 02:43 PM, Jamie Garside wrote:
> There appears to be a couple of bugs in the initial syscall handler on
> Microblaze when passing an invalid syscall ID.
>
> The code at line 351 should check for a syscall ID above __NR_syscalls,
> then jump to the error exit routine. In this case, _user_exception returns
> using the wrong register (r15 instead of r14), and doesn't clean up the
> stack, causing the running user-land to hang.
>
> Additionally, it does not cause an error if the syscall ID is negative (as
> can be returned from do_syscall_trace_enter), causing the kernel to attempt
> to jump to an invalid syscall handler and cause a kernel oops.
>
> This patch adds a check for negative syscall ID, and modifies the error
> exit to jump to ret_from_trap instead (as would happen after a successful
> syscall) to perform cleanup, returning -ENOSYS. I believe this should be
> safe in this condition.
>
> This patch has been edited against the Linux 3.14 code, but a glance over
> the git logs shows this file has not been changed in the past two years,
> hence this patch should be safe for the most recent kernel version.
Please rebase it on the latest 4.0-rc1 kernel and send the patch via
git send-email with proper description and SoB line. Then I will look at it.
Thanks,
Michal
--
Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91
w: http://www.monstr.eu p: +42-0-721842854
Maintainer of Linux kernel - Microblaze cpu - http://www.monstr.eu/fdt/
Maintainer of Linux kernel - Xilinx Zynq ARM architecture
Microblaze U-BOOT custodian and responsible for u-boot arm zynq platform