Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752554AbbBWPf2 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 23 Feb 2015 10:35:28 -0500
Received: from mail-we0-f170.google.com ([74.125.82.170]:42906 "EHLO
	mail-we0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752396AbbBWPfY (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 23 Feb 2015 10:35:24 -0500
From: jamie.garside@york.ac.uk
To: linux-kernel@vger.kernel.org
Cc: Jamie Garside <jamie.garside@york.ac.uk>
Subject: [PATCH] Fixed Microblaze syscall error recovery for invalid syscall IDs.
Date: Mon, 23 Feb 2015 15:35:35 +0000
Message-Id: <1424705735-9907-1-git-send-email-jamie.garside@york.ac.uk>
X-Mailer: git-send-email 1.7.9.5
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2180
Lines: 53

From: Jamie Garside <jamie.garside@york.ac.uk>

This patch fixes two bugs in the Microblaze syscall trap handler when an invalid
syscall ID is used.

First, the range check on line 351 only checks for syscall IDs greater than
__NR_syscalls. A negative syscall ID (either passed to `syscall()` or as returned
by `do_syscall_trace_enter()` on error) will still satisfy this test and cause
the Linux kernel to access an invalid memory location and cause a kernel oops.
This has been fixed by also checking for r12 < 0.

Secondly, the current error recovery at line 378 returns using the wrong register
(r15 instead of r14) and does not restore the previous stack state. This has been
fixed by invoking `ret_from_trap` on error, setting r3 to `-ENOSYS`, similar to
what would happen when calling a valid syscall.

Signed-off-by: Jamie Garside <jamie.garside@york.ac.uk>
---
 arch/microblaze/kernel/entry.S | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/microblaze/kernel/entry.S b/arch/microblaze/kernel/entry.S
index 0536bc0..101f13c 100644
--- a/arch/microblaze/kernel/entry.S
+++ b/arch/microblaze/kernel/entry.S
@@ -348,8 +348,9 @@ C_ENTRY(_user_exception):
  * The LP register should point to the location where the called function
  * should return.  [note that MAKE_SYS_CALL uses label 1] */
 	/* See if the system call number is valid */
+        blti    r12, 5f
 	addi	r11, r12, -__NR_syscalls;
-	bgei	r11,5f;
+	bgei	r11, 5f;
 	/* Figure out which function to use for this system call.  */
 	/* Note Microblaze barrel shift is optional, so don't rely on it */
 	add	r12, r12, r12;			/* convert num -> ptr */
@@ -375,7 +376,7 @@ C_ENTRY(_user_exception):
 
 	/* The syscall number is invalid, return an error.  */
 5:
-	rtsd	r15, 8;		/* looks like a normal subroutine return */
+        braid   ret_from_trap
 	addi	r3, r0, -ENOSYS;
 
 /* Entry point used to return from a syscall/trap */
-- 
2.3.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/