From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sergei Trofimovich <slyfox@gentoo.org>,
"Dmitry V . Levin" <ldv@altlinux.org>,
Oleg Nesterov <oleg@redhat.com>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>,
linux-ia64@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 53/54] ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
Date: Tue, 16 Mar 2021 20:56:52 -0400 [thread overview]
Message-ID: <20210317005654.724862-53-sashal@kernel.org> (raw)
In-Reply-To: <20210317005654.724862-1-sashal@kernel.org>
From: Sergei Trofimovich <slyfox@gentoo.org>
[ Upstream commit 0ceb1ace4a2778e34a5414e5349712ae4dc41d85 ]
In https://bugs.gentoo.org/769614 Dmitry noticed that
`ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via
glibc's syscall() wrapper.
ia64 has two ways to call syscalls from userspace: via `break` and via
`eps` instructions.
The difference is in stack layout:
1. `eps` creates simple stack frame: no locals, in{0..7} == out{0..8}
2. `break` uses userspace stack frame: may be locals (glibc provides
one), in{0..7} == out{0..8}.
Both work fine in syscall handling cde itself.
But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to
re-extract syscall arguments but it does not account for locals.
The change always skips locals registers. It should not change `eps`
path as kernel's handler already enforces locals=0 and fixes `break`.
Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org
Link: https://bugs.gentoo.org/769614
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Reported-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/ptrace.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index 75c070aed81e..dad3a605cb7e 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -2010,27 +2010,39 @@ static void syscall_get_set_args_cb(struct unw_frame_info *info, void *data)
{
struct syscall_get_set_args *args = data;
struct pt_regs *pt = args->regs;
- unsigned long *krbs, cfm, ndirty;
+ unsigned long *krbs, cfm, ndirty, nlocals, nouts;
int i, count;
if (unw_unwind_to_user(info) < 0)
return;
+ /*
+ * We get here via a few paths:
+ * - break instruction: cfm is shared with caller.
+ * syscall args are in out= regs, locals are non-empty.
+ * - epsinstruction: cfm is set by br.call
+ * locals don't exist.
+ *
+ * For both cases argguments are reachable in cfm.sof - cfm.sol.
+ * CFM: [ ... | sor: 17..14 | sol : 13..7 | sof : 6..0 ]
+ */
cfm = pt->cr_ifs;
+ nlocals = (cfm >> 7) & 0x7f; /* aka sol */
+ nouts = (cfm & 0x7f) - nlocals; /* aka sof - sol */
krbs = (unsigned long *)info->task + IA64_RBS_OFFSET/8;
ndirty = ia64_rse_num_regs(krbs, krbs + (pt->loadrs >> 19));
count = 0;
if (in_syscall(pt))
- count = min_t(int, args->n, cfm & 0x7f);
+ count = min_t(int, args->n, nouts);
+ /* Iterate over outs. */
for (i = 0; i < count; i++) {
+ int j = ndirty + nlocals + i + args->i;
if (args->rw)
- *ia64_rse_skip_regs(krbs, ndirty + i + args->i) =
- args->args[i];
+ *ia64_rse_skip_regs(krbs, j) = args->args[i];
else
- args->args[i] = *ia64_rse_skip_regs(krbs,
- ndirty + i + args->i);
+ args->args[i] = *ia64_rse_skip_regs(krbs, j);
}
if (!args->rw) {
--
2.30.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sergei Trofimovich <slyfox@gentoo.org>,
"Dmitry V . Levin" <ldv@altlinux.org>,
Oleg Nesterov <oleg@redhat.com>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>,
linux-ia64@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 53/54] ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
Date: Wed, 17 Mar 2021 00:56:52 +0000 [thread overview]
Message-ID: <20210317005654.724862-53-sashal@kernel.org> (raw)
In-Reply-To: <20210317005654.724862-1-sashal@kernel.org>
From: Sergei Trofimovich <slyfox@gentoo.org>
[ Upstream commit 0ceb1ace4a2778e34a5414e5349712ae4dc41d85 ]
In https://bugs.gentoo.org/769614 Dmitry noticed that
`ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via
glibc's syscall() wrapper.
ia64 has two ways to call syscalls from userspace: via `break` and via
`eps` instructions.
The difference is in stack layout:
1. `eps` creates simple stack frame: no locals, in{0..7} = out{0..8}
2. `break` uses userspace stack frame: may be locals (glibc provides
one), in{0..7} = out{0..8}.
Both work fine in syscall handling cde itself.
But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to
re-extract syscall arguments but it does not account for locals.
The change always skips locals registers. It should not change `eps`
path as kernel's handler already enforces locals=0 and fixes `break`.
Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org
Link: https://bugs.gentoo.org/769614
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Reported-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/ptrace.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index 75c070aed81e..dad3a605cb7e 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -2010,27 +2010,39 @@ static void syscall_get_set_args_cb(struct unw_frame_info *info, void *data)
{
struct syscall_get_set_args *args = data;
struct pt_regs *pt = args->regs;
- unsigned long *krbs, cfm, ndirty;
+ unsigned long *krbs, cfm, ndirty, nlocals, nouts;
int i, count;
if (unw_unwind_to_user(info) < 0)
return;
+ /*
+ * We get here via a few paths:
+ * - break instruction: cfm is shared with caller.
+ * syscall args are in out= regs, locals are non-empty.
+ * - epsinstruction: cfm is set by br.call
+ * locals don't exist.
+ *
+ * For both cases argguments are reachable in cfm.sof - cfm.sol.
+ * CFM: [ ... | sor: 17..14 | sol : 13..7 | sof : 6..0 ]
+ */
cfm = pt->cr_ifs;
+ nlocals = (cfm >> 7) & 0x7f; /* aka sol */
+ nouts = (cfm & 0x7f) - nlocals; /* aka sof - sol */
krbs = (unsigned long *)info->task + IA64_RBS_OFFSET/8;
ndirty = ia64_rse_num_regs(krbs, krbs + (pt->loadrs >> 19));
count = 0;
if (in_syscall(pt))
- count = min_t(int, args->n, cfm & 0x7f);
+ count = min_t(int, args->n, nouts);
+ /* Iterate over outs. */
for (i = 0; i < count; i++) {
+ int j = ndirty + nlocals + i + args->i;
if (args->rw)
- *ia64_rse_skip_regs(krbs, ndirty + i + args->i) - args->args[i];
+ *ia64_rse_skip_regs(krbs, j) = args->args[i];
else
- args->args[i] = *ia64_rse_skip_regs(krbs,
- ndirty + i + args->i);
+ args->args[i] = *ia64_rse_skip_regs(krbs, j);
}
if (!args->rw) {
--
2.30.1
next prev parent reply other threads:[~2021-03-17 1:05 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-17 0:56 [PATCH AUTOSEL 5.10 01/54] mt76: fix tx skb error handling in mt76_dma_tx_queue_skb Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 02/54] net: stmmac: fix dma physical address of descriptor when display ring Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 03/54] net: fec: ptp: avoid register access when ipg clock is disabled Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 04/54] powerpc/4xx: Fix build errors from mfdcr() Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 05/54] atm: eni: dont release is never initialized Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 06/54] atm: lanai: dont run lanai_dev_close if not open Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 07/54] Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 08/54] ALSA: hda: ignore invalid NHLT table Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 09/54] ixgbe: Fix memleak in ixgbe_configure_clsu32 Sasha Levin
2021-03-17 0:56 ` [Intel-wired-lan] " Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 10/54] scsi: ufs: ufs-qcom: Disable interrupt in reset path Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 11/54] blk-cgroup: Fix the recursive blkg rwstat Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 12/54] net: tehuti: fix error return code in bdx_probe() Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 13/54] net: intel: iavf: fix error return code of iavf_init_get_resources() Sasha Levin
2021-03-17 0:56 ` [Intel-wired-lan] " Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 14/54] sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 15/54] gianfar: fix jumbo packets+napi+rx overrun crash Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 16/54] cifs: ask for more credit on async read/write code paths Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 17/54] gfs2: fix use-after-free in trans_drain Sasha Levin
2021-03-17 0:56 ` [Cluster-devel] " Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 18/54] cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 19/54] gpiolib: acpi: Add missing IRQF_ONESHOT Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 20/54] nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 21/54] NFS: Correct size calculation for create reply length Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 22/54] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 23/54] net: wan: fix error return code of uhdlc_init() Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 24/54] net: davicom: Use platform_get_irq_optional() Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 25/54] net: enetc: set MAC RX FIFO to recommended value Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 26/54] atm: uPD98402: fix incorrect allocation Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 27/54] atm: idt77252: fix null-ptr-dereference Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 28/54] cifs: change noisy error message to FYI Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 29/54] irqchip/ingenic: Add support for the JZ4760 Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 30/54] kbuild: add image_name to no-sync-config-targets Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 31/54] kbuild: dummy-tools: fix inverted tests for gcc Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 32/54] umem: fix error return code in mm_pci_probe() Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 33/54] sparc64: Fix opcode filtering in handling of no fault loads Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 34/54] habanalabs: Call put_pid() when releasing control device Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 35/54] staging: rtl8192e: fix kconfig dependency on CRYPTO Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 36/54] u64_stats,lockdep: Fix u64_stats_init() vs lockdep Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 37/54] kselftest: arm64: Fix exit code of sve-ptrace Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 38/54] regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 39/54] block: Fix REQ_OP_ZONE_RESET_ALL handling Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 40/54] drm/amd/display: Revert dram_clock_change_latency for DCN2.1 Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 41/54] drm/amdgpu: fb BO should be ttm_bo_type_device Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 42/54] drm/radeon: fix AGP dependency Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 43/54] nvme: simplify error logic in nvme_validate_ns() Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 44/54] nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 45/54] nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 46/54] nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 47/54] nvme-core: check ctrl css before setting up zns Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 48/54] nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 49/54] nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a Sasha Levin
2021-03-17 0:56 ` Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 50/54] nfs: we don't support removing system.nfs4_acl Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 51/54] block: Suppress uevent for hidden device when removed Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 52/54] mm/fork: clear PASID for new mm Sasha Levin
2021-03-17 0:56 ` Sasha Levin [this message]
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 53/54] ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls Sasha Levin
2021-03-17 0:56 ` [PATCH AUTOSEL 5.10 54/54] ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign Sasha Levin
2021-03-17 0:56 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210317005654.724862-53-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=ldv@altlinux.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=slyfox@gentoo.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.