All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] arm: Add extra clobber registers for assembly in kernel_execve
@ 2012-04-06 17:53 Tim Bird
  2012-05-02 20:53   ` Tim Bird
  0 siblings, 1 reply; 3+ messages in thread
From: Tim Bird @ 2012-04-06 17:53 UTC (permalink / raw)
  To: linux-arm-kernel


The inline assembly in kernel_execve() uses r8 and r9.  Since this
code sequence does not return, it usually doesn't matter if the
register clobber list is accurate.  However, I saw a case where a
particular version of gcc used r8 as an intermediate for the value
eventually passed to r9.  Because r8 is used in the inline
assembly, and not mentioned in the clobber list, r9 was set
to an incorrect value.

This resulted in a kernel panic on execution of the first user-space
program in the system.  r9 is used in ret_to_user as the thread_info
pointer, and if it's wrong, bad things happen.

Signed off by: Tim Bird <tim.bird@am.sony.com>
---
 arch/arm/kernel/sys_arm.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/arm/kernel/sys_arm.c b/arch/arm/kernel/sys_arm.c
index 62e7c61..0264ab4 100644
--- a/arch/arm/kernel/sys_arm.c
+++ b/arch/arm/kernel/sys_arm.c
@@ -115,7 +115,7 @@ int kernel_execve(const char *filename,
 		  "Ir" (THREAD_START_SP - sizeof(regs)),
 		  "r" (&regs),
 		  "Ir" (sizeof(regs))
-		: "r0", "r1", "r2", "r3", "ip", "lr", "memory");
+		: "r0", "r1", "r2", "r3", "r8", "r9", "ip", "lr", "memory");

  out:
 	return ret;
-- 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Fwd: [PATCH] arm: Add extra clobber registers for assembly in kernel_execve
  2012-04-06 17:53 [PATCH] arm: Add extra clobber registers for assembly in kernel_execve Tim Bird
@ 2012-05-02 20:53   ` Tim Bird
  0 siblings, 0 replies; 3+ messages in thread
From: Tim Bird @ 2012-05-02 20:53 UTC (permalink / raw)
  To: linux-arm-kernel, linux kernel, Russell King, Arnd Bergmann

Anyone interested in this?

-------- Original Message --------
Subject: [PATCH] arm: Add extra clobber registers for assembly in kernel_execve
Date: Fri, 6 Apr 2012 10:53:38 -0700
From: Tim Bird <tim.bird@am.sony.com>
To: linux-arm-kernel@lists.infradead.org <linux-arm-kernel@lists.infradead.org>, Russell King <rmk@arm.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>


The inline assembly in kernel_execve() uses r8 and r9.  Since this
code sequence does not return, it usually doesn't matter if the
register clobber list is accurate.  However, I saw a case where a
particular version of gcc used r8 as an intermediate for the value
eventually passed to r9.  Because r8 is used in the inline
assembly, and not mentioned in the clobber list, r9 was set
to an incorrect value.

This resulted in a kernel panic on execution of the first user-space
program in the system.  r9 is used in ret_to_user as the thread_info
pointer, and if it's wrong, bad things happen.

Signed off by: Tim Bird <tim.bird@am.sony.com>
---
 arch/arm/kernel/sys_arm.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/arm/kernel/sys_arm.c b/arch/arm/kernel/sys_arm.c
index 62e7c61..0264ab4 100644
--- a/arch/arm/kernel/sys_arm.c
+++ b/arch/arm/kernel/sys_arm.c
@@ -115,7 +115,7 @@ int kernel_execve(const char *filename,
 		  "Ir" (THREAD_START_SP - sizeof(regs)),
 		  "r" (&regs),
 		  "Ir" (sizeof(regs))
-		: "r0", "r1", "r2", "r3", "ip", "lr", "memory");
+		: "r0", "r1", "r2", "r3", "r8", "r9", "ip", "lr", "memory");

  out:
 	return ret;
-- 




^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Fwd: [PATCH] arm: Add extra clobber registers for assembly in kernel_execve
@ 2012-05-02 20:53   ` Tim Bird
  0 siblings, 0 replies; 3+ messages in thread
From: Tim Bird @ 2012-05-02 20:53 UTC (permalink / raw)
  To: linux-arm-kernel

Anyone interested in this?

-------- Original Message --------
Subject: [PATCH] arm: Add extra clobber registers for assembly in kernel_execve
Date: Fri, 6 Apr 2012 10:53:38 -0700
From: Tim Bird <tim.bird@am.sony.com>
To: linux-arm-kernel at lists.infradead.org <linux-arm-kernel@lists.infradead.org>, Russell King <rmk@arm.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>


The inline assembly in kernel_execve() uses r8 and r9.  Since this
code sequence does not return, it usually doesn't matter if the
register clobber list is accurate.  However, I saw a case where a
particular version of gcc used r8 as an intermediate for the value
eventually passed to r9.  Because r8 is used in the inline
assembly, and not mentioned in the clobber list, r9 was set
to an incorrect value.

This resulted in a kernel panic on execution of the first user-space
program in the system.  r9 is used in ret_to_user as the thread_info
pointer, and if it's wrong, bad things happen.

Signed off by: Tim Bird <tim.bird@am.sony.com>
---
 arch/arm/kernel/sys_arm.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/arm/kernel/sys_arm.c b/arch/arm/kernel/sys_arm.c
index 62e7c61..0264ab4 100644
--- a/arch/arm/kernel/sys_arm.c
+++ b/arch/arm/kernel/sys_arm.c
@@ -115,7 +115,7 @@ int kernel_execve(const char *filename,
 		  "Ir" (THREAD_START_SP - sizeof(regs)),
 		  "r" (&regs),
 		  "Ir" (sizeof(regs))
-		: "r0", "r1", "r2", "r3", "ip", "lr", "memory");
+		: "r0", "r1", "r2", "r3", "r8", "r9", "ip", "lr", "memory");

  out:
 	return ret;
-- 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-02 20:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-06 17:53 [PATCH] arm: Add extra clobber registers for assembly in kernel_execve Tim Bird
2012-05-02 20:53 ` Fwd: " Tim Bird
2012-05-02 20:53   ` Tim Bird

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.