From patchwork Tue Oct 1 05:33:04 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 2968271 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 4CCFCBFF0B for ; Tue, 1 Oct 2013 05:34:49 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4DB1E20383 for ; Tue, 1 Oct 2013 05:34:48 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 121EA2037E for ; Tue, 1 Oct 2013 05:34:47 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VQsbX-000608-Im; Tue, 01 Oct 2013 05:34:39 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VQsbV-0008Mj-6E; Tue, 01 Oct 2013 05:34:37 +0000 Received: from mail-pd0-f179.google.com ([209.85.192.179]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VQsbR-0008MG-Cz for linux-arm-kernel@lists.infradead.org; Tue, 01 Oct 2013 05:34:34 +0000 Received: by mail-pd0-f179.google.com with SMTP id v10so6674620pde.24 for ; Mon, 30 Sep 2013 22:34:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=SRB36qA8u1kJQa09PwD47K7+NuC0PVpOVU1hK4en3u4=; b=CIwdsvifJx84xObr0gQCBMjWgorSk1mIkiTNQ340zwxqFI0eRNNJNktMdVVtwoQITR cSCUFW/rEWC/lDAsDxKnjvhd2dJzUmmH8P5AQsHNxbGOYYnMG+7kqrHmFm2OzQVRDJrx sd0WtCnV8pG4EOhdFIf4t4b77IOkxE/or9vcN8q4waW3FFIHsEyGDUGHNkYHB5VdoP4r t/WfnzB7ImWsZmOKNnhW0wdRd8gdtu1pRveqUmHlaVUG1baTFbr2dActtDCjoI5JFWDp WS9z22Ca95xnfVmzcfV+/ZqfL96wnIe1NyFS+sQCbYaPjaeXhrf6bMehbd78/17FofEH 4NEw== X-Gm-Message-State: ALoCoQlpaKyQcpvrfwSVB6W4qaFeJKhkdNad08Y7/QK6sP6zpsuNPDgHqCdFCCm9NBjOWWlwNLTO X-Received: by 10.66.248.161 with SMTP id yn1mr32475014pac.0.1380605650696; Mon, 30 Sep 2013 22:34:10 -0700 (PDT) Received: from localhost.localdomain (KD182249091088.au-net.ne.jp. [182.249.91.88]) by mx.google.com with ESMTPSA id ef10sm5652991pac.1.1969.12.31.16.00.00 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 30 Sep 2013 22:34:09 -0700 (PDT) From: AKASHI Takahiro To: catalin.marinas@arm.com Subject: [PATCH] arm64: check for number of arguments in syscall_get/set_arguments() Date: Tue, 1 Oct 2013 14:33:04 +0900 Message-Id: <1380605584-22125-1-git-send-email-takahiro.akashi@linaro.org> X-Mailer: git-send-email 1.8.1.2 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20131001_013433_532854_8A394EC7 X-CRM114-Status: GOOD ( 11.59 ) X-Spam-Score: -1.9 (-) Cc: AKASHI Takahiro , linaro-kernel@lists.linaro.org, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In ftrace_syscall_enter(), syscall_get_arguments(..., 0, n, ...) if (i == 0) { ...; n--;} memcpy(..., n * sizeof(args[0])); If 'number of arguments(n)' is zero and 'argument index(i)' is also zero in syscall_get_arguments(), none of arguments should be copied by memcpy(). Otherwise 'n--' can be a big positive number and unexpected amount of data will be copied. Tracing system calls which take no argument, say sync(void), may hit this case and eventually make the system corrupted. This patch fixes the issue both in syscall_get_arguments() and syscall_set_arguments(). Please note, however, that asm-generic/syscall.h says, * syscall_get_arguments - extract system call parameter values * @i: argument index [0,5] * @n: number of arguments; n+i must be [1,6]. and so we'd better change the caller's code(ftrace_syscall_enter). Signed-off-by: AKASHI Takahiro --- arch/arm64/include/asm/syscall.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/include/asm/syscall.h b/arch/arm64/include/asm/syscall.h index c89821f..01bb8cc 100644 --- a/arch/arm64/include/asm/syscall.h +++ b/arch/arm64/include/asm/syscall.h @@ -63,6 +63,9 @@ static inline void syscall_get_arguments(struct task_struct *task, unsigned int i, unsigned int n, unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { unsigned long *args_bad = args + SYSCALL_MAX_ARGS - i; unsigned int n_bad = n + i - SYSCALL_MAX_ARGS; @@ -86,6 +89,9 @@ static inline void syscall_set_arguments(struct task_struct *task, unsigned int i, unsigned int n, const unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { pr_warning("%s called with max args %d, handling only %d\n", __func__, i + n, SYSCALL_MAX_ARGS);