From patchwork Thu Oct 3 05:47:44 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 2981221 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8FA849F289 for ; Thu, 3 Oct 2013 05:49:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id C32AA202FE for ; Thu, 3 Oct 2013 05:49:22 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DBCF1202E5 for ; Thu, 3 Oct 2013 05:49:21 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbmn-00037A-5z; Thu, 03 Oct 2013 05:49:17 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbmk-0000Y3-O9; Thu, 03 Oct 2013 05:49:14 +0000 Received: from mail-pb0-f41.google.com ([209.85.160.41]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbmh-0000Xd-Hd for linux-arm-kernel@lists.infradead.org; Thu, 03 Oct 2013 05:49:12 +0000 Received: by mail-pb0-f41.google.com with SMTP id rp2so1964056pbb.28 for ; Wed, 02 Oct 2013 22:48:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=Q/BViNjhkq275oNv1bRpyD/eOb2AH3vv6LpcX1V+4eQ=; b=M9JPZ1juAb+AvGGkSCpUyoWWcFeyDSbWQgV7c2wNUpNd9lQ8Ps4vuvOhF5Aw/v2iXU a8cwDE37AJqS6VP99M8Rb3DE5cZcmh2ivagb6IyxV6uXgXvcAeLjvWXnMYmJWAM6qQDi PfbdeU/yZmja1WVLd9iuthOpjD0pUecrub8OVA4+HTfF1boPrK9c/Qo4duP2JujE11PL vYqt18L4vGxlxym7D2gPWB+guUwYr3kh5RK9u4WefFAdf9lVel0cESjwvvMNyMfK0DY9 /STzctKhBdcLoETEzSPRFUddiSUYmhNjgr6ujSqdobglL+Rf4f+qpL0z2dwzlGWOvc3H XGFg== X-Gm-Message-State: ALoCoQmbZjUwLEHz1iSG6gdtjMWwwMjcMYWc0ZZP2Rz6u5Nhdb2i2mY/OMirXbZzTlRGVoH1vb5n X-Received: by 10.68.33.34 with SMTP id o2mr6565456pbi.128.1380779329623; Wed, 02 Oct 2013 22:48:49 -0700 (PDT) Received: from localhost.localdomain (KD182249095123.au-net.ne.jp. [182.249.95.123]) by mx.google.com with ESMTPSA id qw8sm5769184pbb.27.1969.12.31.16.00.00 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 02 Oct 2013 22:48:48 -0700 (PDT) From: AKASHI Takahiro To: catalin.marinas@arm.com, will.deacon@arm.com Subject: [PATCH v2 1/3] arm64: check for number of arguments in syscall_get/set_arguments() Date: Thu, 3 Oct 2013 14:47:44 +0900 Message-Id: <1380779266-11753-2-git-send-email-takahiro.akashi@linaro.org> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1380779266-11753-1-git-send-email-takahiro.akashi@linaro.org> References: <1380779266-11753-1-git-send-email-takahiro.akashi@linaro.org> In-Reply-To: <1380605584-22125-git-send-email-takahiro.akashi@linaro.org> References: <1380605584-22125-git-send-email-takahiro.akashi@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20131003_014911_659902_DBD25B2E X-CRM114-Status: GOOD ( 11.82 ) X-Spam-Score: -2.6 (--) Cc: AKASHI Takahiro , linaro-kernel@lists.linaro.org, linux-arm-kernel@lists.infradead.org, mcgrathr@chromium.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In ftrace_syscall_enter(), syscall_get_arguments(..., 0, n, ...) if (i == 0) { ...; n--;} memcpy(..., n * sizeof(args[0])); If 'number of arguments(n)' is zero and 'argument index(i)' is also zero in syscall_get_arguments(), none of arguments should be copied by memcpy(). Otherwise 'n--' can be a big positive number and unexpected amount of data will be copied. Tracing system calls which take no argument, say sync(void), may hit this case and eventually make the system corrupted. This patch fixes the issue both in syscall_get_arguments() and syscall_set_arguments(). Signed-off-by: AKASHI Takahiro Acked-by: Will Deacon --- arch/arm64/include/asm/syscall.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/include/asm/syscall.h b/arch/arm64/include/asm/syscall.h index c89821f..01bb8cc 100644 --- a/arch/arm64/include/asm/syscall.h +++ b/arch/arm64/include/asm/syscall.h @@ -63,6 +63,9 @@ static inline void syscall_get_arguments(struct task_struct *task, unsigned int i, unsigned int n, unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { unsigned long *args_bad = args + SYSCALL_MAX_ARGS - i; unsigned int n_bad = n + i - SYSCALL_MAX_ARGS; @@ -86,6 +89,9 @@ static inline void syscall_set_arguments(struct task_struct *task, unsigned int i, unsigned int n, const unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { pr_warning("%s called with max args %d, handling only %d\n", __func__, i + n, SYSCALL_MAX_ARGS);