From patchwork Thu Oct 3 05:47:45 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 2981241 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 7B4D6BFF0B for ; Thu, 3 Oct 2013 05:49:56 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A52D1202FF for ; Thu, 3 Oct 2013 05:49:55 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A5277202E5 for ; Thu, 3 Oct 2013 05:49:54 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbn1-0003DB-S9; Thu, 03 Oct 2013 05:49:32 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbmt-0000Zb-Sg; Thu, 03 Oct 2013 05:49:23 +0000 Received: from mail-pd0-f177.google.com ([209.85.192.177]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VRbmp-0000Xg-RY for linux-arm-kernel@lists.infradead.org; Thu, 03 Oct 2013 05:49:20 +0000 Received: by mail-pd0-f177.google.com with SMTP id y10so1951789pdj.36 for ; Wed, 02 Oct 2013 22:48:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=uJrsYdSwbmedRgzTxCJhQyIkbccbtyL3oZxDGE0sJL8=; b=O6iCoElawZV66aujhMp4KQDSVx3UrqZ0IwPR5zONXJYN1Fg0oN3wEjV1gInk+QQ/W3 7zk3Y8vBAv+wmaX/RR78tqGEdKt/dSJiYR8paya8ZmhgNtmSK3aUjT92r0TzxJBoPnZI lnfk5gBnf6uMWKDyLhcURzbugW6QIklM+rbPWO9DHWBJonYggWGKSJyMzGSmiNTroAcI owH0iM84zTBIPJ1FY/m20/bRUlFcZUtfL1dPfN8XTKLegI6YfeuVFJwXOPCb3n5mPYS/ j0lPjJm39tZRSF3Cbn/uLUEg3+8o8cYtRuxNsNKQN6Dg2hB8aag4ppaMRbStZy/LjO58 g8aw== X-Gm-Message-State: ALoCoQlRc2tTbijX7ofPKJ33O1NbaShxu3bxtRc0sBDJPGe6F42ozbyfINdAVGRZEKsOVSS0qe4V X-Received: by 10.68.50.106 with SMTP id b10mr6649881pbo.152.1380779338412; Wed, 02 Oct 2013 22:48:58 -0700 (PDT) Received: from localhost.localdomain (KD182249095123.au-net.ne.jp. [182.249.95.123]) by mx.google.com with ESMTPSA id qw8sm5769184pbb.27.1969.12.31.16.00.00 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 02 Oct 2013 22:48:57 -0700 (PDT) From: AKASHI Takahiro To: catalin.marinas@arm.com, will.deacon@arm.com Subject: [PATCH v2 2/3] arm: check for number of arguments in syscall_get/set_arguments() Date: Thu, 3 Oct 2013 14:47:45 +0900 Message-Id: <1380779266-11753-3-git-send-email-takahiro.akashi@linaro.org> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1380779266-11753-1-git-send-email-takahiro.akashi@linaro.org> References: <1380779266-11753-1-git-send-email-takahiro.akashi@linaro.org> In-Reply-To: <1380605584-22125-git-send-email-takahiro.akashi@linaro.org> References: <1380605584-22125-git-send-email-takahiro.akashi@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20131003_014919_995179_1158748D X-CRM114-Status: GOOD ( 11.62 ) X-Spam-Score: -1.9 (-) Cc: AKASHI Takahiro , linaro-kernel@lists.linaro.org, linux-arm-kernel@lists.infradead.org, mcgrathr@chromium.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In ftrace_syscall_enter(), syscall_get_arguments(..., 0, n, ...) if (i == 0) { ...; n--;} memcpy(..., n * sizeof(args[0])); If 'number of arguments(n)' is zero and 'argument index(i)' is also zero in syscall_get_arguments(), none of arguments should be copied by memcpy(). Otherwise 'n--' can be a big positive number and unexpected amount of data will be copied. Tracing system calls which take no argument, say sync(void), may hit this case and eventually make the system corrupted. This patch fixes the issue both in syscall_get_arguments() and syscall_set_arguments(). Signed-off-by: AKASHI Takahiro --- arch/arm/include/asm/syscall.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index f1d96d4..73ddd72 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h @@ -57,6 +57,9 @@ static inline void syscall_get_arguments(struct task_struct *task, unsigned int i, unsigned int n, unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { unsigned long *args_bad = args + SYSCALL_MAX_ARGS - i; unsigned int n_bad = n + i - SYSCALL_MAX_ARGS; @@ -81,6 +84,9 @@ static inline void syscall_set_arguments(struct task_struct *task, unsigned int i, unsigned int n, const unsigned long *args) { + if (n == 0) + return; + if (i + n > SYSCALL_MAX_ARGS) { pr_warning("%s called with max args %d, handling only %d\n", __func__, i + n, SYSCALL_MAX_ARGS);