| Message ID | 20190401134420.958530155@goodmis.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | None | expand |
On Mon, Apr 01, 2019 at 09:41:07AM -0400, Steven Rostedt wrote: > From: "Dmitry V. Levin" <ldv@altlinux.org> > > RISC-V syscall arguments are located in orig_a0,a1..a5 fields > of struct pt_regs. > > Due to an off-by-one bug and a bug in pointer arithmetic > syscall_get_arguments() was reading s3..s7 fields instead of a1..a5. > Likewise, syscall_set_arguments() was writing s3..s7 fields > instead of a1..a5. > > Link: http://lkml.kernel.org/r/20190329171221.GA32456@altlinux.org > > Fixes: e2c0cdfba7f69 ("RISC-V: User-facing API") > Cc: Ingo Molnar <mingo@redhat.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Andy Lutomirski <luto@amacapital.net> > Cc: Will Drewry <wad@chromium.org> > Cc: Palmer Dabbelt <palmer@sifive.com> > Cc: Albert Ou <aou@eecs.berkeley.edu> > Cc: linux-riscv@lists.infradead.org > Cc: stable@vger.kernel.org # v4.15+ > Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> According to https://lore.kernel.org/lkml/mhng-8e9b547b-7fe3-43d2-9dea-b217de923605@palmer-si-x1c4/ the following tag could be added to this patch: Acked-by: Palmer Dabbelt <palmer@sifive.com>
On Thu, 4 Apr 2019 17:02:10 +0300 "Dmitry V. Levin" <ldv@altlinux.org> wrote: > On Mon, Apr 01, 2019 at 09:41:07AM -0400, Steven Rostedt wrote: > > From: "Dmitry V. Levin" <ldv@altlinux.org> > > > > RISC-V syscall arguments are located in orig_a0,a1..a5 fields > > of struct pt_regs. > > > > Due to an off-by-one bug and a bug in pointer arithmetic > > syscall_get_arguments() was reading s3..s7 fields instead of a1..a5. > > Likewise, syscall_set_arguments() was writing s3..s7 fields > > instead of a1..a5. > > > > Link: http://lkml.kernel.org/r/20190329171221.GA32456@altlinux.org > > > > Fixes: e2c0cdfba7f69 ("RISC-V: User-facing API") > > Cc: Ingo Molnar <mingo@redhat.com> > > Cc: Kees Cook <keescook@chromium.org> > > Cc: Andy Lutomirski <luto@amacapital.net> > > Cc: Will Drewry <wad@chromium.org> > > Cc: Palmer Dabbelt <palmer@sifive.com> > > Cc: Albert Ou <aou@eecs.berkeley.edu> > > Cc: linux-riscv@lists.infradead.org > > Cc: stable@vger.kernel.org # v4.15+ > > Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> > > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> > > According to > https://lore.kernel.org/lkml/mhng-8e9b547b-7fe3-43d2-9dea-b217de923605@palmer-si-x1c4/ > the following tag could be added to this patch: > > Acked-by: Palmer Dabbelt <palmer@sifive.com> That link isn't actually an ack. Palmer, you OK if I add it? -- Steve
On Thu, 04 Apr 2019 07:26:53 PDT (-0700), rostedt@goodmis.org wrote: > On Thu, 4 Apr 2019 17:02:10 +0300 > "Dmitry V. Levin" <ldv@altlinux.org> wrote: > >> On Mon, Apr 01, 2019 at 09:41:07AM -0400, Steven Rostedt wrote: >> > From: "Dmitry V. Levin" <ldv@altlinux.org> >> > >> > RISC-V syscall arguments are located in orig_a0,a1..a5 fields >> > of struct pt_regs. >> > >> > Due to an off-by-one bug and a bug in pointer arithmetic >> > syscall_get_arguments() was reading s3..s7 fields instead of a1..a5. >> > Likewise, syscall_set_arguments() was writing s3..s7 fields >> > instead of a1..a5. >> > >> > Link: http://lkml.kernel.org/r/20190329171221.GA32456@altlinux.org >> > >> > Fixes: e2c0cdfba7f69 ("RISC-V: User-facing API") >> > Cc: Ingo Molnar <mingo@redhat.com> >> > Cc: Kees Cook <keescook@chromium.org> >> > Cc: Andy Lutomirski <luto@amacapital.net> >> > Cc: Will Drewry <wad@chromium.org> >> > Cc: Palmer Dabbelt <palmer@sifive.com> >> > Cc: Albert Ou <aou@eecs.berkeley.edu> >> > Cc: linux-riscv@lists.infradead.org >> > Cc: stable@vger.kernel.org # v4.15+ >> > Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> >> > Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> >> >> According to >> https://lore.kernel.org/lkml/mhng-8e9b547b-7fe3-43d2-9dea-b217de923605@palmer-si-x1c4/ >> the following tag could be added to this patch: >> >> Acked-by: Palmer Dabbelt <palmer@sifive.com> > > That link isn't actually an ack. Palmer, you OK if I add it? Acked-by: Palmer Dabbelt <palmer@sifive.com> (for the RISC-V parts) Thanks!
diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h index bba3da6ef157..6ea9e1804233 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -79,10 +79,11 @@ static inline void syscall_get_arguments(struct task_struct *task, if (i == 0) { args[0] = regs->orig_a0; args++; - i++; n--; + } else { + i--; } - memcpy(args, ®s->a1 + i * sizeof(regs->a1), n * sizeof(args[0])); + memcpy(args, ®s->a1 + i, n * sizeof(args[0])); } static inline void syscall_set_arguments(struct task_struct *task, @@ -94,10 +95,11 @@ static inline void syscall_set_arguments(struct task_struct *task, if (i == 0) { regs->orig_a0 = args[0]; args++; - i++; n--; - } - memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); + } else { + i--; + } + memcpy(®s->a1 + i, args, n * sizeof(regs->a1)); } static inline int syscall_get_arch(void)