evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/arch/sh/kernel
History
Bobby Bingham abafe5d9b0 sh: push extra copy of r0-r2 for syscall parameters 
When invoking syscall handlers on sh32, the saved userspace registers
are at the top of the stack.  This seems to have been intentional, as it
is an easy way to pass r0, r1, ...  to the handler as parameters 5, 6,
...

It causes problems, however, because the compiler is allowed to generate
code for a function which clobbers that function's own parameters.  For
example, gcc generates the following code for clone:

    <SyS_clone>:
        mov.l   8c020714 <SyS_clone+0xc>,r1  ! 8c020540 <do_fork>
        mov.l   r7,@r15
        mov     r6,r7
        jmp     @r1
        mov     #0,r6
        nop
        .word 0x0540
        .word 0x8c02

The `mov.l r7,@r15` clobbers the saved value of r0 passed from
userspace.  For most system calls, this might not be a problem, because
we'll be overwriting r0 with the return value anyway.  But in the case
of clone, copy_thread will need the original value of r0 if the
CLONE_SETTLS flag was specified.

The first patch in this series fixes this issue for system calls by
pushing to the stack and extra copy of r0-r2 before invoking the
handler.  We discard this copy before restoring the userspace registers,
so it is not a problem if they are clobbered.

Exception handlers also receive the userspace register values in a
similar manner, and may hit the same problem.  The second patch removes
the do_fpu_error handler, which looks susceptible to this problem and
which, as far as I can tell, has not been used in some time.  The third
patch addresses other exception handlers.

This patch (of 3):

The userspace registers are stored at the top of the stack when the
syscall handler is invoked, which allows r0-r2 to act as parameters 5-7.
Parameters passed on the stack may be clobbered by the syscall handler.
The solution is to push an extra copy of the registers which might be
used as syscall parameters to the stack, so that the authoritative set
of saved register values does not get clobbered.

A few system call handlers are also updated to get the userspace
registers using current_pt_regs() instead of from the stack.

Signed-off-by: Bobby Bingham <koorogi@koorogi.info>
Cc: Paul Mundt <paul.mundt@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-03 16:20:52 -07:00
..
cpu sh: prefix sh-specific "CCR" and "CCR2" by "SH_" 2014-03-04 07:55:49 -08:00
vsyscall sh: vsyscall: Fix up .eh_frame generation. 2012-03-30 19:42:26 +09:00
.gitignore
asm-offsets.c
crash_dump.c crash_dump: export is_kdump_kernel to modules, consolidate elfcorehdr_addr, setup_elfcorehdr and saved_max_pfn 2011-03-23 19:47:19 -07:00
debugtraps.S
disassemble.c
dma-nommu.c SH: adapt for dma_map_ops changes 2012-03-28 16:36:37 +02:00
dumpstack.c sh: fix format string bug in stack tracer 2014-04-03 16:20:49 -07:00
dwarf.c arch/sh/kernel/dwarf.c: use rbtree postorder iteration helper instead of solution using repeated rb_erase() 2014-01-23 16:37:03 -08:00
entry-common.S sh: push extra copy of r0-r2 for syscall parameters 2014-04-03 16:20:52 -07:00
ftrace.c tracing: Unify arch_syscall_addr() implementations 2010-02-17 13:07:21 +01:00
head_32.S sh: boot kernel with SR.BL set 2010-09-30 09:43:32 +09:00
head_64.S
hw_breakpoint.c Disintegrate asm/system.h for SH 2012-03-28 18:30:03 +01:00
idle.c sched/idle, SH: Remove redundant cpuidle_idle_call() 2014-02-11 09:58:26 +01:00
io.c sh: support for platforms without PIO. 2010-06-02 16:31:42 +09:00
io_trapped.c Disintegrate asm/system.h for SH 2012-03-28 18:30:03 +01:00
iomap.c sh: machvec IO death. 2010-11-01 09:49:04 -04:00
ioport.c sections: fix section conflicts in arch/sh 2012-10-06 03:04:40 +09:00
irq.c sh: Use irq_set_affinity instead of homebrewn code 2014-03-04 17:37:55 +01:00
irq_32.c Fix IRQ flag handling naming 2010-10-07 14:08:55 +01:00
irq_64.c sh64: update for IRQ flag handling naming changes. 2010-10-27 15:34:51 +09:00
kdebugfs.c sh: provide generic arch_debugfs_dir. 2010-09-24 04:04:26 +09:00
kgdb.c arch/sh/kernel/kgdb.c: add missing #include <linux/sched.h> 2014-01-21 16:19:42 -08:00
kprobes.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
localtimer.c sh: CPU hotplug support. 2010-04-26 19:08:55 +09:00
machine_kexec.c memblock: s/memblock_analyze()/memblock_allow_resize()/ and update users 2011-12-08 10:22:08 -08:00
machvec.c sh: Kill off machvec IRQ hinting. 2012-05-21 17:54:01 +09:00
Makefile cpufreq: sh: move cpufreq driver to drivers/cpufreq 2013-04-10 13:19:25 +02:00
module.c modules: make arch's use default loader hooks 2011-07-24 22:06:04 +09:30
nmi_debug.c
perf_callchain.c sh: remove warning and warning_symbol from struct stacktrace_ops 2011-05-23 14:42:15 +09:00
perf_event.c sh: delete __cpuinit usage from all sh files 2013-07-14 19:36:53 -04:00
process.c sh: delete __cpuinit usage from all sh files 2013-07-14 19:36:53 -04:00
process_32.c sh: move fpu_counter into ARCH specific thread_struct 2013-11-13 12:09:13 +09:00
process_64.c sh64: kernel: remove useless variable 'regs' 2013-11-13 12:08:59 +09:00
ptrace.c sh: Add kprobe-based event tracer. 2010-06-14 15:16:53 +09:00
ptrace_32.c ptrace/sh: revert "hw_breakpoints: Fix racy access to ptrace breakpoints" 2013-07-09 10:33:26 -07:00
ptrace_64.c seccomp: ignore secure_computing return values 2012-04-18 12:24:50 +10:00
reboot.c Disintegrate asm/system.h for SH 2012-03-28 18:30:03 +01:00
relocate_kernel.S
return_address.c sh: handle early calls to return_address() when using dwarf unwinder. 2010-05-25 16:16:40 +09:00
setup.c memblock: make memblock_set_node() support different memblock_type 2014-01-21 16:19:44 -08:00
sh_bios.c early_printk: consolidate random copies of identical code 2013-04-29 18:28:13 -07:00
sh_ksyms_32.c sh: add EXPORT_SYMBOL(min_low_pfn) and EXPORT_SYMBOL(max_low_pfn) to sh_ksyms_32.c 2014-01-02 14:40:30 -08:00
sh_ksyms_64.c sh: use the new generic strnlen_user() function 2012-06-13 10:28:37 +09:00
signal_32.c sh: push extra copy of r0-r2 for syscall parameters 2014-04-03 16:20:52 -07:00
signal_64.c sh: switch to generic old sigaction() 2013-02-03 18:16:16 -05:00
smp.c sh: delete __cpuinit usage from all sh files 2013-07-14 19:36:53 -04:00
stacktrace.c sh: remove warning and warning_symbol from struct stacktrace_ops 2011-05-23 14:42:15 +09:00
swsusp.c
sys_sh.c sh: avoid to flush all cache in sys_cacheflush 2010-11-17 17:55:30 +09:00
sys_sh32.c sh: push extra copy of r0-r2 for syscall parameters 2014-04-03 16:20:52 -07:00
syscalls_32.S sh: wire up finit_module syscall. 2013-01-14 17:59:03 +09:00
syscalls_64.S sh: wire up finit_module syscall. 2013-01-14 17:59:03 +09:00
time.c sh: hwblk: Kill off remaining bits of hwblk API. 2011-11-18 16:26:00 +09:00
topology.c arch/sh: remove references to cpu_*_map. 2012-02-24 13:21:45 +09:00
traps.c taint: add explicit flag to show whether lock dep is still OK. 2013-01-21 17:17:57 +10:30
traps_32.c sh: delete __cpuinit usage from all sh files 2013-07-14 19:36:53 -04:00
traps_64.c sh: delete __cpuinit usage from all sh files 2013-07-14 19:36:53 -04:00
unwinder.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
vmlinux.lds.S mtd/uclinux: Use generic __bss_stop instead of _ebss 2012-06-27 09:59:43 +02:00