android_kernel_google_msm/arch
Sven Wegener 4aedd4b054 x86_32, entry: Store badsys error code in %eax
commit 8142b21550 upstream.

Commit 554086d ("x86_32, entry: Do syscall exit work on badsys
(CVE-2014-4508)") introduced a regression in the x86_32 syscall entry
code, resulting in syscall() not returning proper errors for undefined
syscalls on CPUs supporting the sysenter feature.

The following code:

> int result = syscall(666);
> printf("result=%d errno=%d error=%s\n", result, errno, strerror(errno));

results in:

> result=666 errno=0 error=Success

Obviously, the syscall return value is the called syscall number, but it
should have been an ENOSYS error. When run under ptrace it behaves
correctly, which makes it hard to debug in the wild:

> result=-1 errno=38 error=Function not implemented

The %eax register is the return value register. For debugging via ptrace
the syscall entry code stores the complete register context on the
stack. The badsys handlers only store the ENOSYS error code in the
ptrace register set and do not set %eax like a regular syscall handler
would. The old resume_userspace call chain contains code that clobbers
%eax and it restores %eax from the ptrace registers afterwards. The same
goes for the ptrace-enabled call chain. When ptrace is not used, the
syscall return value is the passed-in syscall number from the untouched
%eax register.

Use %eax as the return value register in syscall_badsys and
sysenter_badsys, like a real syscall handler does, and have the caller
push the value onto the stack for ptrace access.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Link: http://lkml.kernel.org/r/alpine.LNX.2.11.1407221022380.31021@titan.int.lan.stealer.net
Reviewed-and-tested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-07-31 12:54:52 -07:00
..
alpha alpha: makefile: don't enforce small data model for kernel builds 2013-08-20 08:26:28 -07:00
arm ARM: OMAP2+: Fix parser-bug in platform muxing code 2014-07-09 10:51:20 -07:00
avr32 avr32: Makefile: add '-D__linux__' flag for gcc-4.4.7 use 2014-03-11 16:09:57 -07:00
blackfin
c6x
cris cris: media platform drivers: fix build 2013-11-29 10:50:37 -08:00
frv frv: Use core allocator for task_struct 2013-08-20 08:26:28 -07:00
h8300 signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer 2013-04-05 10:04:14 -07:00
hexagon
ia64 exec/ptrace: fix get_dumpable() incorrect tests 2013-11-29 10:50:34 -08:00
m32r m32r: make memset() global for CONFIG_KERNEL_BZIP2=y 2013-09-14 06:02:11 -07:00
m68k m68k/atari: ARAnyM - Fix NatFeat module support 2013-08-20 08:26:29 -07:00
microblaze microblaze: Update microblaze defconfigs 2013-08-20 08:26:27 -07:00
mips MIPS: MSC: Prevent out-of-bounds writes to MIPS SC ioremap'd region 2014-07-06 18:49:19 -07:00
mn10300 signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer 2013-04-05 10:04:14 -07:00
openrisc
parisc parisc: fix epoll_pwait syscall on compat kernel 2014-06-07 16:01:57 -07:00
powerpc powerpc/perf: Never program book3s PMCs with values >= 0x80000000 2014-07-17 15:39:50 -07:00
s390 s390/lowcore: reserve 96 bytes for IRB in lowcore 2014-06-30 20:01:31 -07:00
score score: Add missing RCU idle APIs on idle loop 2012-10-13 05:38:55 +09:00
sh sh: fix format string bug in stack tracer 2014-05-06 07:51:45 -07:00
sparc sparc64: don't treat 64-bit syscall return codes as 32-bit 2014-04-26 17:13:19 -07:00
tile tile: use a more conservative __my_cpu_offset in CONFIG_PREEMPT 2013-10-13 15:42:50 -07:00
um um: add missing declaration of 'getrlimit()' and friends 2013-12-11 22:34:11 -08:00
unicore32 mm, show_mem: suppress page counts in non-blockable contexts 2013-10-13 15:42:49 -07:00
x86 x86_32, entry: Store badsys error code in %eax 2014-07-31 12:54:52 -07:00
xtensa xtensa: don't use alternate signal stack on threads 2013-11-13 12:01:49 +09:00
.gitignore
Kconfig