diff options
author | Roland McGrath <roland@redhat.com> | 2010-09-14 15:22:58 -0400 |
---|---|---|
committer | H. Peter Anvin <hpa@linux.intel.com> | 2010-09-14 19:08:47 -0400 |
commit | eefdca043e8391dcd719711716492063030b55ac (patch) | |
tree | 38d41d04567876204017fe9618908d7550a579e4 /arch | |
parent | 36d001c70d8a0144ac1d038f6876c484849a74de (diff) |
x86-64, compat: Retruncate rax after ia32 syscall entry tracing
In commit d4d6715, we reopened an old hole for a 64-bit ptracer touching a
32-bit tracee in system call entry. A %rax value set via ptrace at the
entry tracing stop gets used whole as a 32-bit syscall number, while we
only check the low 32 bits for validity.
Fix it by truncating %rax back to 32 bits after syscall_trace_enter,
in addition to testing the full 64 bits as has already been added.
Reported-by: Ben Hawkes <hawkes@sota.gen.nz>
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/x86/ia32/ia32entry.S | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S index 84e3a4ef9719..518bb99c3394 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S | |||
@@ -50,7 +50,12 @@ | |||
50 | /* | 50 | /* |
51 | * Reload arg registers from stack in case ptrace changed them. | 51 | * Reload arg registers from stack in case ptrace changed them. |
52 | * We don't reload %eax because syscall_trace_enter() returned | 52 | * We don't reload %eax because syscall_trace_enter() returned |
53 | * the value it wants us to use in the table lookup. | 53 | * the %rax value we should see. Instead, we just truncate that |
54 | * value to 32 bits again as we did on entry from user mode. | ||
55 | * If it's a new value set by user_regset during entry tracing, | ||
56 | * this matches the normal truncation of the user-mode value. | ||
57 | * If it's -1 to make us punt the syscall, then (u32)-1 is still | ||
58 | * an appropriately invalid value. | ||
54 | */ | 59 | */ |
55 | .macro LOAD_ARGS32 offset, _r9=0 | 60 | .macro LOAD_ARGS32 offset, _r9=0 |
56 | .if \_r9 | 61 | .if \_r9 |
@@ -60,6 +65,7 @@ | |||
60 | movl \offset+48(%rsp),%edx | 65 | movl \offset+48(%rsp),%edx |
61 | movl \offset+56(%rsp),%esi | 66 | movl \offset+56(%rsp),%esi |
62 | movl \offset+64(%rsp),%edi | 67 | movl \offset+64(%rsp),%edi |
68 | movl %eax,%eax /* zero extension */ | ||
63 | .endm | 69 | .endm |
64 | 70 | ||
65 | .macro CFI_STARTPROC32 simple | 71 | .macro CFI_STARTPROC32 simple |