• Alex Smith's avatar
    MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts · e90e6fdd
    Alex Smith authored
    On 32-bit/O32, pt_regs has a padding area at the beginning into which the
    syscall arguments passed via the user stack are copied. 4 arguments
    totalling 16 bytes are copied to offset 16 bytes into this area, however
    the area is only 24 bytes long. This means the last 2 arguments overwrite
    pt_regs->regs[{0,1}].
    
    If a syscall function returns an error, handle_sys stores the original
    syscall number in pt_regs->regs[0] for syscall restart. signal.c checks
    whether regs[0] is non-zero, if it is it will check whether the syscall
    return value is one of the ERESTART* codes to see if it must be
    restarted.
    
    Should a syscall be made that results in a non-zero value being copied
    off the user stack into regs[0], and then returns a positive (non-error)
    value that matches one of the ERESTART* error codes, this can be mistaken
    for requiring a syscall restart.
    
    While the possibility for this to occur has always existed, it is made
    much more likely to occur by commit 46e12c07 ("MIPS: O32 / 32-bit:
    Always copy 4 stack arguments."), since now every syscall will copy 4
    arguments and overwrite regs[0], rather than just those with 7 or 8
    arguments.
    
    Since that commit, booting Debian under a 32-bit MIPS kernel almost
    always results in a hang early in boot, due to a wait4 syscall returning
    a PID that matches one of the ERESTART* codes, which then causes an
    incorrect restart of the syscall.
    
    The problem is fixed by increasing the size of the padding area so that
    arguments copied off the stack will not overwrite pt_regs->regs[{0,1}].
    Signed-off-by: default avatarAlex Smith <alex.smith@imgtec.com>
    Cc: <stable@vger.kernel.org> # v3.13+
    Reviewed-by: default avatarAurelien Jarno <aurelien@aurel32.net>
    Tested-by: default avatarAurelien Jarno <aurelien@aurel32.net>
    Cc: linux-mips@linux-mips.org
    Patchwork: https://patchwork.linux-mips.org/patch/7454/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
    e90e6fdd
ptrace.h 2.94 KB