On Mon, 2022-08-15 at 02:05 -0700, Greg Thelen wrote:> The arm64 post-syscall code (below) checks the syscall retval (x0) and
> conditionally sets errno:
>
> __syscall_common:
> cmp x0, #0x0
> b.ge 2f
> neg x0, x0
> ldr x8, 1f
> str x0, [x8]
> mov x0, #-1
> 2:
> ret
> 1:
> .dword errno
>
> There is a bug. When the syscall returns a negative value "str x0,
[x8]"
> stores 8 bytes in the 4 byte errno. The 4 bytes that follow errno are
> clobbered, which depending on linker data placement can corrupt
> important process memory.
>
> Only store 4 bytes in errno to avoid corruption.
Good catch. I've applied this.
Ben.
> Fixes: e4a2c914446b ("[klibc] arm64: Add arm64 support")
> Signed-off-by: Greg Thelen <gthelen at google.com>
> ---
> usr/klibc/arch/arm64/syscall.S | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/usr/klibc/arch/arm64/syscall.S
b/usr/klibc/arch/arm64/syscall.S
> index 3ce91fb77aa5..e1004122577d 100644
> --- a/usr/klibc/arch/arm64/syscall.S
> +++ b/usr/klibc/arch/arm64/syscall.S
> @@ -17,7 +17,7 @@ __syscall_common:
> b.ge 2f
> neg x0, x0
> ldr x8, 1f
> - str x0, [x8]
> + str w0, [x8]
> mov x0, #-1
> 2:
> ret
--
Ben Hutchings
It is a miracle that curiosity survives formal education.
- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<https://lists.zytor.com/archives/klibc/attachments/20220828/d7116db9/attachment.sig>