diff options
| author | Matthew Leach <matthew.leach@arm.com> | 2013-10-11 14:52:14 +0100 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-12-14 16:48:48 +0100 |
| commit | 86474cd0a8a2a3dee6d34dfdb932ab09eb3a43d2 (patch) | |
| tree | bf83a11ee7e6959ae334763006a067c4b375b4b0 /arch/arm64/kernel/kuser32.S | |
| parent | 7ef835d45db04a5d9f2031480609d976030d1c24 (diff) | |
| download | android_kernel_m2note-86474cd0a8a2a3dee6d34dfdb932ab09eb3a43d2.tar.gz | |
arm64: big-endian: don't treat code as data when copying sigret code
Currently the sigreturn compat code is copied to an offset in the
vectors table. When using a BE kernel this data will be stored in the
wrong endianess so when returning from a signal on a 32-bit BE system,
arbitrary code will be executed.
Instead of declaring the code inside a struct and copying that, use
the assembler's .byte directives to store the code in the correct
endianess regardless of platform endianess.
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Matthew Leach <matthew.leach@arm.com>
Signed-off-by: Mister Oyster <oysterized@gmail.com>
Diffstat (limited to 'arch/arm64/kernel/kuser32.S')
| -rw-r--r-- | arch/arm64/kernel/kuser32.S | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index 2f5b3ff7e..7f60380c8 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -29,6 +29,7 @@ */ #include <asm/unistd.h> +#include <asm/unistd32.h> .align 5 .globl __kuser_helper_start @@ -78,3 +79,42 @@ __kuser_helper_version: // 0xffff0ffc .word ((__kuser_helper_end - __kuser_helper_start) >> 5) .globl __kuser_helper_end __kuser_helper_end: + +/* + * AArch32 sigreturn code + * + * For ARM syscalls, the syscall number has to be loaded into r7. + * We do not support an OABI userspace. + * + * For Thumb syscalls, we also pass the syscall number via r7. We therefore + * need two 16-bit instructions. + */ + .globl __aarch32_sigret_code_start +__aarch32_sigret_code_start: + + /* + * ARM Code + */ + .byte __NR_compat_sigreturn, 0x70, 0xa0, 0xe3 // mov r7, #__NR_compat_sigreturn + .byte __NR_compat_sigreturn, 0x00, 0x00, 0xef // svc #__NR_compat_sigreturn + + /* + * Thumb code + */ + .byte __NR_compat_sigreturn, 0x27 // svc #__NR_compat_sigreturn + .byte __NR_compat_sigreturn, 0xdf // mov r7, #__NR_compat_sigreturn + + /* + * ARM code + */ + .byte __NR_compat_rt_sigreturn, 0x70, 0xa0, 0xe3 // mov r7, #__NR_compat_rt_sigreturn + .byte __NR_compat_rt_sigreturn, 0x00, 0x00, 0xef // svc #__NR_compat_rt_sigreturn + + /* + * Thumb code + */ + .byte __NR_compat_rt_sigreturn, 0x27 // svc #__NR_compat_rt_sigreturn + .byte __NR_compat_rt_sigreturn, 0xdf // mov r7, #__NR_compat_rt_sigreturn + + .globl __aarch32_sigret_code_end +__aarch32_sigret_code_end: |