From nobody Sun May 24 21:37:39 2026
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A92738228F
	for <linux-kernel@vger.kernel.org>; Thu, 21 May 2026 10:00:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.45
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779357614; cv=none;
 b=Fb/T4Y7dJCSqmlZ8SXCqfzmZbCztPIIS+SQcSwtnSYiZzX2Tl0wJAfoarzXrOCqDUzZ1wyEqsDYxavkcLGDX/zZbjOC2L8F1AvX724PqhF8hf1XNEWVIydSsKU7fPc88Z30p6xvzHV5PaOwXik/WZSpUUBlvGf5P7pYKU/oMnTc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779357614; c=relaxed/simple;
	bh=C2RVFkRflNNWVpwy3bzTkXkqKQmsPqWZ0B4Xb2BKlt0=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=I5p2kMx+a3QpgP4PBYkSpqww+lVBdsA0G7oRyI6gsWlnTgOKYq4v1Fj1pYgHp4XGzE1JsDWvcOL3ktUaUq4g3qDCOb8WNWaHlTZxlcaWAaEK0knioqw19rBX+j3Veg1WLOOggIJR97GcEcqJts3PiKRJaVWgIjT9Rd7XzGlNeos=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=Cpfa5Pbm; arc=none smtp.client-ip=209.85.216.45
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="Cpfa5Pbm"
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-366330b6751so4620974a91.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 21 May 2026 03:00:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779357612; x=1779962412;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=yVOsPLBQPlP1hoWnahX+LhIqlKbd5jGX8t7OujcN3pg=;
        b=Cpfa5Pbmdo545doIJi2qgf/c+uGpmBmRUakFJ/zZQjxJLpUN0GJXnY1PUjrcG1KgAW
         cuZMDMVMyGuA2H8AHr6fSFQnNIVYMgU1cUY4CD6nyNu1e4yRe9DnjmwHh2zDmjcEPs7K
         eFKrTtJkxjW9YpcUurja022/kDQBGpg3npULPlXx8o74LhfWgnhtKO1pPd5aJ70EHIIQ
         sC93FAVTq4AQdexJlh5r/sBa6HIIZR9CNTaXgWLUuHMxLfBkCiUegyRvDPg4YqMamXQZ
         hj9IQDmsB2ii5MLpWTtDQoaGK8ai9n/euMYdHefXayqiGCXE4ZeTSq9L99laBTx1vUjw
         SQCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779357612; x=1779962412;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=yVOsPLBQPlP1hoWnahX+LhIqlKbd5jGX8t7OujcN3pg=;
        b=B4FzA+RNUUGWvrz2p254KEQ6JIGpLGMgAqMGTVWx2g2BKH1J8mjzYfIhwz5yJtNVrV
         K5Ecnr2QNIp2hZSppKML6XBubjOWX4Dn214dLAbbE0Nz75hgqQ1yr/Z48hcL2HLgCywc
         LtrdvDg9WE2OczolHhizcEMK/H5t7UAuhJUhuK01tSGI8K2P9qBE7TKvCAsj26Xf85kd
         x2usrNymzMfymPOOCrccAOA6GuI4H/z2JYCBdDSarkEtPXYAzyjKsvcvAaVDt4v3X2/L
         IL7q1BTwwaCjOcK4khE7FsrbXkdiuuDIQsm8OJgZVyEyQXmZxDvqZwn3jOkcSsE6+yIa
         s4Hw==
X-Forwarded-Encrypted: i=1;
 AFNElJ9WJxuhc5BXtxikvEYpbdGvIzR1wY4IcAsCjwPV9WtQT55F62iy9UDULxuX2bqLaZPhXY+HcwlsB1hYW3Q=@vger.kernel.org
X-Gm-Message-State: AOJu0YwlujqoOKgH6HV6oUFoJsgnjN1Kq0C1y+VySHlVobmw9elDNyMf
	1c9+VdiTMkKfUocaHmgXxXi7GlilfqNj+BUfmvRTyxLIydvwx9u6cbiRHGNzFcbCoNg=
X-Gm-Gg: Acq92OGzIu6E6wQW9z4WV1AtfI5YKKlj+5QSmvX8ejv2nYUpXTIBlnhDCFCus7k72Hw
	xl3AdLXa1yT/8ety1iqieV+zQsQFFydvtZZ709m5VCM3gWSXlGF2dlR6IHfg6qAxbz5wsr0toHA
	Ra3AO3lJRoSkWA7D2tp022MMTY9DwDkDeQ7lvMIvb4ScvEe0/nYZpdxAcgsQ9Ecqq0WzFpICqZh
	/naiZ4MBdQ8uAbB3R/ESOEcwTRvW4oLEyJTCB97EIIUQ/UYri1evCfPMj0h+X99bbN9nJGPI7aT
	mNDcvd9mljtadHGthk8mmWIPgXo4ToNmQDuSJkylaX5T4VM/DFwtZvfvJtsWrgJNNJXweXVisLe
	DymcFU57PeXz1UW3Jg7Wzf+ACwsbHEd+yY6R52N8mJepieeA8YA7OqKVEscTG6tJEH5aBCy+GXG
	1BXUOmR/a6tJM2LtW66DNl1S40cTn7hMeqXEeIhFBuVCmSVAY+MPY0YB+x0lmXxrtou2C4jfI=
X-Received: by 2002:a17:902:e849:b0:2bd:49ce:d240 with SMTP id
 d9443c01a7336-2bea31c7662mr25049845ad.5.1779357612371;
        Thu, 21 May 2026 03:00:12 -0700 (PDT)
Received: from gmail.com (42-200-172-209.static.imsbiz.com. [42.200.172.209])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2bea990e08csm5499005ad.63.2026.05.21.03.00.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 May 2026 03:00:11 -0700 (PDT)
From: hlsong <pgeorge8929@gmail.com>
To: Guo Ren <guoren@kernel.org>
Cc: linux-csky@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	hlsong89 <pgeorge8929@gmail.com>
Subject: [PATCH] csky: Fix a4/a5 restoration in syscall trace path
Date: Thu, 21 May 2026 17:59:46 +0800
Message-Id: <20260521095946.37876-1-pgeorge8929@gmail.com>
X-Mailer: git-send-email 2.25.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: hlsong89 <pgeorge8929@gmail.com>

The syscall trace path reloads syscall arguments from pt_regs before
calling the syscall handler. On C-SKY ABIv2, the 5th and 6th syscall
arguments are prepared as stack arguments before invoking syscallid.

The current code adjusts sp before loading LSAVE_A4 and LSAVE_A5. Since
those offsets are relative to the original pt_regs base, loading them
after changing sp fetches the wrong slots. As a result, traced syscalls
that use the 5th or 6th argument may receive corrupted arguments.

This is visible with mmap2(), which takes six arguments. A small
PTRACE_SYSCALL reproducer opens a file and maps one page with:

  mmap(NULL, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0)

Before the fix, the traced child fails the mmap and exits with 12.
After the fix, the mapping succeeds and the child exits with 0.

Fix the trace path by using the correct pt_regs offsets after adjusting sp.

Tested on: ck860f, linux-4.19.15, C-SKY abiv2

Signed-off-by: hlsong89 <pgeorge8929@gmail.com>
---
 arch/csky/kernel/entry.S | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
index c68cdcc76..98692fc78 100644
--- a/arch/csky/kernel/entry.S
+++ b/arch/csky/kernel/entry.S
@@ -94,9 +94,9 @@ csky_syscall_trace:
 	ldw	a3, (sp, LSAVE_A3)
 #if defined(__CSKYABIV2__)
 	subi	sp, 8
-	ldw	r9, (sp, LSAVE_A4)
+	ldw	r9, (sp, LSAVE_A4 + 8)
 	stw	r9, (sp, 0x0)
-	ldw	r9, (sp, LSAVE_A5)
+	ldw	r9, (sp, LSAVE_A5 + 8)
 	stw	r9, (sp, 0x4)
 	jsr	syscallid                     /* Do system call */
 	addi	sp, 8
--=20
2.25.1