From nobody Sun May 24 19:33:19 2026
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98811301704
	for <linux-kernel@vger.kernel.org>; Fri, 22 May 2026 03:18:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.52
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779419917; cv=none;
 b=av9oT3fqH7B6LtMsApxAhcUBlN7gYeBruPrtXMV+wFJk3VdkXnnf+8As6BbyJQaErl7dIlxoQDbvX8iYR873zXNEn2OC5is1kWc57d4ZuMDL6YFZBSDO4q711CZG31+vHyYdg05CT5sbcEVuM6ZPLsrK/rnv0DKAWLUxNYzH7LY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779419917; c=relaxed/simple;
	bh=RHcrASUOn7BVoJt+yDpq8P6M8enx47c//4tLXYQfln0=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=kBdKt1wA8TvxnXIaRI4+1oCFJIDIhu3QedEffyZVnhU97dV6VUnWvNwcEuowpX81MUFXJ7QnIdvaanz96Jda7jSFBspJQ4FLODOihrNrUN3UlhJ/Pl6NPHDhrAMlF9st1xPmuk5SzJB3wYTPlQ3DSsYq8dxn/hZErBMXyyVhYJc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=CYIXtGq7; arc=none smtp.client-ip=209.85.216.52
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="CYIXtGq7"
Received: by mail-pj1-f52.google.com with SMTP id
 98e67ed59e1d1-367cbac9cb1so6425016a91.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 21 May 2026 20:18:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779419916; x=1780024716;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/T4BWblikkw6zSJAAAEguKwZNShD2P4z6u7X5YgfzeE=;
        b=CYIXtGq7RwjYwpKjQ7+y2agcBgAItZL+xA7yz84pjwWMP2CaWfFENomolJvMGM5wCs
         3GA6V7jG62+f/KoxwcClrSKN8+wANsUMKh6/a4GGCvBHyP05HTenBdPubewNLYMH/tw8
         mve7I2QrFFbQ5Pfx5cEir4u5EzMAoVWlDVxRBRk/zcO5jnogO2DxZ71929C++ImHNM2I
         JjCyS4B5lyXlEHlsWqGn8Pskuua5npK52mLSCd/gOprSV4Ofzf+hFWdMnFWtkg99EDif
         KZbq9FWE6aJuuIFDQh/Zun2Ki5Rr73P2Sk8oowmmV23d+N0RJSvlUSzAcbEffdVh7W8c
         as6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779419916; x=1780024716;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=/T4BWblikkw6zSJAAAEguKwZNShD2P4z6u7X5YgfzeE=;
        b=WBmsS0hjH0szzuWwIr0fZDYFX0sjwPChpminSdLKrP0DvA9aHQ/GbIlSVJUVuSXGaJ
         J4DFIyZ4wT/eDn19LClXAVHX+6e/s8IFMuQNzZRn4/7qN2SQKWPnWg/toJr7Rv+Bpln9
         aMWut93+4Y3wd5sDXoY0kc9MindMTSXcFDn2CvZkLFh/Tc4i37pli1vau1PJMbtUUaNM
         0QEw2ZmsEg6FfCYdV3ZRxRjTMXsLOvVbVLSkB/wsfqMpGmW8baS5u2KnwalIvWQ931Ab
         A6bT4aLoay5LcnhuWuj14p75R/SCwraRaq9uBlAPKnuujkim+BdXsGoqJz6nCA4hhNJ1
         uf3w==
X-Forwarded-Encrypted: i=1;
 AFNElJ8TxSgZiZoDlImmx/vilhcI6uUOmKp7Mc9aRtELnSceAD7o19FGaTqyYqFNxBo4lwGDFx8iq5UguJUprkg=@vger.kernel.org
X-Gm-Message-State: AOJu0YxJvhH+ubTr4vRuUe9HaYjxo0kcxzTXeVPTRIlxUG4510FA73+I
	dmhCQ0cxuxkG496auYsuKvBHPOdeR+vy0AdKwZk7kyvMxyLaJtslfxTK
X-Gm-Gg: Acq92OHQArAR+Ri17XqjEJKFAKp+MG0q1HHbjPdpeNtXs7h90/kRErvKzFqg0eT2CHT
	Hb3ipTcd+IQoGM3FqI11PTHJKUOHaSik3C/WjhVQs1mRLvMqbqFemB7Ombh63laomgcyNvmQwMW
	mhGIm1sET6JQrLIFfHx/hWOvhBDOFiezo4sRTMpj4VDE2IBM/3bnIHQcsKFGcdPGy/U9/+xxVGr
	8sbViEiwgEdFDMBiou6EAcJ+9jQoU1htGIBA9U7Xfz/L56EvJ9j1mhgwNBKrhttF6/ryu7paLwV
	jYtXBQOubzaQFPTzgUYBdxg/YdX3EKZw+NoGxXgDt5JU3o0OXgps8X2HqmqPuM7RIeeXIKiP8na
	J4uj21L2kl/ZfW4oyiVFWE/X/vFrpieo7zrM83wKTjgSXPwCIVEHUl+IExZfXMV1g0Ib8FAE/DC
	fM58FS6JPpXMnCIBsAXyoBmcmP2/2zAodgUyp6Q05owoBSVtwy2+hpTCLFw4xTQ1jmM3iW3qfHw
	rc2CoDx
X-Received: by 2002:a17:90b:2b88:b0:367:db13:aca6 with SMTP id
 98e67ed59e1d1-36a6785aedcmr1835344a91.26.1779419915891;
        Thu, 21 May 2026 20:18:35 -0700 (PDT)
Received: from gmail.com (42-200-231-193.static.imsbiz.com. [42.200.231.193])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-36a721c7b92sm393706a91.12.2026.05.21.20.18.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 May 2026 20:18:35 -0700 (PDT)
From: Hanlin Song <pgeorge8929@gmail.com>
To: Guo Ren <guoren@kernel.org>
Cc: linux-csky@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Hanlin Song <pgeorge8929@gmail.com>
Subject: [PATCH v3] csky: Fix a4/a5 restoration in syscall trace path
Date: Fri, 22 May 2026 11:18:24 +0800
Message-Id: <20260522031824.22834-1-pgeorge8929@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: 
 <CAJF2gTT1LwmR=b+_-8M9Q4iZ5V=GYM0P7qbLSRWgsvajCtJ0kA@mail.gmail.com>
References: 
 <CAJF2gTT1LwmR=b+_-8M9Q4iZ5V=GYM0P7qbLSRWgsvajCtJ0kA@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The syscall trace path reloads syscall arguments from pt_regs before
calling the syscall handler. On C-SKY ABIv2, the 5th and 6th syscall
arguments are prepared as stack arguments before invoking syscallid.

The current code adjusts sp before loading LSAVE_A4 and LSAVE_A5. Since
those offsets are relative to the original pt_regs base, loading them
after changing sp fetches the wrong slots. As a result, traced syscalls
that use the 5th or 6th argument may receive corrupted arguments.

This is visible with mmap2(), which takes six arguments. A small
PTRACE_SYSCALL reproducer opens a file and maps one page with:

  mmap(NULL, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0)

Before the fix, the traced child fails the mmap and exits with 12.
After the fix, the mapping succeeds and the child exits with 0.

Fix the trace path by loading a4/a5 from pt_regs before changing sp.

Tested on: ck860f, linux-4.19.15, C-SKY abiv2

Suggested-by: Guo Ren <guoren@kernel.org>
Signed-off-by: Hanlin Song <pgeorge8929@gmail.com>
---
Changes in v3:
- Use full real name for the author and Signed-off-by.

Changes in v2:
- Use Guo Ren's suggested approach to handle the ABIv2 stack arguments.
- Tested with the ptrace+mmap reproducer.

 arch/csky/kernel/entry.S | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
index c68cdcc76..3261f46f2 100644
--- a/arch/csky/kernel/entry.S
+++ b/arch/csky/kernel/entry.S
@@ -93,11 +93,11 @@ csky_syscall_trace:
 	ldw	a2, (sp, LSAVE_A2)
 	ldw	a3, (sp, LSAVE_A3)
 #if defined(__CSKYABIV2__)
-	subi	sp, 8
 	ldw	r9, (sp, LSAVE_A4)
+	ldw	r10, (sp, LSAVE_A5)
+	subi	sp, 8
 	stw	r9, (sp, 0x0)
-	ldw	r9, (sp, LSAVE_A5)
-	stw	r9, (sp, 0x4)
+	stw	r10, (sp, 0x4)
 	jsr	syscallid                     /* Do system call */
 	addi	sp, 8
 #else

base-commit: 5200f5f493f79f14bbdc349e402a40dfb32f23c8
--=20
2.25.1