Re: [PATCH v2] csky: Fix a4/a5 restoration in syscall trace path

[Hanlin Song]

Hi Guo,

Sorry for the noise. I noticed that the patch was submitted with my
short handle as the author / Signed-off-by name.

If it is still possible, could you please update it from:

hlsong <pgeorge8929@xxxxxxxxx>

to:

Hanlin Song <pgeorge8929@xxxxxxxxx>

Thanks,
Hanlin


Guo Ren <guoren@xxxxxxxxxx> 于2026年5月21日周四 23:45写道：
>
> On Thu, May 21, 2026 at 7:34 PM hlsong <pgeorge8929@xxxxxxxxx> wrote:
> >
> > From: hlsong89 <pgeorge8929@xxxxxxxxx>
> >
> > The syscall trace path reloads syscall arguments from pt_regs before
> > calling the syscall handler. On C-SKY ABIv2, the 5th and 6th syscall
> > arguments are prepared as stack arguments before invoking syscallid.
> >
> > The current code adjusts sp before loading LSAVE_A4 and LSAVE_A5. Since
> > those offsets are relative to the original pt_regs base, loading them
> > after changing sp fetches the wrong slots. As a result, traced syscalls
> > that use the 5th or 6th argument may receive corrupted arguments.
> >
> > This is visible with mmap2(), which takes six arguments. A small
> > PTRACE_SYSCALL reproducer opens a file and maps one page with:
> >
> >   mmap(NULL, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0)
> >
> > Before the fix, the traced child fails the mmap and exits with 12.
> > After the fix, the mapping succeeds and the child exits with 0.
> >
> > Fix the trace path by loading a4/a5 from pt_regs before changing sp.
> >
> > Tested on: ck860f, linux-4.19.15, C-SKY abiv2
> >
> > Suggested-by: Guo Ren <guoren@xxxxxxxxxx>
> > Signed-off-by: hlsong89 <pgeorge8929@xxxxxxxxx>
> > ---
> > Changes in v2:
> > - Use Guo Ren's suggested approach to handle the ABIv2 stack arguments.
> > - Tested with the ptrace+mmap reproducer.
> >
> >  arch/csky/kernel/entry.S | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
> > index c68cdcc76..3261f46f2 100644
> > --- a/arch/csky/kernel/entry.S
> > +++ b/arch/csky/kernel/entry.S
> > @@ -93,11 +93,11 @@ csky_syscall_trace:
> >         ldw     a2, (sp, LSAVE_A2)
> >         ldw     a3, (sp, LSAVE_A3)
> >  #if defined(__CSKYABIV2__)
> > -       subi    sp, 8
> >         ldw     r9, (sp, LSAVE_A4)
> > +       ldw     r10, (sp, LSAVE_A5)
> > +       subi    sp, 8
> >         stw     r9, (sp, 0x0)
> > -       ldw     r9, (sp, LSAVE_A5)
> > -       stw     r9, (sp, 0x4)
> > +       stw     r10, (sp, 0x4)
> >         jsr     syscallid                     /* Do system call */
> >         addi    sp, 8
> >  #else
> >
> > base-commit: 5200f5f493f79f14bbdc349e402a40dfb32f23c8
> > --
> > 2.25.1
> >
> Applied, thx.
>
> --
> Best Regards
>  Guo Ren