Re: [PATCH v2] csky: Fix a4/a5 restoration in syscall trace path

[Guo Ren]

Please resend this patch, thx.

On Fri, May 22, 2026 at 2:14 AM George Patton <pgeorge8929@xxxxxxxxx> wrote:
>
> Hi Guo,
>
> Sorry for the noise. I noticed that the patch was submitted with my
> short handle as the author / Signed-off-by name.
>
> If it is still possible, could you please update it from:
>
> hlsong <pgeorge8929@xxxxxxxxx>
>
> to:
>
> Hanlin Song <pgeorge8929@xxxxxxxxx>
>
> Thanks,
> Hanlin
>
> Guo Ren <guoren@xxxxxxxxxx> 于2026年5月21日周四 23:45写道：
>>
>> On Thu, May 21, 2026 at 7:34 PM hlsong <pgeorge8929@xxxxxxxxx> wrote:
>> >
>> > From: hlsong89 <pgeorge8929@xxxxxxxxx>
>> >
>> > The syscall trace path reloads syscall arguments from pt_regs before
>> > calling the syscall handler. On C-SKY ABIv2, the 5th and 6th syscall
>> > arguments are prepared as stack arguments before invoking syscallid.
>> >
>> > The current code adjusts sp before loading LSAVE_A4 and LSAVE_A5. Since
>> > those offsets are relative to the original pt_regs base, loading them
>> > after changing sp fetches the wrong slots. As a result, traced syscalls
>> > that use the 5th or 6th argument may receive corrupted arguments.
>> >
>> > This is visible with mmap2(), which takes six arguments. A small
>> > PTRACE_SYSCALL reproducer opens a file and maps one page with:
>> >
>> >   mmap(NULL, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0)
>> >
>> > Before the fix, the traced child fails the mmap and exits with 12.
>> > After the fix, the mapping succeeds and the child exits with 0.
>> >
>> > Fix the trace path by loading a4/a5 from pt_regs before changing sp.
>> >
>> > Tested on: ck860f, linux-4.19.15, C-SKY abiv2
>> >
>> > Suggested-by: Guo Ren <guoren@xxxxxxxxxx>
>> > Signed-off-by: hlsong89 <pgeorge8929@xxxxxxxxx>
>> > ---
>> > Changes in v2:
>> > - Use Guo Ren's suggested approach to handle the ABIv2 stack arguments.
>> > - Tested with the ptrace+mmap reproducer.
>> >
>> >  arch/csky/kernel/entry.S | 6 +++---
>> >  1 file changed, 3 insertions(+), 3 deletions(-)
>> >
>> > diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
>> > index c68cdcc76..3261f46f2 100644
>> > --- a/arch/csky/kernel/entry.S
>> > +++ b/arch/csky/kernel/entry.S
>> > @@ -93,11 +93,11 @@ csky_syscall_trace:
>> >         ldw     a2, (sp, LSAVE_A2)
>> >         ldw     a3, (sp, LSAVE_A3)
>> >  #if defined(__CSKYABIV2__)
>> > -       subi    sp, 8
>> >         ldw     r9, (sp, LSAVE_A4)
>> > +       ldw     r10, (sp, LSAVE_A5)
>> > +       subi    sp, 8
>> >         stw     r9, (sp, 0x0)
>> > -       ldw     r9, (sp, LSAVE_A5)
>> > -       stw     r9, (sp, 0x4)
>> > +       stw     r10, (sp, 0x4)
>> >         jsr     syscallid                     /* Do system call */
>> >         addi    sp, 8
>> >  #else
>> >
>> > base-commit: 5200f5f493f79f14bbdc349e402a40dfb32f23c8
>> > --
>> > 2.25.1
>> >
>> Applied, thx.
>>
>> --
>> Best Regards
>>  Guo Ren



-- 
Best Regards
 Guo Ren