Re: [PATCH v2] csky: Fix a4/a5 restoration in syscall trace path

[Guo Ren]

On Thu, May 21, 2026 at 7:34 PM hlsong <pgeorge8929@xxxxxxxxx> wrote:
>
> From: hlsong89 <pgeorge8929@xxxxxxxxx>
>
> The syscall trace path reloads syscall arguments from pt_regs before
> calling the syscall handler. On C-SKY ABIv2, the 5th and 6th syscall
> arguments are prepared as stack arguments before invoking syscallid.
>
> The current code adjusts sp before loading LSAVE_A4 and LSAVE_A5. Since
> those offsets are relative to the original pt_regs base, loading them
> after changing sp fetches the wrong slots. As a result, traced syscalls
> that use the 5th or 6th argument may receive corrupted arguments.
>
> This is visible with mmap2(), which takes six arguments. A small
> PTRACE_SYSCALL reproducer opens a file and maps one page with:
>
>   mmap(NULL, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0)
>
> Before the fix, the traced child fails the mmap and exits with 12.
> After the fix, the mapping succeeds and the child exits with 0.
>
> Fix the trace path by loading a4/a5 from pt_regs before changing sp.
>
> Tested on: ck860f, linux-4.19.15, C-SKY abiv2
>
> Suggested-by: Guo Ren <guoren@xxxxxxxxxx>
> Signed-off-by: hlsong89 <pgeorge8929@xxxxxxxxx>
> ---
> Changes in v2:
> - Use Guo Ren's suggested approach to handle the ABIv2 stack arguments.
> - Tested with the ptrace+mmap reproducer.
>
>  arch/csky/kernel/entry.S | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
> index c68cdcc76..3261f46f2 100644
> --- a/arch/csky/kernel/entry.S
> +++ b/arch/csky/kernel/entry.S
> @@ -93,11 +93,11 @@ csky_syscall_trace:
>         ldw     a2, (sp, LSAVE_A2)
>         ldw     a3, (sp, LSAVE_A3)
>  #if defined(__CSKYABIV2__)
> -       subi    sp, 8
>         ldw     r9, (sp, LSAVE_A4)
> +       ldw     r10, (sp, LSAVE_A5)
> +       subi    sp, 8
>         stw     r9, (sp, 0x0)
> -       ldw     r9, (sp, LSAVE_A5)
> -       stw     r9, (sp, 0x4)
> +       stw     r10, (sp, 0x4)
>         jsr     syscallid                     /* Do system call */
>         addi    sp, 8
>  #else
>
> base-commit: 5200f5f493f79f14bbdc349e402a40dfb32f23c8
> --
> 2.25.1
>
Applied, thx.

-- 
Best Regards
 Guo Ren