nios2: traced syscall does need to check the syscall number

commit 25ba820ef36bdbaf9884adeac69b6e1821a7df76 upstream. all checks done before letting the tracer modify the register state are worthless... Fixes: 82ed08dd1b0e ("nios2: Exception handling") Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Al Viro <viro@zeniv.linux.org.uk> 2022-08-08 16:07:21 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-08-25 11:18:27 +0200
commit: 9e9151768bde6405ddec3d07fba80fa5e197b026 (patch)
tree: 893778b2a82ee6157393b9e53af0bc4ac8056da3 /arch/nios2
parent: 73c088373234d47533c91526e828b66de387ed52 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/arch/nios2/kernel/entry.S b/arch/nios2/kernel/entry.S
index 4e0bf52e68ea..b393600191ad 100644
--- a/arch/nios2/kernel/entry.S
+++ b/arch/nios2/kernel/entry.S
@@ -255,9 +255,9 @@ traced_system_call:
 	ldw	r6, PT_R6(sp)
 	ldw	r7, PT_R7(sp)
 
-	/* Fetch the syscall function, we don't need to check the boundaries
-	 * since this is already done.
-	 */
+	/* Fetch the syscall function. */
+	movui	r1, __NR_syscalls
+	bgeu	r2, r1, traced_invsyscall
 	slli	r1, r2, 2
 	movhi	r11,%hiadj(sys_call_table)
 	add	r1, r1, r11
@@ -287,6 +287,11 @@ end_translate_rc_and_ret2:
 	RESTORE_SWITCH_STACK
 	br	ret_from_exception
 
+	/* If the syscall number was invalid return ENOSYS */
+traced_invsyscall:
+	movi	r2, -ENOSYS
+	br	translate_rc_and_ret2
+
 Luser_return:
 	GET_THREAD_INFO	r11			/* get thread_info pointer */
 	ldw	r10, TI_FLAGS(r11)		/* get thread_info->flags */
author	Al Viro <viro@zeniv.linux.org.uk>	2022-08-08 16:07:21 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-08-25 11:18:27 +0200
commit	9e9151768bde6405ddec3d07fba80fa5e197b026 (patch)
tree	893778b2a82ee6157393b9e53af0bc4ac8056da3 /arch/nios2
parent	73c088373234d47533c91526e828b66de387ed52 (diff)