From 7ef26f26e95bdff0596543aea37ccc652cf36cd3 Mon Sep 17 00:00:00 2001 From: fef Date: Sun, 1 Aug 2021 23:28:25 +0200 Subject: [PATCH] syscall: add config option to check syscall source --- arch/at91sam3x8e/entry.c | 19 +++++++++++++++++++ arch/at91sam3x8e/syscall.S | 2 ++ include/config.h.in | 1 + options.cmake | 2 ++ 4 files changed, 24 insertions(+) diff --git a/arch/at91sam3x8e/entry.c b/arch/at91sam3x8e/entry.c index fea7513..ee819a5 100644 --- a/arch/at91sam3x8e/entry.c +++ b/arch/at91sam3x8e/entry.c @@ -9,6 +9,13 @@ #include #include +#include + +#ifdef CONFIG_CHECK_SYSCALL_SOURCE +/* syscall.S */ +extern uintptr_t __syscall_entry_point; +#endif + void arch_enter(void *sp) { struct reg_snapshot *regs = sp; @@ -17,6 +24,18 @@ void arch_enter(void *sp) sysarg_t arg4, sysarg_t arg5, sysarg_t arg6); int sc_ret; +# ifdef CONFIG_CHECK_SYSCALL_SOURCE + /* + * We need to ignore the program counter's LSB because the CPU uses + * that as a flag for whether it's operating in ARM or Thumb mode + * (1 for Thumb); the instructions are always 2-byte aligned. + */ + if ((regs->hw.pc & 0xfffffffe) != __syscall_entry_point) { + arch_syscall_set_rval(regs, -EACCES); + return; + } +# endif + if (sc_num > NSYSCALLS) { arch_syscall_set_rval(regs, -ENOSYS); return; diff --git a/arch/at91sam3x8e/syscall.S b/arch/at91sam3x8e/syscall.S index b22b597..10e552d 100644 --- a/arch/at91sam3x8e/syscall.S +++ b/arch/at91sam3x8e/syscall.S @@ -32,6 +32,8 @@ func_begin syscall ldr r4, [sp, #16] /* arg5 */ ldr r5, [sp, #20] /* arg6 */ +.global __syscall_entry_point +__syscall_entry_point: svc #0 pop {r4-r5,r7} diff --git a/include/config.h.in b/include/config.h.in index 36afac0..b07b93f 100644 --- a/include/config.h.in +++ b/include/config.h.in @@ -13,6 +13,7 @@ #define ARDIX_VERSION_STR "@ardix_VERSION@@ardix_VERSION_SUFFIX@" #cmakedefine DEBUG +#cmakedefine CONFIG_CHECK_SYSCALL_SOURCE #define ARCH "@ARCH@" #define ARCH_@ARCH_UPPERCASE@ diff --git a/options.cmake b/options.cmake index ff2e16d..119b43b 100644 --- a/options.cmake +++ b/options.cmake @@ -25,6 +25,8 @@ set(CONFIG_SERIAL_BUFSZ 256 CACHE STRING "Default serial buffer size in bytes") set(CONFIG_PRINTF_BUFSZ 64 CACHE STRING "Default buffer size for printf() and friends") +option(CONFIG_CHECK_SYSCALL_SOURCE "Prohibit inline syscalls" OFF) + # This file is part of Ardix. # Copyright (c) 2021 Felix Kopp . #