[CRIU] [PATCH] arm: don't use the register R12 in the routine syscall_common()

[Alexander Kartashov]

The register R12 has a special meaning when syscalls are hooked
with ptrace() in ARM that results in a dumpee context corruption
on an injected blob unmap. Note that this patch doesn't solve
the problem entirely since the compiler may corrupt the register
before issuing a call to the routine sys_munmap(); however
we assume that a sufficiently decent compiler doesn't.

Signed-off-by: Alexander Kartashov <alekskartashov at parallels.com>
Tested-by: Andrew Vagin <avagin at parallels.com>
---
 arch/arm/syscall-common.S |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/arch/arm/syscall-common.S b/arch/arm/syscall-common.S
index 09f8a27..c3cbf71 100644
--- a/arch/arm/syscall-common.S
+++ b/arch/arm/syscall-common.S
@@ -1,12 +1,18 @@
 #include "asm/linkage.h"
 
+@ We use the register R8 unlike libc that uses R12.
+@ This avoids corruption of the register by the stub
+@ for the syscall sys_munmap() when syscalls are hooked
+@ by ptrace(). However we have to make sure that
+@ the compiler doesn't use the register on the route
+@ between parasite_service() and sys_munmap().
+
 syscall_common:
 	ldr	%r7, [%r7]
-	add	%ip, %sp, #16
-	ldm	%ip, {%r4, %r5, %r6}
+	add	%r8, %sp, #24
+	ldm	%r8, {%r4, %r5, %r6}
 	svc	0x00000000
-	pop	{%r4, %r5, %r6, %r7}
-	bx	%lr
+	pop	{%r4, %r5, %r6, %r7, %r8, %pc}
 
 
 .macro syscall name, nr
@@ -14,7 +20,7 @@ syscall_common:
 		.long \nr
 
 	ENTRY(\name)
-		push	{%r4, %r5, %r6, %r7}
+		push	{%r4, %r5, %r6, %r7, %r8, %lr}
 		adr		%r7, .nr_\name
 		b		syscall_common
 	END(\name)
-- 
1.7.9.5