Calling SVC is not safe.
Opened this issue · 2 comments
173210 commented
We have SVC function in C with attribute((naked)) and inline assembly.
int __attribute__((naked))
arm11_kernel_exploit_exec (int (*func)(void))
{
__asm__ ("svc 8\t\n" // CreateThread syscall, corrupted, args not needed
"bx lr\t\n");
}
int __attribute__((naked))
arm11_kernel_execute(int (*func)(void))
{
__asm__ ("svc #0x7B\t\n"
"bx lr\t\n");
}
But they are not safe because they can be inlined.
If inlined, the arguments will be completely ignored!
We don't have so many calls, so I suggest we remove those functions and write directly.
For example:
__asm__("ldr a0, =%0\n"
"svc #8\n",
: "I"(arm11_kernel_exploit_exec));
gudenau commented
Or use volatile, that will make it assembly as-is.
173210 commented
The problem is not asm.
Those functions are not inline-expanded because they don't have static suffix. But once they get inline-expanded, arguments will be completely ignored.
int __attribute__((naked))
arm11_kernel_execute(int (*func)(void)) // <- This is the problem.