From 09351368a8db277a391d0307d576b6b7b40c588b Mon Sep 17 00:00:00 2001
From: Derek Bruening <bruening@google.com>
Date: Tue, 2 May 2017 00:34:17 -0400
Subject: [PATCH] i#2350 rseq: fix syscall handling bug (#2402)

Fixes a bug in handling the rseq system call where the parameter numbers
were mismatched.  Includes additional native_exec logging that was useful
in diagnosing the bug.
---
 core/native_exec.c | 6 +++++-
 core/unix/os.c     | 7 ++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/core/native_exec.c b/core/native_exec.c
index 6bd776f8332..52c889c411e 100644
--- a/core/native_exec.c
+++ b/core/native_exec.c
@@ -275,6 +275,8 @@ prepare_return_from_native_via_stack(dcontext_t *dcontext, app_pc *app_sp)
     dcontext->native_retstack[i].retaddr = *app_sp;
     dcontext->native_retstack[i].retloc = (app_pc) app_sp;
     dcontext->native_retstack_cur = i + 1;
+    LOG(THREAD, LOG_ASYNCH, 2,
+        "%s: app ra="PFX", sp="PFX", level=%d\n", *app_sp, app_sp, i);
     /* i#978: We use a different return stub for every nested call to native
      * code.  Each stub pushes a different index into the retstack.  We could
      * use the SP at return time to try to find the app's return address, but
@@ -466,7 +468,9 @@ put_back_native_retaddrs(dcontext_t *dcontext)
     for (i = 0; i < dcontext->native_retstack_cur; i++) {
         app_pc *retloc = (app_pc *) retstack[i].retloc;
         ASSERT(*retloc >= retstub_start && *retloc < retstub_end);
-        *retloc = retstack[i].retaddr;
+        LOG(THREAD, LOG_ASYNCH, 2, "%s: writing "PFX" over "PFX" @"PFX"\n",
+            __FUNCTION__, retstack[i].retaddr, *retloc, retloc);
+         *retloc = retstack[i].retaddr;
     }
     dcontext->native_retstack_cur = 0;
 #ifdef HOT_PATCHING_INTERFACE
diff --git a/core/unix/os.c b/core/unix/os.c
index e434d0dcc4f..05cdc29dc32 100644
--- a/core/unix/os.c
+++ b/core/unix/os.c
@@ -10208,6 +10208,7 @@ handle_restartable_region_syscall_pre(dcontext_t *dcontext)
     /* We do the work in post */
     dcontext->sys_param0 = sys_param(dcontext, 0);
     dcontext->sys_param1 = sys_param(dcontext, 1);
+    dcontext->sys_param2 = sys_param(dcontext, 2);
     return true;
 }
 
@@ -10223,10 +10224,10 @@ handle_restartable_region_syscall_post(dcontext_t *dcontext, bool success)
         dcontext->sys_num != DYNAMO_OPTION(rseq_sysnum) ||
         !success)
         return;
-    op = (int) sys_param(dcontext, 0);
+    op = (int) dcontext->sys_param0;
     if (op == RSEQ_SET_CRITICAL) {
-        app_pc start = (app_pc) dcontext->sys_param0;
-        app_pc end = (app_pc) dcontext->sys_param1;
+        app_pc start = (app_pc) dcontext->sys_param1;
+        app_pc end = (app_pc) dcontext->sys_param2;
         LOG(THREAD, LOG_VMAREAS|LOG_SYSCALLS, 2,
             "syscall: set rseq region to " PFX"-" PFX"\n", start, end);
         /* An unlink flush should be good enough: we simply don't support