arm: syscalls: fix some register issues

Upon return from a syscall handlers, the r1, r2, and r3 registers
could contain random kernel data that should not be leaked to user
mode. Zero these out before returning from _arm_do_syscall().
Fixes #7753.

The invocation macros need a clobber if r1, r2, or r3 are not used
to carry syscall arguments. This is a partial fix for #7754 but
there appear to be other issues.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

arch/arm/core/userspace.S

@@ -177,6 +177,14 @@ dispatch_syscall:
      */
     isb
 
+    /* Zero out volatile (caller-saved) registers so as to not leak state from
+     * kernel mode. The C calling convention for the syscall handler will
+     * restore the others to original values.
+     */
+    mov r1, #0
+    mov r2, #0
+    mov r3, #0
+
     /*
      * return back to original function that called SVC, add 1 to force thumb
      * mode

include/arch/arm/arch.h

@@ -425,7 +425,7 @@ static inline u32_t _arch_syscall_invoke3(u32_t arg1, u32_t arg2, u32_t arg3,
 			 : "=r"(ret)
 			 : [svid] "i" (_SVC_CALL_SYSTEM_CALL),
 			   "r" (ret), "r" (r1), "r" (r2), "r" (r6)
-			 : "r7", "memory");
+			 : "r7", "memory", "r3");
 
 	return ret;
 }
@@ -440,7 +440,7 @@ static inline u32_t _arch_syscall_invoke2(u32_t arg1, u32_t arg2, u32_t call_id)
 			 : "=r"(ret)
 			 : [svid] "i" (_SVC_CALL_SYSTEM_CALL),
 			   "r" (ret), "r" (r1), "r" (r6)
-			 : "r7", "memory");
+			 : "r7", "memory", "r2", "r3");
 
 	return ret;
 }
@@ -454,7 +454,7 @@ static inline u32_t _arch_syscall_invoke1(u32_t arg1, u32_t call_id)
 			 : "=r"(ret)
 			 : [svid] "i" (_SVC_CALL_SYSTEM_CALL),
 			   "r" (ret), "r" (r6)
-			 : "r7", "memory");
+			 : "r7", "memory", "r1", "r2", "r3");
 	return ret;
 }
 
@@ -467,7 +467,7 @@ static inline u32_t _arch_syscall_invoke0(u32_t call_id)
 			 : "=r"(ret)
 			 : [svid] "i" (_SVC_CALL_SYSTEM_CALL),
 			   "r" (ret), "r" (r6)
-			 : "r7", "memory");
+			 : "r7", "memory", "r1", "r2", "r3");
 
 	return ret;
 }