Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Jan 2016 18:32:52 +0000 (UTC)
From:      Dmitry Chagin <dchagin@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r293609 - in stable/10/sys: amd64/linux amd64/linux32 i386/linux
Message-ID:  <201601091832.u09IWqt8081361@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: dchagin
Date: Sat Jan  9 18:32:52 2016
New Revision: 293609
URL: https://svnweb.freebsd.org/changeset/base/293609

Log:
  MFC r289055 (by mjg@):
  
   linux: fix handling of out-of-bounds syscall attempts
  
   Due to an off by one the code would read an entry past the table, as
   opposed to the last entry which contains the nosys handler.
  
   This fixes my fault.
  
  MFC r289058 (by cem@):
  
   Fix missing semi-colon from r289055.
  
  MFC r289768 (by jhb@):
  
   Merge r289055 to amd64/linux32:
  
   linux: fix handling of out-of-bounds syscall attempts
  
   Due to an off by one the code would read an entry past the table, as
   opposed to the last entry which contains the nosys handler.

Modified:
  stable/10/sys/amd64/linux/linux_sysvec.c
  stable/10/sys/amd64/linux32/linux32_sysvec.c
  stable/10/sys/i386/linux/linux_sysvec.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/amd64/linux/linux_sysvec.c
==============================================================================
--- stable/10/sys/amd64/linux/linux_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/amd64/linux/linux_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -234,7 +234,7 @@ linux_fetch_syscall_args(struct thread *
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;

Modified: stable/10/sys/amd64/linux32/linux32_sysvec.c
==============================================================================
--- stable/10/sys/amd64/linux32/linux32_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/amd64/linux32/linux32_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -741,7 +741,7 @@ linux32_fetch_syscall_args(struct thread
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;

Modified: stable/10/sys/i386/linux/linux_sysvec.c
==============================================================================
--- stable/10/sys/i386/linux/linux_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/i386/linux/linux_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -866,7 +866,7 @@ linux_fetch_syscall_args(struct thread *
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
  	else
  		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601091832.u09IWqt8081361>