From owner-svn-src-stable@freebsd.org  Sat Jan  9 18:32:54 2016
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D65EA6869C;
 Sat,  9 Jan 2016 18:32:54 +0000 (UTC)
 (envelope-from dchagin@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F23CC1858;
 Sat,  9 Jan 2016 18:32:53 +0000 (UTC)
 (envelope-from dchagin@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u09IWrqv081364;
 Sat, 9 Jan 2016 18:32:53 GMT (envelope-from dchagin@FreeBSD.org)
Received: (from dchagin@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u09IWqt8081361;
 Sat, 9 Jan 2016 18:32:52 GMT (envelope-from dchagin@FreeBSD.org)
Message-Id: <201601091832.u09IWqt8081361@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: dchagin set sender to
 dchagin@FreeBSD.org using -f
From: Dmitry Chagin <dchagin@FreeBSD.org>
Date: Sat, 9 Jan 2016 18:32:52 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r293609 - in stable/10/sys: amd64/linux amd64/linux32
 i386/linux
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jan 2016 18:32:54 -0000

Author: dchagin
Date: Sat Jan  9 18:32:52 2016
New Revision: 293609
URL: https://svnweb.freebsd.org/changeset/base/293609

Log:
  MFC r289055 (by mjg@):
  
   linux: fix handling of out-of-bounds syscall attempts
  
   Due to an off by one the code would read an entry past the table, as
   opposed to the last entry which contains the nosys handler.
  
   This fixes my fault.
  
  MFC r289058 (by cem@):
  
   Fix missing semi-colon from r289055.
  
  MFC r289768 (by jhb@):
  
   Merge r289055 to amd64/linux32:
  
   linux: fix handling of out-of-bounds syscall attempts
  
   Due to an off by one the code would read an entry past the table, as
   opposed to the last entry which contains the nosys handler.

Modified:
  stable/10/sys/amd64/linux/linux_sysvec.c
  stable/10/sys/amd64/linux32/linux32_sysvec.c
  stable/10/sys/i386/linux/linux_sysvec.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/amd64/linux/linux_sysvec.c
==============================================================================
--- stable/10/sys/amd64/linux/linux_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/amd64/linux/linux_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -234,7 +234,7 @@ linux_fetch_syscall_args(struct thread *
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;

Modified: stable/10/sys/amd64/linux32/linux32_sysvec.c
==============================================================================
--- stable/10/sys/amd64/linux32/linux32_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/amd64/linux32/linux32_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -741,7 +741,7 @@ linux32_fetch_syscall_args(struct thread
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;

Modified: stable/10/sys/i386/linux/linux_sysvec.c
==============================================================================
--- stable/10/sys/i386/linux/linux_sysvec.c	Sat Jan  9 18:28:15 2016	(r293608)
+++ stable/10/sys/i386/linux/linux_sysvec.c	Sat Jan  9 18:32:52 2016	(r293609)
@@ -866,7 +866,7 @@ linux_fetch_syscall_args(struct thread *
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
  	else
  		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;