svn commit: r333337 - head/sys/amd64/amd64
Mateusz Guzik
mjg at FreeBSD.org
Mon May 7 21:32:09 UTC 2018
Author: mjg
Date: Mon May 7 21:32:08 2018
New Revision: 333337
URL: https://svnweb.freebsd.org/changeset/base/333337
Log:
amd64: stop asserting params != NULL in the syscall path
The parameter is effectively controllable by userspace. It does not matter
what it is set to as it is being passed to copyin - worst case the operation
will just fail.
While here stop computing it unless it is going to be used.
Noted by: dillon at backplane.com
Modified:
head/sys/amd64/amd64/trap.c
Modified: head/sys/amd64/amd64/trap.c
==============================================================================
--- head/sys/amd64/amd64/trap.c Mon May 7 21:26:05 2018 (r333336)
+++ head/sys/amd64/amd64/trap.c Mon May 7 21:32:08 2018 (r333337)
@@ -886,7 +886,6 @@ cpu_fetch_syscall_args(struct thread *td)
reg = 0;
regcnt = 6;
- params = (caddr_t)frame->tf_rsp + sizeof(register_t);
sa->code = frame->tf_rax;
if (sa->code == SYS_syscall || sa->code == SYS___syscall) {
@@ -910,7 +909,7 @@ cpu_fetch_syscall_args(struct thread *td)
argp += reg;
memcpy(sa->args, argp, sizeof(sa->args[0]) * 6);
if (sa->narg > regcnt) {
- KASSERT(params != NULL, ("copyin args with no params!"));
+ params = (caddr_t)frame->tf_rsp + sizeof(register_t);
error = copyin(params, &sa->args[regcnt],
(sa->narg - regcnt) * sizeof(sa->args[0]));
}
More information about the svn-src-head
mailing list