Fix syscall number bounds check computations.

Unbreak; looks like a not up-to-date diff was commited )-:

remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point

remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards. This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go". "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

show more ...

__syscall() is no longer neccessary since the system calls which needed
it are now unpadded
ok kettenis guenther

we spent far too long debugging a weird go library problem (incorrect
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "

we spent far too long debugging a weird go library problem (incorrect
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "(via syscall)"
and such.
ok guenther

show more ...

Handle possible PROT_EXEC fault if PROT_READ fails; needed to cope with
kern_exec.c 1.241

Store mod/ref flags using md pg_flags values rather than a specific field in
vm_page_md, which allows this struct to shrink a bit.

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or l

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

show more ...

We only have one syscall table: inline sysent/SYS_MAXSYSCALL and
SYS_syscall as the nosys() function into the MD syscall entry
routines and the SYSCALL_DEBUG support. Adjust alpha's syscall
check to

We only have one syscall table: inline sysent/SYS_MAXSYSCALL and
SYS_syscall as the nosys() function into the MD syscall entry
routines and the SYSCALL_DEBUG support. Adjust alpha's syscall
check to match the other archs. Also, make sysent const to get it
into .rodata.

With that, 'struct emul' is unused: delete it and all its references

ok millert@

show more ...

spelling

The condition around uvm_grow() can be simplified, as the error result
adjustment is effectively a dead store
ok kettenis

uvm_grow() now does the vm_maxsaddr check (before locking), so callers don't
need to do it
ok kettenis

use access_type as the PROT_* variable for uvm_fault() consistantly
ok kettenis

landisk has legacy global variable want_resched, rather than post-MP
ci->ci_want_resched. convert to the modern style.

Only perform uvm_map_inentry() checks for PROC_SP for userland pagefaults.
This should be sufficient for identifying pivoted ROP. Doing so for other
traps is at best opportunistic for finding a stra

Only perform uvm_map_inentry() checks for PROC_SP for userland pagefaults.
This should be sufficient for identifying pivoted ROP. Doing so for other
traps is at best opportunistic for finding a straight-running ROP chain,
but the added (and rare) sleeping point has proven to be dangerous.
Discussed at length with kettenis and mortimer.
ok mortimer kettenis mpi

show more ...

On sh architecture, general_exception() handles regular traps as well as
syscalls. The MI syscall code will perform uvm_map_inentry() against
PROC_STACK. So avoid doing it twice.

Ensure the SH_(TRA)) register is read before a potential sleep in trap()
for same reasons as as recent bug diagnosed in amd64, i386, hppa, powerpc64...

If uvm_map_inentry returns false then a signal has been delivered, and
userret() must be called on trap() exit to deliver it, rather than
repeating the same cause infinitely. discovered by George Ko

If uvm_map_inentry returns false then a signal has been delivered, and
userret() must be called on trap() exit to deliver it, rather than
repeating the same cause infinitely. discovered by George Koehler
ok kettenis bluhm visa

show more ...

I wrote the pc-page-writeable and sp-not-MAP_STACK code to be shared, and
then ran into the messaging being poor. Then I fixed the messages. But
there are two sub-cases of sp-not-MAP_STACK -- one at

I wrote the pc-page-writeable and sp-not-MAP_STACK code to be shared, and
then ran into the messaging being poor. Then I fixed the messages. But
there are two sub-cases of sp-not-MAP_STACK -- one at syscall time, and
another at regular userland trap (on some architectures), and I bungled
that messaging. Correct that now, while I look for yet another better way...
discovered by millert, who ran an pre-MAP_STACK binary.

show more ...

landisk/sh didn't have the code for checking if sp is on MAP_STACK
memory, so let's add that where it seems to work
gap noticed by miod

p_comm is the process's command and isn't per thread, so move it from
struct proc to struct process.

ok deraadt@ kettenis@

Various printf claim to report the PID, so actually report that and not the TID

Build testing assistance from deraadt@

Rename kdb_trap() into db_ktrap().

The goal is to include it in the list of functions that must not be
instrumented. All ddb(8) functions should be in this list and have
their names start with 'db_

Rename kdb_trap() into db_ktrap().

The goal is to include it in the list of functions that must not be
instrumented. All ddb(8) functions should be in this list and have
their names start with 'db_'.

ok visa@, deraadt@

show more ...

Fix error value in ktrace syscall records. ok deraadt@ dlg@ guenther@

No need to check for va < USRSTACK before invoking uvm_grow() on behalf of
a userland map.