Fix stack corruptions on amd64.

Vararg functions have a different calling convention than regular functions on amd64. Casting a varag function to a regular one to match the function pointer declaration will hide the varargs from the caller and we will end up with an incorrectly setup stack. Entirely remove the varargs from these functions and change the functions to match the declaration of the function pointers. Remove the now unnecessary casts. Lots of explanations and help from: peter Reviewed by: peter PR: amd64/89261 MFC after: 6 days
2026-05-28 04:12:45 -04:00 · 2006-01-21 10:44:34 +00:00 · 2006-01-21 10:44:34 +00:00 · 3f2e28fe9f
commit 3f2e28fe9f
parent 25227ab8c5
7 changed files with 13 additions and 59 deletions
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@ -123,7 +123,7 @@ static const struct protosw in_gre_protosw = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_GRE,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		(pr_input_t *)gre_input,
+	.pr_input =		gre_input,
 	.pr_output =		(pr_output_t *)rip_output,
 	.pr_ctlinput =		rip_ctlinput,
 	.pr_ctloutput =		rip_ctloutput,
@ -134,7 +134,7 @@ static const struct protosw in_mobile_protosw = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_MOBILE,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		(pr_input_t *)gre_mobile_input,
+	.pr_input =		gre_mobile_input,
 	.pr_output =		(pr_output_t *)rip_output,
 	.pr_ctlinput =		rip_ctlinput,
 	.pr_ctloutput =		rip_ctloutput,
--- a/sys/netinet/ip_gre.c
+++ b/sys/netinet/ip_gre.c
@ -104,20 +104,10 @@ static int	gre_input2(struct mbuf *, int, u_char);
 * This really is simple
 */
 void
-#if __STDC__
-gre_input(struct mbuf *m, ...)
-#else
-gre_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+gre_input(struct mbuf *m, int off)
 {
-	int off, ret, proto;
-	va_list ap;
+	int ret, proto;

-	va_start(ap, m);
-	off = va_arg(ap, int);
-	va_end(ap);
 	proto = (mtod(m, struct ip *))->ip_p;

 	ret = gre_input2(m, off, proto);
@ -236,25 +226,13 @@ gre_input2(struct mbuf *m ,int hlen, u_char proto)
 */

 void
-#if __STDC__
-gre_mobile_input(struct mbuf *m, ...)
-#else
-gre_mobile_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+gre_mobile_input(struct mbuf *m, int hlen)
 {
 	struct ip *ip;
 	struct mobip_h *mip;
 	struct gre_softc *sc;
-	int hlen;
-	va_list ap;
 	int msiz;

-	va_start(ap, m);
-	hlen = va_arg(ap, int);
-	va_end(ap);
-
 	if ((sc = gre_lookup(m, IPPROTO_MOBILE)) == NULL) {
 		/* No matching tunnel or tunnel is down. */
 		m_freem(m);
--- a/sys/netinet/ip_gre.h
+++ b/sys/netinet/ip_gre.h
@ -38,6 +38,6 @@
 */

 #ifdef _KERNEL
-void gre_input(struct mbuf *, ...);
-void gre_mobile_input(struct mbuf *, ...);
+void gre_input(struct mbuf *, int);
+void gre_mobile_input(struct mbuf *, int);
 #endif /* _KERNEL */
--- a/sys/netipsec/keysock.c
+++ b/sys/netipsec/keysock.c
@ -77,23 +77,11 @@ struct pfkeystat pfkeystat;
 * key_output()
 */
 int
-#if __STDC__
-key_output(struct mbuf *m, ...)
-#else
-key_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+key_output(struct mbuf *m, struct socket *so)
 {
 	struct sadb_msg *msg;
 	int len, error = 0;
 	int s;
-	struct socket *so;
-	va_list ap;
-
-	va_start(ap, m);
-	so = va_arg(ap, struct socket *);
-	va_end(ap);

 	if (m == 0)
 		panic("%s: NULL pointer was passed.\n", __func__);
@ -590,7 +578,7 @@ struct protosw keysw[] = {
 	.pr_domain =		&keydomain,
 	.pr_protocol =		PF_KEY_V2,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_output =		(pr_output_t *)key_output,
+	.pr_output =		key_output,
 	.pr_ctlinput =		raw_ctlinput,
 	.pr_init =		raw_init,
 	.pr_usrreqs =		&key_usrreqs
--- a/sys/netipsec/keysock.h
+++ b/sys/netipsec/keysock.h
@ -71,7 +71,7 @@ struct keycb {

 extern struct pfkeystat pfkeystat;

-extern int key_output __P((struct mbuf *, ...));
+extern int key_output(struct mbuf *m, struct socket *so);
 extern int key_usrreq __P((struct socket *,
 	int, struct mbuf *, struct mbuf *, struct mbuf *));

--- a/sys/netkey/keysock.c
+++ b/sys/netkey/keysock.c
@ -75,23 +75,11 @@ struct pfkeystat pfkeystat;
 * key_output()
 */
 int
-#if __STDC__
-key_output(struct mbuf *m, ...)
-#else
-key_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+key_output(struct mbuf *m, struct socket *so)
 {
 	struct sadb_msg *msg;
 	int len, error = 0;
 	int s;
-	struct socket *so;
-	va_list ap;
-
-	va_start(ap, m);
-	so = va_arg(ap, struct socket *);
-	va_end(ap);

 	if (m == 0)
 		panic("key_output: NULL pointer was passed.");
@ -500,7 +488,7 @@ struct protosw keysw[] = {
 	.pr_domain =		&keydomain,
 	.pr_protocol =		PF_KEY_V2,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_output =		(pr_output_t *)key_output,
+	.pr_output =		key_output,
 	.pr_ctlinput =		raw_ctlinput,
 	.pr_init =		raw_init,
 	.pr_usrreqs =		&key_usrreqs
--- a/sys/netkey/keysock.h
+++ b/sys/netkey/keysock.h
@ -71,7 +71,7 @@ struct keycb {

 extern struct pfkeystat pfkeystat;

-extern int key_output(struct mbuf *, ...);
+extern int key_output(struct mbuf *m, struct socket *so);
 extern int key_usrreq(struct socket *,
 	int, struct mbuf *, struct mbuf *, struct mbuf *);