linux_sigreturn() loads the struct trapframe from l_sigcontext

members, thus making a signed extension of 32 bit register context. If the register is not touched in usermode between return from signal and next syscall entry, the sign-extension part of 64bit register is not cleared, causing linux32_fetch_syscall_args() to read wrong values. Use unsigned type for the registers in the linux sigcontext. Reported by: Jacob Frelinger <jacob.frelinger duke edu>, arundel In collaboration with: dchagin MFC after: 1 week
2026-05-28 04:12:45 -04:00 · 2011-01-27 21:45:38 +00:00 · 2011-01-27 21:45:38 +00:00 · 77185f473b
commit 77185f473b
parent ddc850164c
1 changed files with 22 additions and 22 deletions
--- a/sys/amd64/linux32/linux.h
+++ b/sys/amd64/linux32/linux.h
@ -370,28 +370,28 @@ typedef struct {

 /* The Linux sigcontext, pretty much a standard 386 trapframe. */
 struct l_sigcontext {
-	l_int		sc_gs;
-	l_int		sc_fs;
-	l_int		sc_es;
-	l_int		sc_ds;
-	l_int		sc_edi;
-	l_int		sc_esi;
-	l_int		sc_ebp;
-	l_int		sc_esp;
-	l_int		sc_ebx;
-	l_int		sc_edx;
-	l_int		sc_ecx;
-	l_int		sc_eax;
-	l_int		sc_trapno;
-	l_int		sc_err;
-	l_int		sc_eip;
-	l_int		sc_cs;
-	l_int		sc_eflags;
-	l_int		sc_esp_at_signal;
-	l_int		sc_ss;
-	l_int		sc_387;
-	l_int		sc_mask;
-	l_int		sc_cr2;
+	l_uint		sc_gs;
+	l_uint		sc_fs;
+	l_uint		sc_es;
+	l_uint		sc_ds;
+	l_uint		sc_edi;
+	l_uint		sc_esi;
+	l_uint		sc_ebp;
+	l_uint		sc_esp;
+	l_uint		sc_ebx;
+	l_uint		sc_edx;
+	l_uint		sc_ecx;
+	l_uint		sc_eax;
+	l_uint		sc_trapno;
+	l_uint		sc_err;
+	l_uint		sc_eip;
+	l_uint		sc_cs;
+	l_uint		sc_eflags;
+	l_uint		sc_esp_at_signal;
+	l_uint		sc_ss;
+	l_uint		sc_387;
+	l_uint		sc_mask;
+	l_uint		sc_cr2;
 } __packed;

 struct l_ucontext {