>Number:         11088
>Category:       kern
>Synopsis:       __syscall() ignores top half of first arg.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 26 19:00:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Chris Demetriou
>Release:        NetBSD-current as of about 9/26/2000
>Organization:
>Environment:
irrelevant.
>Description:
__syscall() takes a quad_t (64-bit) first argument, which is the
system call number.  However, NetBSD's 32 bit ports do not examine
or use the upper 32 bits of the value.

for instance, you'd expect __syscall(0x100000001LL) to get you
a SIGSYS as an unimplemented system call.  Instead, it gets you exit().
>How-To-Repeat:
read various 32-bit ports/architectures syscall code.  Note
code like:

        code = fuword(params + _QUAD_LOWWORD * sizeof(int));

        code = frame->f_regs[A0 + _QUAD_LOWWORD];

        code = ap[_QUAD_LOWWORD];

        code = *params++;       (where params is register_t pointer)

with no examination or access of the high word of the quad_t
that is __syscall()'s first argument.
>Fix:
pretty easy to fix.  assuming we're not gonna run out of
31 bits of syscall numbers, just check the high word and error out
if it's not zero.

unfortunately I don't have time or systems on which to check any
fixes i might write.

>Release-Note:
>Audit-Trail:
>Unformatted: