> It's questionable extention to have 9,10,11th arguments in registers
> (no NetBSD syscall has them, and syscall() in various ports assumes
> args[8]).  If ever, such values on user stack should be accessed by
> copyin() in an appropriate way.  It seems not a good practice to load
> values blindly from sp(32),sp(36),sp(40) for any system calls all the
> time.

Seconded. If the kernel does any unprotected access to user space,
then it can in principle be exploited to construct a DoS attack.

Programs that execute garbage or go into infinite recursions can
create situations where the top of the stack is in SEGV-land. If
you are debugging the program in question, the debugger has to
detect this and do something more sensible than "Cannot read memory
at 0xdeadbeef" followed by a longjmp() back up to the command parser.

Todd Whitesel
toddpw @ best.com