From ca4f815cfc673d00834b48535b9903aae3ac3961 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Thu, 7 Aug 2014 19:55:25 +0200
Subject: pc64: fix wrong Ureg* argument on note handler (thanks _sl!)

_sl reported crash:

stats 593: suicide: sys: trap: fault write addr=0xffffffff8258d1b0 pc=0x204cc7

; acid 593
/proc/593/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: lstk()
notejmp(ret=0x1,j=0x40ac90)+0x13 /sys/src/libc/amd64/notejmp.c:10
alarmed(a=0xffffffff8258d1b0,s=0x7ffffeffea58)+0x3f /sys/src/cmd/stats.c:718
notifier+0x3e /sys/src/libc/port/atnotify.c:15
acid:

note how a in alarmed is a kernel address!

the first Ureg* argument is passed to the note handler in the
RARG (BX) register, which was not loaded when returning to
userspace from syscall() thru forkret(). fix by returning thru
noteret() from syscall().
---
 sys/src/9/pc64/trap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/src/9/pc64/trap.c b/sys/src/9/pc64/trap.c
index a88f41b93..71374b418 100644
--- a/sys/src/9/pc64/trap.c
+++ b/sys/src/9/pc64/trap.c
@@ -769,6 +769,7 @@ syscall(Ureg* ureg)
 	if(scallnr!=RFORK && (up->procctl || up->nnote)){
 		splhi();
 		notify(ureg);
+		((void**)&ureg)[-1] = (void*)noteret;	/* loads RARG */
 	}
 	/* if we delayed sched because we held a lock, sched now */
 	if(up->delaysched)
-- 
cgit v1.2.3