Retguard addition in commit 72pYktDvmJhq7OyF was based on the understanding

that the removal of the off_t padding, amd64 syscalls no longer passed a 7th
or later argument.  We overlooked that syscall(2) bumps the arg count by one,
so six argument calls like SYS_sysctl still pass an argument on the stack.

So, repush the 7th argument so it's at the expected stack offset after the
retguard register is pushed.

problem reported and ok bluhm@

diff --git a/lib/libc/arch/amd64/sys/syscall.S b/lib/libc/arch/amd64/sys/syscall.S
index 6568ecc..99d502e 100644 (file)
--- a/lib/libc/arch/amd64/sys/syscall.S
+++ b/lib/libc/arch/amd64/sys/syscall.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: syscall.S,v 1.8 2016/05/07 19:05:21 guenther Exp $    */
+/*     $OpenBSD: syscall.S,v 1.9 2023/05/11 19:35:50 guenther Exp $    */
 /*     $NetBSD: syscall.S,v 1.2 2002/06/03 18:30:33 fvdl Exp $ */
 
 /*-
@@ -39,4 +39,18 @@
 
 #include "SYS.h"
 
-RSYSCALL(syscall)
+SYSENTRY(syscall)
+       RETGUARD_SETUP(_thread_sys_syscall, r11)
+#ifdef _RET_PROTECTOR
+       pushq   8(%rsp)         /* repush 6th argument */
+#endif
+       RETGUARD_PUSH(r11)
+       SYSTRAP(syscall)
+       HANDLE_ERRNO;
+       RETGUARD_POP(r11)
+#ifdef _RET_PROTECTOR
+       addq    $8,%rsp         /* repush 6th argument */
+#endif
+       RETGUARD_CHECK(_thread_sys_syscall, r11)
+       ret
+SYSCALL_END(syscall)