From cb0f97f9138f4f7988b4d0c35e6906853a074f19 Mon Sep 17 00:00:00 2001
From: miod <miod@openbsd.org>
Date: Wed, 13 Dec 2023 15:57:22 +0000
Subject: [PATCH] Fix syscall number bounds check computations.

---
 sys/arch/alpha/alpha/trap.c            | 4 ++--
 sys/arch/arm/arm/syscall.c             | 4 ++--
 sys/arch/arm64/arm64/syscall.c         | 4 ++--
 sys/arch/hppa/hppa/trap.c              | 4 ++--
 sys/arch/i386/i386/trap.c              | 4 ++--
 sys/arch/m88k/m88k/trap.c              | 6 +++---
 sys/arch/mips64/mips64/trap.c          | 4 ++--
 sys/arch/powerpc/powerpc/trap.c        | 4 ++--
 sys/arch/powerpc64/powerpc64/syscall.c | 4 ++--
 sys/arch/riscv64/riscv64/syscall.c     | 4 ++--
 sys/arch/sh/sh/trap.c                  | 4 ++--
 sys/arch/sparc64/sparc64/trap.c        | 4 ++--
 12 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/sys/arch/alpha/alpha/trap.c b/sys/arch/alpha/alpha/trap.c
index fc697aadf41..c5d57de02ab 100644
--- a/sys/arch/alpha/alpha/trap.c
+++ b/sys/arch/alpha/alpha/trap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: trap.c,v 1.109 2023/12/12 15:30:55 deraadt Exp $ */
+/* $OpenBSD: trap.c,v 1.110 2023/12/13 15:57:22 miod Exp $ */
 /* $NetBSD: trap.c,v 1.52 2000/05/24 16:48:33 thorpej Exp $ */
 
 /*-
@@ -514,7 +514,7 @@ syscall(u_int64_t code, struct trapframe *framep)
 	opc = framep->tf_regs[FRAME_PC] - 4;
 
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	nargs = callp->sy_narg;
diff --git a/sys/arch/arm/arm/syscall.c b/sys/arch/arm/arm/syscall.c
index 3879834e2ea..0252626eeac 100644
--- a/sys/arch/arm/arm/syscall.c
+++ b/sys/arch/arm/arm/syscall.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syscall.c,v 1.27 2023/12/12 15:30:55 deraadt Exp $	*/
+/*	$OpenBSD: syscall.c,v 1.28 2023/12/13 15:57:22 miod Exp $	*/
 /*	$NetBSD: syscall.c,v 1.24 2003/11/14 19:03:17 scw Exp $	*/
 
 /*-
@@ -114,7 +114,7 @@ swi_handler(trapframe_t *frame)
 
 	code = frame->tf_r12;
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	nargs = callp->sy_argsize / sizeof(register_t);
diff --git a/sys/arch/arm64/arm64/syscall.c b/sys/arch/arm64/arm64/syscall.c
index 7a9c1b683ee..675423d1cc2 100644
--- a/sys/arch/arm64/arm64/syscall.c
+++ b/sys/arch/arm64/arm64/syscall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: syscall.c,v 1.16 2023/12/12 23:43:35 deraadt Exp $ */
+/* $OpenBSD: syscall.c,v 1.17 2023/12/13 15:57:22 miod Exp $ */
 /*
  * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
  *
@@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame)
 
 	ap = &frame->tf_x[0];
 
-	if (code < 0 || code >= SYS_MAXSYSCALL)
+	if (code <= 0 || code >= SYS_MAXSYSCALL)
 		goto bad;
 
 	callp = sysent + code;
diff --git a/sys/arch/hppa/hppa/trap.c b/sys/arch/hppa/hppa/trap.c
index 09af95b8da2..f6ec775743d 100644
--- a/sys/arch/hppa/hppa/trap.c
+++ b/sys/arch/hppa/hppa/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.163 2023/12/13 11:20:18 miod Exp $	*/
+/*	$OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $	*/
 
 /*
  * Copyright (c) 1998-2004 Michael Shalayeff
@@ -786,7 +786,7 @@ syscall(struct trapframe *frame)
 	args[3] = frame->tf_arg3;
 
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	if ((argsize = callp->sy_argsize)) {
diff --git a/sys/arch/i386/i386/trap.c b/sys/arch/i386/i386/trap.c
index 69860df9030..73634e238ab 100644
--- a/sys/arch/i386/i386/trap.c
+++ b/sys/arch/i386/i386/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.163 2023/12/12 15:30:55 deraadt Exp $	*/
+/*	$OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $	*/
 /*	$NetBSD: trap.c,v 1.95 1996/05/05 06:50:02 mycroft Exp $	*/
 
 /*-
@@ -544,7 +544,7 @@ syscall(struct trapframe *frame)
 
 	code = frame->tf_eax;
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	argsize = callp->sy_argsize;
diff --git a/sys/arch/m88k/m88k/trap.c b/sys/arch/m88k/m88k/trap.c
index fc37bc4b363..7e0501c55de 100644
--- a/sys/arch/m88k/m88k/trap.c
+++ b/sys/arch/m88k/m88k/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.129 2023/12/12 15:30:56 deraadt Exp $	*/
+/*	$OpenBSD: trap.c,v 1.130 2023/12/13 15:57:22 miod Exp $	*/
 /*
  * Copyright (c) 2004, Miodrag Vallat.
  * Copyright (c) 1998 Steve Murphree, Jr.
@@ -1173,7 +1173,7 @@ m88100_syscall(register_t code, struct trapframe *tf)
 	nap = 8; /* r2-r9 */
 
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	i = callp->sy_argsize / sizeof(register_t);
@@ -1276,7 +1276,7 @@ m88110_syscall(register_t code, struct trapframe *tf)
 	nap = 8;	/* r2-r9 */
 
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	i = callp->sy_argsize / sizeof(register_t);
diff --git a/sys/arch/mips64/mips64/trap.c b/sys/arch/mips64/mips64/trap.c
index 5169bfea123..5fa9c7ef830 100644
--- a/sys/arch/mips64/mips64/trap.c
+++ b/sys/arch/mips64/mips64/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.169 2023/12/13 02:31:15 deraadt Exp $	*/
+/*	$OpenBSD: trap.c,v 1.170 2023/12/13 15:57:22 miod Exp $	*/
 
 /*
  * Copyright (c) 1988 University of Utah.
@@ -425,7 +425,7 @@ fault_common_no_miss:
 		code = locr0->v0;
 
 		// XXX out of range stays on syscall0, which we assume is enosys
-		if (code >= 0 || code <= SYS_MAXSYSCALL)
+		if (code > 0 && code < SYS_MAXSYSCALL)
 			callp += code;
 
 		numarg = callp->sy_narg;
diff --git a/sys/arch/powerpc/powerpc/trap.c b/sys/arch/powerpc/powerpc/trap.c
index bd20eb437b2..80931f9b0ff 100644
--- a/sys/arch/powerpc/powerpc/trap.c
+++ b/sys/arch/powerpc/powerpc/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.132 2023/12/12 15:30:56 deraadt Exp $	*/
+/*	$OpenBSD: trap.c,v 1.133 2023/12/13 15:57:22 miod Exp $	*/
 /*	$NetBSD: trap.c,v 1.3 1996/10/13 03:31:37 christos Exp $	*/
 
 /*
@@ -364,7 +364,7 @@ trap(struct trapframe *frame)
 
 		code = frame->fixreg[0];
 	        // XXX out of range stays on syscall0, which we assume is enosys
-	        if (code >= 0 || code <= SYS_MAXSYSCALL)
+	        if (code > 0 && code < SYS_MAXSYSCALL)
 	                callp += code;
 
 		argsize = callp->sy_argsize;
diff --git a/sys/arch/powerpc64/powerpc64/syscall.c b/sys/arch/powerpc64/powerpc64/syscall.c
index d2527458940..3d60de8616a 100644
--- a/sys/arch/powerpc64/powerpc64/syscall.c
+++ b/sys/arch/powerpc64/powerpc64/syscall.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syscall.c,v 1.12 2023/12/12 15:30:56 deraadt Exp $	*/
+/*	$OpenBSD: syscall.c,v 1.13 2023/12/13 15:57:22 miod Exp $	*/
 
 /*
  * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
@@ -39,7 +39,7 @@ syscall(struct trapframe *frame)
 
 	code = frame->fixreg[0];
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	nargs = callp->sy_argsize / sizeof(register_t);
diff --git a/sys/arch/riscv64/riscv64/syscall.c b/sys/arch/riscv64/riscv64/syscall.c
index ed5e534d7e0..2c02730664d 100644
--- a/sys/arch/riscv64/riscv64/syscall.c
+++ b/sys/arch/riscv64/riscv64/syscall.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syscall.c,v 1.17 2023/12/12 15:30:56 deraadt Exp $	*/
+/*	$OpenBSD: syscall.c,v 1.18 2023/12/13 15:57:22 miod Exp $	*/
 
 /*
  * Copyright (c) 2020 Brian Bamsch <bbamsch@google.com>
@@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame)
 	code = frame->tf_t[0];
 
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	nargs = callp->sy_argsize / sizeof(register_t);
diff --git a/sys/arch/sh/sh/trap.c b/sys/arch/sh/sh/trap.c
index 436a952825b..214dfd9a7da 100644
--- a/sys/arch/sh/sh/trap.c
+++ b/sys/arch/sh/sh/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.56 2023/12/13 12:41:31 miod Exp $	*/
+/*	$OpenBSD: trap.c,v 1.57 2023/12/13 15:57:22 miod Exp $	*/
 /*	$NetBSD: exception.c,v 1.32 2006/09/04 23:57:52 uwe Exp $	*/
 /*	$NetBSD: syscall.c,v 1.6 2006/03/07 07:21:50 thorpej Exp $	*/
 
@@ -527,7 +527,7 @@ syscall(struct proc *p, struct trapframe *tf)
 
 	code = tf->tf_r0;
 	// XXX out of range stays on syscall0, which we assume is enosys
-	if (code >= 0 || code <= SYS_MAXSYSCALL)
+	if (code > 0 && code < SYS_MAXSYSCALL)
 		callp += code;
 
 	argsize = callp->sy_argsize;
diff --git a/sys/arch/sparc64/sparc64/trap.c b/sys/arch/sparc64/sparc64/trap.c
index cfaa0b4d266..deb4c527191 100644
--- a/sys/arch/sparc64/sparc64/trap.c
+++ b/sys/arch/sparc64/sparc64/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.117 2023/12/12 23:43:35 deraadt Exp $	*/
+/*	$OpenBSD: trap.c,v 1.118 2023/12/13 15:57:22 miod Exp $	*/
 /*	$NetBSD: trap.c,v 1.73 2001/08/09 01:03:01 eeh Exp $ */
 
 /*
@@ -1138,7 +1138,7 @@ syscall(struct trapframe *tf, register_t code, register_t pc)
 	ap = &tf->tf_out[0];
 	nap = 6;
 
-	if (code < 0 || code >= SYS_MAXSYSCALL)
+	if (code <= 0 || code >= SYS_MAXSYSCALL)
 		goto bad;
 	callp = sysent + code;
 	i = callp->sy_narg; /* Why divide? */
-- 
2.20.1