MFC r289055 (by mjg@):

 linux: fix handling of out-of-bounds syscall attempts

 Due to an off by one the code would read an entry past the table, as
 opposed to the last entry which contains the nosys handler.

 This fixes my fault.

MFC r289058 (by cem@):

 Fix missing semi-colon from r289055.

MFC r289768 (by jhb@):

 Merge r289055 to amd64/linux32:

 linux: fix handling of out-of-bounds syscall attempts

 Due to an off by one the code would read an entry past the table, as
 opposed to the last entry which contains the nosys handler.

2 files changed, 2 insertions, 2 deletions

diff --git a/sys/amd64/linux/linux_sysvec.c b/sys/amd64/linux/linux_sysvec.c
index e9ab8b3..37c1b69 100644
--- a/sys/amd64/linux/linux_sysvec.c
+++ b/sys/amd64/linux/linux_sysvec.c
@@ -234,7 +234,7 @@ linux_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c
index 4364438..250e16b 100644
--- a/sys/amd64/linux32/linux32_sysvec.c
+++ b/sys/amd64/linux32/linux32_sysvec.c
@@ -741,7 +741,7 @@ linux32_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
 
 	if (sa->code >= p->p_sysent->sv_size)
 		/* nosys */
-		sa->callp = &p->p_sysent->sv_table[LINUX_SYS_MAXSYSCALL];
+		sa->callp = &p->p_sysent->sv_table[p->p_sysent->sv_size - 1];
 	else
 		sa->callp = &p->p_sysent->sv_table[sa->code];
 	sa->narg = sa->callp->sy_narg;