Fix stack corruptions on amd64.

Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.

Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.

Lots of explanations and help from:     peter
Reviewed by:                            peter
PR:                                     amd64/89261
MFC after:                              6 days

7 files changed, 13 insertions, 59 deletions

diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c
index f8165dc..4d48501 100644
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@@ -123,7 +123,7 @@ static const struct protosw in_gre_protosw = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_GRE,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		(pr_input_t *)gre_input,
+	.pr_input =		gre_input,
 	.pr_output =		(pr_output_t *)rip_output,
 	.pr_ctlinput =		rip_ctlinput,
 	.pr_ctloutput =		rip_ctloutput,
@@ -134,7 +134,7 @@ static const struct protosw in_mobile_protosw = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_MOBILE,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		(pr_input_t *)gre_mobile_input,
+	.pr_input =		gre_mobile_input,
 	.pr_output =		(pr_output_t *)rip_output,
 	.pr_ctlinput =		rip_ctlinput,
 	.pr_ctloutput =		rip_ctloutput,
diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c
index 04dc3d9..e9a2ace 100644
--- a/sys/netinet/ip_gre.c
+++ b/sys/netinet/ip_gre.c
@@ -104,20 +104,10 @@ static int	gre_input2(struct mbuf *, int, u_char);
  * This really is simple
  */
 void
-#if __STDC__
-gre_input(struct mbuf *m, ...)
-#else
-gre_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+gre_input(struct mbuf *m, int off)
 {
-	int off, ret, proto;
-	va_list ap;
+	int ret, proto;
 
-	va_start(ap, m);
-	off = va_arg(ap, int);
-	va_end(ap);
 	proto = (mtod(m, struct ip *))->ip_p;
 
 	ret = gre_input2(m, off, proto);
@@ -236,25 +226,13 @@ gre_input2(struct mbuf *m ,int hlen, u_char proto)
  */
 
 void
-#if __STDC__
-gre_mobile_input(struct mbuf *m, ...)
-#else
-gre_mobile_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+gre_mobile_input(struct mbuf *m, int hlen)
 {
 	struct ip *ip;
 	struct mobip_h *mip;
 	struct gre_softc *sc;
-	int hlen;
-	va_list ap;
 	int msiz;
 
-	va_start(ap, m);
-	hlen = va_arg(ap, int);
-	va_end(ap);
-
 	if ((sc = gre_lookup(m, IPPROTO_MOBILE)) == NULL) {
 		/* No matching tunnel or tunnel is down. */
 		m_freem(m);
diff --git a/sys/netinet/ip_gre.h b/sys/netinet/ip_gre.h
index f997f66..1fb67d9 100644
--- a/sys/netinet/ip_gre.h
+++ b/sys/netinet/ip_gre.h
@@ -38,6 +38,6 @@
  */
 
 #ifdef _KERNEL
-void gre_input(struct mbuf *, ...);
-void gre_mobile_input(struct mbuf *, ...);
+void gre_input(struct mbuf *, int);
+void gre_mobile_input(struct mbuf *, int);
 #endif /* _KERNEL */
diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c
index daff3c9..12e458a 100644
--- a/sys/netipsec/keysock.c
+++ b/sys/netipsec/keysock.c
@@ -77,23 +77,11 @@ struct pfkeystat pfkeystat;
  * key_output()
  */
 int
-#if __STDC__
-key_output(struct mbuf *m, ...)
-#else
-key_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+key_output(struct mbuf *m, struct socket *so)
 {
 	struct sadb_msg *msg;
 	int len, error = 0;
 	int s;
-	struct socket *so;
-	va_list ap;
-
-	va_start(ap, m);
-	so = va_arg(ap, struct socket *);
-	va_end(ap);
 
 	if (m == 0)
 		panic("%s: NULL pointer was passed.\n", __func__);
@@ -590,7 +578,7 @@ struct protosw keysw[] = {
 	.pr_domain =		&keydomain,
 	.pr_protocol =		PF_KEY_V2,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_output =		(pr_output_t *)key_output,
+	.pr_output =		key_output,
 	.pr_ctlinput =		raw_ctlinput,
 	.pr_init =		raw_init,
 	.pr_usrreqs =		&key_usrreqs
diff --git a/sys/netipsec/keysock.h b/sys/netipsec/keysock.h
index d8d27d2..a331b5e 100644
--- a/sys/netipsec/keysock.h
+++ b/sys/netipsec/keysock.h
@@ -71,7 +71,7 @@ struct keycb {
 
 extern struct pfkeystat pfkeystat;
 
-extern int key_output __P((struct mbuf *, ...));
+extern int key_output(struct mbuf *m, struct socket *so);
 extern int key_usrreq __P((struct socket *,
 	int, struct mbuf *, struct mbuf *, struct mbuf *));
 
diff --git a/sys/netkey/keysock.c b/sys/netkey/keysock.c
index a19d977..6419956 100644
--- a/sys/netkey/keysock.c
+++ b/sys/netkey/keysock.c
@@ -75,23 +75,11 @@ struct pfkeystat pfkeystat;
  * key_output()
  */
 int
-#if __STDC__
-key_output(struct mbuf *m, ...)
-#else
-key_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
+key_output(struct mbuf *m, struct socket *so)
 {
 	struct sadb_msg *msg;
 	int len, error = 0;
 	int s;
-	struct socket *so;
-	va_list ap;
-
-	va_start(ap, m);
-	so = va_arg(ap, struct socket *);
-	va_end(ap);
 
 	if (m == 0)
 		panic("key_output: NULL pointer was passed.");
@@ -500,7 +488,7 @@ struct protosw keysw[] = {
 	.pr_domain =		&keydomain,
 	.pr_protocol =		PF_KEY_V2,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_output =		(pr_output_t *)key_output,
+	.pr_output =		key_output,
 	.pr_ctlinput =		raw_ctlinput,
 	.pr_init =		raw_init,
 	.pr_usrreqs =		&key_usrreqs
diff --git a/sys/netkey/keysock.h b/sys/netkey/keysock.h
index ff2db81..0422517 100644
--- a/sys/netkey/keysock.h
+++ b/sys/netkey/keysock.h
@@ -71,7 +71,7 @@ struct keycb {
 
 extern struct pfkeystat pfkeystat;
 
-extern int key_output(struct mbuf *, ...);
+extern int key_output(struct mbuf *m, struct socket *so);
 extern int key_usrreq(struct socket *,
 	int, struct mbuf *, struct mbuf *, struct mbuf *);