Fix the location of td->td_frame at the top of the kernel stack.

In cpu_thread_alloc we would allocate space for the trap frame at the top of the kernel stack. This is just below the pcb, however due to a missing cast the pointer arithmetic would use the pcb size, not the trapframe size. As the pcb is larger than the trapframe this is safe, however later in cpu_fork we include the case leading to the two disagreeing on the location. Fix by using the same arithmetic in both locations. Found by: An early KASAN patch Sponsored by: DARPA, AFRL
amitkr · Jan 11, 2019 · 58ce42c · 58ce42c
1 parent adcbc2a
commit 58ce42c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/sys/arm64/arm64/vm_machdep.c b/sys/arm64/arm64/vm_machdep.c
@@ -228,7 +228,7 @@ cpu_thread_alloc(struct thread *td)
 	td->td_pcb = (struct pcb *)(td->td_kstack +
 	    td->td_kstack_pages * PAGE_SIZE) - 1;
 	td->td_frame = (struct trapframe *)STACKALIGN(
-	    td->td_pcb - 1);
+	    (struct trapframe *)td->td_pcb - 1);
 }
 
 void