x/sys/unix: FreeBSD PtraceIO violates unsafe.Pointer rules

[bcmills]

The fix for #54113 appears to have been only partial.
GOOS=freebsd GOARCH=amd64 go vet ./... in the x/sys module shows a true-positive violation of the unsafe.Pointer rules in syscall_freebsd_amd64.go:

ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)

Absent an API for pinning Go object addresses (#46787), this is incorrect and could lead to arbitrary memory corruption: if the out slice refers to memory in the Go heap, that memory can be collected (and reused for another allocation) concurrently with the call to ptrace.

(Note that the unsafe.Pointer rule that allows conversion of an unsafe.Pointer to a uintptr when calling syscall.Syscall applies only with the call expression itself, not within other variable declarations in the same function that makes the call.

This was apparently masked by #41205.

(attn @golang/freebsd; CC @tklauser @ianlancetaylor @aarzilli @mdempsky)

[gopherbot]

Change https://go.dev/cl/465235 mentions this issue: all: avoid direct conversion of uintptr to unsafe.Pointer

[gopherbot]

Change https://go.dev/cl/465675 mentions this issue: unix: avoid converting non-pointers to unsafe.Pointer in PtraceIO

[gopherbot]

Change https://go.dev/cl/465676 mentions this issue: unix: mitigate uintptr violations in PtraceIO on freebsd

[bcmills]

(I believe this particular issue was introduced by the fix for #54113, but #58387 also applies to FreeBSD.)