-
Paolo \'Blaisorblade\' Giarrusso authored
From: Alex Züpke <azu@sysgo.de>, and me SKAS mode is like 4G/4G (here we have actually 3G/3G) for guest processes, so when checking for kernel stack overflow, we must first make sure we are checking a kernel-space address. Also, correctly test for stack overflows (i.e. check if there is less than 1k of stack left; see arch/i386/kernel/irq.c:do_IRQ()). And also, THREAD_SIZE != PAGE_SIZE * 2, in general (though this setting is almost never changed, so we didn't notice this1). Thanks to the good eye of Alex Züpke <azu@sysgo.de> for first seeing this bug, and providing a test program: /* * trigger.c - triggers panic("Kernel stack overflow") in UML * * 20040630, azu@sysgo.de */ #include <stdio.h> #include <setjmp.h> #include <fcntl.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/mman.h> #define LOW 0xa0000000 #define HIGH 0xb0000000 int main(int argc, char **argv) { unsigned long addr; int fd; fd = open("/dev/zero", O_RDWR); printf("This may take some time ... one more cup of coffee ...\n"); for(addr = LOW; addr < HIGH; addr += 0x1000) { pid_t p; if(mmap((void*)addr, 0x1000, PROT_READ, MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) printf("mmap failed\n"); p = fork(); if(p == -1) printf("fork failed\n"); if(p == 0) { /* child context */ int *p = (int *)addr; volatile int x; x = *p; return 0; } /* father context */ waitpid(p, 0, 0); if(munmap((void*)addr, 0x1000) == -1) printf("munmap failed\n"); } close(fd); printf("done\n"); } Signed-off-by:Paolo 'Blaisorblade' Giarrusso <blaisorblade_spam@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
3b2dcf38
