summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2007-08-30 00:35:08 +0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-08-30 20:58:22 +0400
commit8057d763ed7a7365dc3402db0aed7c87d8531ecb (patch)
tree5a04fee7709eeed4babb70296302b1d49e64b37c
parentb07d68b5ca4d55a16fab223d63d5fb36f89ff42f (diff)
downloadlinux-8057d763ed7a7365dc3402db0aed7c87d8531ecb.tar.xz
Fix lguest page-pinning logic ("lguest: bad stack page 0xc057a000")
If the stack pointer is 0xc057a000, then the first stack page is at 0xc0579000 (the stack pointer is decremented before use). Not calculating this correctly caused guests with CONFIG_DEBUG_PAGEALLOC=y to be killed with a "bad stack page" message: the initial kernel stack was just proceeding the .smp_locks section which CONFIG_DEBUG_PAGEALLOC marks read-only when freeing. Thanks to Frederik Deweerdt for the bug report! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/lguest/interrupts_and_traps.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/lguest/interrupts_and_traps.c b/drivers/lguest/interrupts_and_traps.c
index 49aa55577d0d..39731232d827 100644
--- a/drivers/lguest/interrupts_and_traps.c
+++ b/drivers/lguest/interrupts_and_traps.c
@@ -270,8 +270,11 @@ void pin_stack_pages(struct lguest *lg)
/* Depending on the CONFIG_4KSTACKS option, the Guest can have one or
* two pages of stack space. */
for (i = 0; i < lg->stack_pages; i++)
- /* The stack grows *upwards*, hence the subtraction */
- pin_page(lg, lg->esp1 - i * PAGE_SIZE);
+ /* The stack grows *upwards*, so the address we're given is the
+ * start of the page after the kernel stack. Subtract one to
+ * get back onto the first stack page, and keep subtracting to
+ * get to the rest of the stack pages. */
+ pin_page(lg, lg->esp1 - 1 - i * PAGE_SIZE);
}
/* Direct traps also mean that we need to know whenever the Guest wants to use