[Linux-ia64] small but important fix for clone2()

public inbox for linux-ia64@vger.kernel.org
 help / color / mirror / Atom feed

* [Linux-ia64] small but important fix for clone2()
@ 2002-02-08  3:30 David Mosberger
  2002-02-09 18:45 ` David Mosberger
  0 siblings, 1 reply; 2+ messages in thread
From: David Mosberger @ 2002-02-08  3:30 UTC (permalink / raw)
  To: linux-ia64

There is a longstanding and silly bug in clone2() which can lead to
memory corruption.  The problem is that when the user-stack area is
specified explicitly (as is the case during pthread creation),
clone2() failed to allocate the scratch space required by the calling
convention.  The patch below fixes this.

Thanks to Asit Mallick for tracking this down.

	--david

--- arch/ia64/kernel/process.c~	Mon Feb  4 22:38:51 2002
+++ arch/ia64/kernel/process.c	Wed Feb  6 21:05:25 2002
@@ -267,7 +267,7 @@

 	if (user_mode(child_ptregs)) {
 		if (user_stack_base) {
-			child_ptregs->r12 = user_stack_base + user_stack_size;
+			child_ptregs->r12 = user_stack_base + user_stack_size - 16;
 			child_ptregs->ar_bspstore = user_stack_base;
 			child_ptregs->ar_rnat = 0;
 			child_ptregs->loadrs = 0;

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Linux-ia64] small but important fix for clone2()
  2002-02-08  3:30 [Linux-ia64] small but important fix for clone2() David Mosberger
@ 2002-02-09 18:45 ` David Mosberger
  0 siblings, 0 replies; 2+ messages in thread
From: David Mosberger @ 2002-02-09 18:45 UTC (permalink / raw)
  To: linux-ia64

Thursday's patch isn't sufficient.  It breaks threaded ia32 apps.  The
patch below should be complete, but more testing needs to be done.  At
least the x86 version of OpenOffice works again.

	--david

--- arch/ia64/kernel/entry.S~	Thu Jan 24 17:16:06 2002
+++ arch/ia64/kernel/entry.S	Sat Feb  9 10:41:59 2002
@@ -115,7 +115,7 @@
 	mov loc1=r16				// save ar.pfs across do_fork
 	.body
 	mov out1=in1
-	mov out3=0
+	mov out3\x16				// stacksize (compensates for 16-byte scratch area)
 	adds out2=IA64_SWITCH_STACK_SIZE+16,sp	// out2 = &regs
 	mov out0=in0				// out0 = clone_flags
 	br.call.sptk.many rp=do_fork
--- arch/ia64/ia32/ia32_entry.S~	Mon Nov 19 20:04:55 2001
+++ arch/ia64/ia32/ia32_entry.S	Sat Feb  9 10:41:41 2002
@@ -37,7 +37,7 @@
 	mov loc1=r16				// save ar.pfs across do_fork
 	.body
 	zxt4 out1=in1				// newsp
-	mov out3=0				// stacksize
+	mov out3\x16				// stacksize (compensates for 16-byte scratch area)
 	adds out2=IA64_SWITCH_STACK_SIZE+16,sp	// out2 = &regs
 	zxt4 out0=in0				// out0 = clone_flags
 	br.call.sptk.many rp=do_fork
--- arch/ia64/kernel/process.c~	Mon Feb  4 22:38:51 2002
+++ arch/ia64/kernel/process.c	Wed Feb  6 21:05:25 2002
@@ -267,7 +267,7 @@
 
 	if (user_mode(child_ptregs)) {
 		if (user_stack_base) {
-			child_ptregs->r12 = user_stack_base + user_stack_size;
+			child_ptregs->r12 = user_stack_base + user_stack_size - 16;
 			child_ptregs->ar_bspstore = user_stack_base;
 			child_ptregs->ar_rnat = 0;
 			child_ptregs->loadrs = 0;



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2002-02-09 18:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-02-08  3:30 [Linux-ia64] small but important fix for clone2() David Mosberger
2002-02-09 18:45 ` David Mosberger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox