Re: [BUGFIX][PATCH] fixing placement of register stack under ulimit -s

From: David Mosberger-Tang
Date: Thu Mar 15 2007 - 11:57:55 EST

But aren't you going to be limited to less than a page worth of
register-backing store even with your patch applied because the
backing store will end up overflowing the memory stack?

--david

On 3/15/07, KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> wrote:
This patch fixes ia64's bug in ulimit -s handling. against 2.6.21-rc3.

At first,the address of register stack is defined by this
== ia64_set_rbs_bot()
unsigned long stack_size = current->signal->rlim[RLIMIT_STACK].rlim_max & -16;

if (stack_size > MAX_USER_STACK_SIZE)
stack_size = MAX_USER_STACK_SIZE;
current->thread.rbs_bot = STACK_TOP - stack_size;
}
==
default rlim[RLIMIT_STACK].rlim_max is very big.

If ulimit -s is used, rlim_max can be small. As a result, rbs_bot can be
very high address. Because of stack-address-randomize, there is a case that
"regiter stack" is placed in the higher address than "memory stack".
== example...
[kamezawa@drpq linux-2.6.21-rc2]$ ulimit -s
8192
[kamezawa@drpq linux-2.6.21-rc2]$ cat /proc/self/maps
00000000-00004000 r--p 00000000 00:00 0
2000000000000000-2000000000038000 r-xp 00000000 08:02 5991525 /lib/ld-2.5.so
2000000000044000-2000000000050000 rw-p 00034000 08:02 5991525 /lib/ld-2.5.so
2000000000064000-20000000002c8000 r-xp 00000000 08:02 5990699 /lib/libc-2.5.so
20000000002c8000-20000000002d4000 ---p 00264000 08:02 5990699 /lib/libc-2.5.so
20000000002d4000-20000000002e0000 rw-p 00260000 08:02 5990699 /lib/libc-2.5.so
20000000002e0000-20000000002ec000 rw-p 20000000002e0000 00:00 0
20000000002ec000-2000000003a24000 r--p 00000000 08:02 9472842 /usr/lib/locale/locale-archive
4000000000000000-4000000000008000 r-xp 00000000 08:02 4157490 /bin/cat
6000000000004000-600000000000c000 rw-p 00004000 08:02 4157490 /bin/cat
600000000000c000-6000000000030000 rw-p 600000000000c000 00:00 0 [heap]
60000fffff5f4000-60000fffff648000 rw-p 60000fffff5f4000 00:00 0 [stack]
60000fffff7fc000-60000fffff800000 rw-p 60000fffff7fc000 00:00 0 (*)
a000000000000000-a000000000020000 ---p 00000000 00:00 0 [vdso]
(*) is register stack.
==
This register-stack/memory-stack upside down is not expected.
Current ia64 page fault handler doesn't handle this case. In this case,
register stack expansion causes SEGV.
This means that the user program can use only 1 page for its register stack.

This patch fixes the above case by moving register stack to suitable place.
Note) fixing page fault handler seems to be another way...but a bit complicated.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx>
---
Index: linux-2.6.21-rc3/arch/ia64/mm/init.c
===================================================================
--- linux-2.6.21-rc3.orig/arch/ia64/mm/init.c
+++ linux-2.6.21-rc3/arch/ia64/mm/init.c
@@ -155,7 +155,7 @@ ia64_set_rbs_bot (void)

if (stack_size > MAX_USER_STACK_SIZE)
stack_size = MAX_USER_STACK_SIZE;
- current->thread.rbs_bot = STACK_TOP - stack_size;
+ current->thread.rbs_bot = PAGE_ALIGN(current->mm->start_stack - stack_size);
}

/*

-
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html



--
Mosberger Consulting LLC, http://www.mosberger-consulting.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/