From 484889fc85a223ef56edc31828b86751b2296b7c Mon Sep 17 00:00:00 2001 From: David Daney Date: Wed, 8 Jul 2009 10:07:50 -0700 Subject: MIPS: Avoid clobbering struct pt_regs in kthreads The resume() implementation octeon_switch.S examines the saved cp0_status register. We were clobbering the entire pt_regs structure in kernel threads leading to random crashes. When switching away from a kernel thread, the saved cp0_status is examined and if bit 30 is set it is cleared and the CP2 state saved into the pt_regs structure. Since the kernel thread stack overlaid the pt_regs structure this resulted in a corrupt stack. When the kthread with the corrupt stack was resumed, it could crash if it used any of the data in the stack that was clobbered. We fix it by moving the kernel thread stack down so it doesn't overlay pt_regs. Signed-off-by: David Daney Signed-off-by: Ralf Baechle --- arch/mips/kernel/process.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'arch/mips/kernel/process.c') diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index c09d681b7181..f3d73e1831c1 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -115,7 +115,7 @@ int copy_thread(unsigned long clone_flags, unsigned long usp, { struct thread_info *ti = task_thread_info(p); struct pt_regs *childregs; - long childksp; + unsigned long childksp; p->set_child_tid = p->clear_child_tid = NULL; childksp = (unsigned long)task_stack_page(p) + THREAD_SIZE - 32; @@ -132,6 +132,8 @@ int copy_thread(unsigned long clone_flags, unsigned long usp, /* set up new TSS. */ childregs = (struct pt_regs *) childksp - 1; + /* Put the stack after the struct pt_regs. */ + childksp = (unsigned long) childregs; *childregs = *regs; childregs->regs[7] = 0; /* Clear error flag */ -- cgit v1.2.3