On 12/18/2011 5:45 PM, John David Anglin wrote:
Yes. R4 is also wrong, so it might be a call has corrupted it and
then the restore
corrupts r19.
This rings a bell. In the old clone/fork bug, there was a cache issue
with the stack
region created for the thread. It seemed like it got modified after
the thread started.
It must have something to do with the fact that it is allocated by
malloc.
I believe COW is broken. If you look at set_pte_at, you will see that
the tlb is not
purged for the address after the need value is stored in the page table,
so the write
protect doesn't take effect immediately. Thus, a thread can continue
writing to a
protected page without generating a fault. Unfortunately, this doesn't
fix the problem
by itself (tested this morning).
I'm thinking that copy_user_page needs to be done through the tmp alias
region,
or the user page needs to be flushed before it is copied. I'm not sure
how to do the
latter.
Dave
--
John David Anglin dave.anglin@xxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
