Forwarding it here. ---------- Forwarded message ---------- From: Eldar Abusalimov <eldar.abusalimov@xxxxxxxxx> Date: 2009/8/4 Subject: Re: Is it a bug in etrap.S srmmu stack check routine? To: David Miller <davem@xxxxxxxxxxxxx> 2009/8/4 David Miller <davem@xxxxxxxxxxxxx>: > From: Eldar Abusalimov <eldar.abusalimov@xxxxxxxxx> > Date: Mon, 3 Aug 2009 21:36:31 +0400 > >> Hi, David! >> >> I've been looking into traps-related routines for some time, and was >> confused with srmmu user stack checking code. >> >> Here is the corresponding part of etrap.S file: >> >> 278 .globl tsetup_srmmu_stackchk >> 279 tsetup_srmmu_stackchk: >> 280 /* Check results of callers andcc %sp, 0x7, %g0 */ >> 281 bne trap_setup_user_stack_is_bolixed >> 282 sethi %hi(PAGE_OFFSET), %glob_tmp >> 283 >> 284 cmp %glob_tmp, %sp >> 285 bleu,a 1f >> 286 lda [%g0] ASI_M_MMUREGS, %glob_tmp ! read MMU control >> 287 >> 288 trap_setup_user_stack_is_bolixed: >> 289 /* From user/kernel into invalid window w/bad user >> 290 * stack. Save bad user stack, and return to caller. >> 291 */ >> 292 SAVE_BOLIXED_USER_STACK(curptr, g3) >> 293 restore %g0, %g0, %g0 >> 294 >> 295 jmpl %t_retpc + 0x8, %g0 >> 296 mov %t_kstack, %sp >> 297 >> 298 1: >> 299 /* Clear the fault status and turn on the no_fault bit. */ >> 300 or %glob_tmp, 0x2, %glob_tmp ! or in >> no_fault bit >> 301 sta %glob_tmp, [%g0] ASI_M_MMUREGS ! set it >> 302 >> 303 /* Dump the registers and cross fingers. */ >> 304 STORE_WINDOW(sp) >> >> On the line 284 we compare user stack pointer with PAGE_OFFSET, and if >> it is greater than PAGE_OFFSET, then we consider user stack is still >> ok and continue checking. On the contrary, if %sp is small enough, >> bollixed stack handler is entered at once. Is it right? > > We want to fall through to line 288 if PAGE_OFFSET > %sp and that's > what we do. > Thank you for the reply. That is PAGE_OFFSET > %sp means a corrupt user stack condition, isn't it? Then why we do the same check in wof.S (see my first post), but the stack is considered to be corrupt under the opposite condition (when PAGE_OFFSET <= %sp)? What's the difference between these two cases? My questions may look silly, but I still have not understood what's wrong in my chain of reasoning. =) -- Best regards, Eldar Sh. Abusalimov -- Best regards, Eldar Sh. Abusalimov -- To unsubscribe from this list: send the line "unsubscribe sparclinux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
