If the stack pointer is 0xc057a000, then the first stack page is at
0xc0579000 (the stack pointer is decremented before use). Not
calculating this correctly caused guests with CONFIG_DEBUG_PAGEALLOC=y
to be killed with a "bad stack page" message: the initial kernel stack
was just proceeding the .smp_locks section which
CONFIG_DEBUG_PAGEALLOC marks read-only when freeing.
Thanks to Frederik Deweerdt for the bug report!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
drivers/lguest/interrupts_and_traps.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
===================================================================
--- a/drivers/lguest/interrupts_and_traps.c
+++ b/drivers/lguest/interrupts_and_traps.c
@@ -270,8 +270,11 @@ void pin_stack_pages(struct lguest *lg)
/* Depending on the CONFIG_4KSTACKS option, the Guest can have one or
* two pages of stack space. */
for (i = 0; i < lg->stack_pages; i++)
- /* The stack grows *upwards*, hence the subtraction */
- pin_page(lg, lg->esp1 - i * PAGE_SIZE);
+ /* The stack grows *upwards*, so the address we're given is the
+ * start of the page after the kernel stack. Subtract one to
+ * get back onto the first stack page, and keep subtracting to
+ * get to the rest of the stack pages. */
+ pin_page(lg, lg->esp1 - 1 - i * PAGE_SIZE);
}
/* Direct traps also mean that we need to know whenever the Guest wants to use
-
