thread0.td_frame overwritten in cpu_startup()
Olivier Houchard
mlfbsd at ci0.org
Thu Feb 12 14:56:46 PST 2009
On Thu, Feb 12, 2009 at 04:01:58PM -0600, Mark Tinguely wrote:
>
> on startup, the initarm() sets the thread0.td_frame to a local trapframe
> structure.
>
> in arm/ARCH/ARCH_machdep.c
> thread0.td_frame = &proc0_tf;
>
> But cpu_startup() in arm/arm/machdep.c overwrites it with a value at the end
> of the kernel stack. unfortunately, that space is also used by the thread0
> pcb structure.
>
> in arm/ARCH/ARCH_machdep.c
> thread0.td_pcb = (struct pcb *)
> (thread0.td_kstack + KSTACK_PAGES * PAGE_SIZE) - 1
>
> in arm/arm/machdep.c
> pcb->un_32.pcb32_sp = (u_int)thread0.td_kstack +
> USPACE_SVC_STACK_TOP;
>
> note: USPACE_SVC_STACK_TOP is defined as KSTACK_PAGES * PAGE_SIZE, so this
> is the top of the kernel stack.
>
> thread0.td_frame = (struct trapframe *)pcb->un_32.pcb32_sp - 1;
>
> This td_frame assignment in arm/arm/machdep.c should be removed. Not only
> did it overwrite a perfectly good trapframe, it overwrited it with memory
> that is shared with the pcb.
>
True, committed.
Thanks !
Olivier
More information about the freebsd-arm
mailing list