MMU protected kernel stacks [was: Re: Kernel stack corruption with SCSI]

Ingo Molnar (mingo@pc5829.hil.siemens.at)
Sat, 4 Jan 1997 18:32:13 +0100 (MET)


[grin, replying my own mail]

On Sat, 4 Jan 1997, Ingo Molnar wrote:

> i got problems tho when using kernel virtual memory as stack space: the
> AHA2940 driver hangs in the init phase. Without having looked into the
> SCSI code i bet the problem is that the driver allocates some (small)
> control structure on the stack, and uses virt_to_bus(stackaddr) to set up
> DMA, which looses badly with vmalloc()-ed memory.

yup, this was the problem, the following code solved it:

----------------------------------------------------------------->
#ifdef SLOW_BUT_SAFE_KERNEL_STACKS

static unsigned long i386_mmu_alloc_kernel_stack (void)
{
pgd_t * pgd;
pmd_t * pmd;
pte_t * pte;
unsigned long virt_addr;
unsigned long phys_addr;

virt_addr = (unsigned long)vmalloc(KERNEL_STACK_SIZE);

pgd = pgd_offset(current->mm, virt_addr);
pmd = pmd_offset(pgd, virt_addr);
pte = pte_offset(pmd, virt_addr);

phys_addr = (unsigned long)(pte_page(*pte));

return (unsigned long)phys_to_virt(phys_addr);
}

[etc]
<------------------------------------------------------------------

i solved the backwards transformation in free_kernel_stack() problem by
simply not freeing it, i think do_exit() -> ... -> ... -> zap_page_range()
frees those pages automatically, but not sure ... anyways, the clean
solution will be to build the kernel stack MMU space by hand (like the
sun4c code does), thus the backwards transformation will be easy too.

btw, the above code isnt part of the VM macros we have, and something like
that could be useful for transforming user-space pointers into
kernel-space addresses when doing those future MMU tricks in the gigabit
ethernet networking code?

Thus bigpage extenstions could be used at their best too. [the resulting
pointer would be part of the linear bigpage kernel virtual memory] Problem
is that user-space buffers are not physically linear [thus not easily
DMAable] (but they could be if Alan's magic socket option is on :)).

-- mingo