i think you are right. the temporary tstk segment will be before the stack segment like:
| txt | dat | bss ... | *unmapedspace* | tstk | stk | the segattach syscall only makes sure you dont map something after or overlapping with the stack. so i think you could indeed map something there and make the front fall off after exec(). you could map a readonly segment there and make the kernel crash when it tries prepare the new stack. segattach() also would try to allocate below the lowest possible stack address when you pass 0 as the address. maybe the tstk (ESEG) should be placed *after* the stack swaping tstk and stk like: #define TSTKTOP (VMAP-BY2PG) #define TSTKSIZ 100 #define USTKTOP (TSTKTOP-TSTKSIZ) #define USTKSIZE (16*1024*1024) but maybe just making the checks in segattach take the tstk into account is simpler... -- cinap
