The vm_stack struct used to free stacks via an RCU callback is stored directly in the stack being freed. Make sure it's stored at the beginning of the stack regardless of stack growth direction, to avoid faults on partially allocated dynamic stacks. Signed-off-by: David Stevens --- kernel/fork.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 50772c0cc5da..72c081db492c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -282,7 +282,12 @@ static void thread_stack_free_rcu(struct rcu_head *rh) static void thread_stack_delayed_free(struct task_struct *tsk) { - struct vm_stack *vm_stack = tsk->stack; + struct vm_stack *vm_stack; + + if (IS_ENABLED(CONFIG_STACK_GROWSUP)) + vm_stack = tsk->stack; + else + vm_stack = tsk->stack + THREAD_SIZE - sizeof(*vm_stack); vm_stack->stack_vm_area = tsk->stack_vm_area; call_rcu(&vm_stack->rcu, thread_stack_free_rcu); -- 2.54.0.rc2.544.gc7ae2d5bb8-goog