> Your child's sp is way below the parent's sp, so even they can eventually
> overlap it's not possible at fork time. You just (re)use the same stack area
> which already exists in your parent but different location inside there.

Ok, I tried this. Things work perfectly once I use just a 0x800 offset (which
means there is no need to map new stack pages). 

With the 0x04000000 offset (which is used in IRIX), even when running with root
privileges and ulimit -s unlimited, it crashes. Hence obviously the problem is
how I try to map stack memory.

I set up the new stack like this:

        child_stack_addr = (u_long)(tf->f_regs[SP] - IRIX_SPROC_STACK_OFFSET);
        child_stack_size = (u_long)p->p_vmspace->vm_minsaddr
            - (u_long)p->p_vmspace->vm_maxsaddr;
        child_stack_addr -= child_stack_size;

And once fork1() is done, in the child, I map the child stack using an
exec_vmcmd:

        bzero(&vmc, sizeof(vmc));
        vmc.ev_addr = trunc_page(child_stack_addr);
        vmc.ev_len = round_page(child_stack_size);
        vmc.ev_prot = UVM_PROT_RWX;
        vmc.ev_flags = UVM_FLAG_COPYONW|UVM_FLAG_FIXED|UVM_FLAG_OVERLAY;
        vmc.ev_proc = vmcmd_map_zero;
        error = (*vmc.ev_proc)(p2, &vmc);

        p2->p_vmspace->vm_maxsaddr = (void *)trunc_page(isc->isc_stack_addr); 

Anything wrong here?

-- 
Emmanuel Dreyfus.
"Le 80x86 n'est pas si complexe - il n'a simplement pas de sens"
(Mike Johnson, responsable de la conception x86 chez AMD) 
manu@netbsd.org