diff --git a/exec.c b/exec.c
index 222f64c..a6de18f 100644
--- a/exec.c
+++ b/exec.c
@@ -48,6 +48,9 @@ exec(char *path, char **argv)
   }
   iunlockput(ip);
 
+  // XXX rtm: what about the BSS? shouldn't there be some
+  // bzero()ing here?
+
   // Allocate and initialize stack at sz
   sz = spbottom = PGROUNDUP(sz);
   if(!(sz = allocuvm(pgdir, sz, sz + PGSIZE)))
@@ -62,6 +65,9 @@ exec(char *path, char **argv)
   sp = sz;
   argp = sz - arglen - 4*(argc+1);
 
+  // XXX rtm: does the following code work if the
+  // arguments &c do not fit in one page?
+
   // Copy argv strings and pointers to stack.
   *(uint*)(mem+argp-spbottom + 4*argc) = 0;  // argv[argc]
   for(i=argc-1; i>=0; i--){
diff --git a/kalloc.c b/kalloc.c
index 5f690f5..72ce58a 100644
--- a/kalloc.c
+++ b/kalloc.c
@@ -17,12 +17,12 @@ struct {
   struct run *freelist;
 } kmem;
 
+extern char end[]; // first address after kernel loaded from ELF file
+
 // Initialize free list of physical pages.
 void
 kinit(void)
 {
-  extern char end[];
-
   initlock(&kmem.lock, "kmem");
   char *p = (char*)PGROUNDUP((uint)end);
   for( ; p + PGSIZE - 1 < (char*) PHYSTOP; p += PGSIZE)
@@ -39,7 +39,7 @@ kfree(char *v)
 {
   struct run *r;
 
-  if(((uint) v) % PGSIZE || (uint)v < 1024*1024 || (uint)v >= PHYSTOP) 
+  if(((uint) v) % PGSIZE || v < end || (uint)v >= PHYSTOP) 
     panic("kfree");
 
   // Fill with junk to catch dangling refs.