Date: Tue, 28 May 2002 22:18:12 -0400 From: Jake Burkholder <jake@locore.ca> To: Archie Cobbs <archie@dellroad.org> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Kernel stack overflow detection? Message-ID: <20020528221812.O62759@locore.ca> In-Reply-To: <200205282349.g4SNnHu88712@arch20m.dellroad.org>; from archie@dellroad.org on Tue, May 28, 2002 at 04:49:17PM -0700 References: <200205282349.g4SNnHu88712@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Apparently, On Tue, May 28, 2002 at 04:49:17PM -0700, Archie Cobbs said words to the effect of; > Hi, > > Got a question and a proposal... I'm trying to track down a mysterious > bug and one possible theory is a kernel stack overflow (I've bloated > the kernel with a bunch of custom code). This is in FreeBSD-stable. > > The question is: does INVARIANTS do anything to detect this? If not, > what would be the "expected" behavior of such a bug? > > If INVARIANTS doesn't do so already, I'd like to propose to write > up an INVARIANTS check that would validate that the kernel stack > has not overflowed. However I'm curious if anyone has done this > already and/or what the right way to go about it would be. E.g, add > an extra stack page with read-only protection? Any hints appreciated. -current has a guard page, -stable does not. Also, in -current the u. area and the pcb were moved so the kernel stack grows away from them, instead of towards. Either of these changes should be relatively easy to back port. Note that on x86 a page fault due a stack overflow will cause a double fault; the double fault handler uses a task gate which does a hardware context switch to get off of the bad stack. Jake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528221812.O62759>