From owner-freebsd-arch Tue May 28 17: 0:26 2002 Delivered-To: freebsd-arch@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 4066237B407 for ; Tue, 28 May 2002 17:00:17 -0700 (PDT) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id QAA35144; Tue, 28 May 2002 16:50:06 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g4SNnHu88712; Tue, 28 May 2002 16:49:17 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200205282349.g4SNnHu88712@arch20m.dellroad.org> Subject: Kernel stack overflow detection? To: freebsd-arch@freebsd.org Date: Tue, 28 May 2002 16:49:17 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Got a question and a proposal... I'm trying to track down a mysterious bug and one possible theory is a kernel stack overflow (I've bloated the kernel with a bunch of custom code). This is in FreeBSD-stable. The question is: does INVARIANTS do anything to detect this? If not, what would be the "expected" behavior of such a bug? If INVARIANTS doesn't do so already, I'd like to propose to write up an INVARIANTS check that would validate that the kernel stack has not overflowed. However I'm curious if anyone has done this already and/or what the right way to go about it would be. E.g, add an extra stack page with read-only protection? Any hints appreciated. Thanks, -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message