Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Mar 2005 22:07:23 -0800 (PST)
From:      Don Lewis <truckman@FreeBSD.org>
To:        scottl@samsco.org
Cc:        julian@elischer.org
Subject:   Re: cvs commit: src/sys/kern kern_sig.c
Message-ID:  <200503040607.j2467Nr7026441@gw.catspoiler.org>
In-Reply-To: <42279EE9.3020905@samsco.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On  3 Mar, Scott Long wrote:

> An msleep/tsleep option doesn't solve the problem because the the msleep
> might happen several layers down from where the stack abuse is taking
> place, and thus the caller would have no idea that it's needed.  The fix
> for sigwait() is easy and can be applied without hacking in new options
> that have limited value.  I don't argue that similar problems might
> exist elsewhere, but swappable kstacks have been part of BSD since
> before most of us knew where the power switch was on our Ataris, so it's
> likely not to be a wide-spread and fundamental problem in the code.  I'd
> be in favor of adding diagnostics that help catch these problems and
> report them, but just throwing away kstack swapping in leiu of taking
> the 2 minutes to fix sigwait() is pretty silly.

We really should be using some sort of message passing API for this sort
of thing instead of hand rolling the solution every time.  Even if we
disable stack swapping, we still have to make sure that access to the
buffer is revoked before the stack frame that contains it disappears
because of a function return.  If we build message passing code out of
low-level primitives in a bunch of different places in the code, we are
a lot more likely to have random stack-smashing bugs.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503040607.j2467Nr7026441>