From owner-cvs-all@FreeBSD.ORG Fri Mar 4 06:07:55 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8138B16A4CE; Fri, 4 Mar 2005 06:07:55 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15C1D43D31; Fri, 4 Mar 2005 06:07:55 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id j2467Nr7026441; Thu, 3 Mar 2005 22:07:29 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200503040607.j2467Nr7026441@gw.catspoiler.org> Date: Thu, 3 Mar 2005 22:07:23 -0800 (PST) From: Don Lewis To: scottl@samsco.org In-Reply-To: <42279EE9.3020905@samsco.org> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: src-committers@FreeBSD.org cc: jhb@FreeBSD.org cc: cvs-src@FreeBSD.org cc: cvs-all@FreeBSD.org cc: davidxu@FreeBSD.org cc: das@FreeBSD.org cc: julian@elischer.org Subject: Re: cvs commit: src/sys/kern kern_sig.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 06:07:55 -0000 On 3 Mar, Scott Long wrote: > An msleep/tsleep option doesn't solve the problem because the the msleep > might happen several layers down from where the stack abuse is taking > place, and thus the caller would have no idea that it's needed. The fix > for sigwait() is easy and can be applied without hacking in new options > that have limited value. I don't argue that similar problems might > exist elsewhere, but swappable kstacks have been part of BSD since > before most of us knew where the power switch was on our Ataris, so it's > likely not to be a wide-spread and fundamental problem in the code. I'd > be in favor of adding diagnostics that help catch these problems and > report them, but just throwing away kstack swapping in leiu of taking > the 2 minutes to fix sigwait() is pretty silly. We really should be using some sort of message passing API for this sort of thing instead of hand rolling the solution every time. Even if we disable stack swapping, we still have to make sure that access to the buffer is revoked before the stack frame that contains it disappears because of a function return. If we build message passing code out of low-level primitives in a bunch of different places in the code, we are a lot more likely to have random stack-smashing bugs.