From owner-freebsd-arch  Tue May 28 19: 3: 0 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from k6.locore.ca (k6.locore.ca [198.96.117.170])
	by hub.freebsd.org (Postfix) with ESMTP id 2453B37B403
	for <freebsd-arch@FreeBSD.ORG>; Tue, 28 May 2002 19:02:55 -0700 (PDT)
Received: (from jake@localhost)
	by k6.locore.ca (8.11.6/8.11.6) id g4T2ICk27787;
	Tue, 28 May 2002 22:18:13 -0400 (EDT)
	(envelope-from jake)
Date: Tue, 28 May 2002 22:18:12 -0400
From: Jake Burkholder <jake@locore.ca>
To: Archie Cobbs <archie@dellroad.org>
Cc: freebsd-arch@FreeBSD.ORG
Subject: Re: Kernel stack overflow detection?
Message-ID: <20020528221812.O62759@locore.ca>
References: <200205282349.g4SNnHu88712@arch20m.dellroad.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200205282349.g4SNnHu88712@arch20m.dellroad.org>; from archie@dellroad.org on Tue, May 28, 2002 at 04:49:17PM -0700
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Apparently, On Tue, May 28, 2002 at 04:49:17PM -0700,
	Archie Cobbs said words to the effect of;

> Hi,
> 
> Got a question and a proposal... I'm trying to track down a mysterious
> bug and one possible theory is a kernel stack overflow (I've bloated
> the kernel with a bunch of custom code). This is in FreeBSD-stable.
> 
> The question is: does INVARIANTS do anything to detect this? If not,
> what would be the "expected" behavior of such a bug?
> 
> If INVARIANTS doesn't do so already, I'd like to propose to write
> up an INVARIANTS check that would validate that the kernel stack
> has not overflowed. However I'm curious if anyone has done this
> already and/or what the right way to go about it would be. E.g, add
> an extra stack page with read-only protection? Any hints appreciated.

-current has a guard page, -stable does not.   Also, in -current the
u. area and the pcb were moved so the kernel stack grows away from
them, instead of towards.  Either of these changes should be relatively
easy to back port.

Note that on x86 a page fault due a stack overflow will cause a double
fault; the double fault handler uses a task gate which does a hardware
context switch to get off of the bad stack.

Jake

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message