Some kernel stacks have guard pages, some don't?

Micah_Brodsky · August 12, 2004, 4:17pm

Hey, all.
I’ve got a little question that’s been nagging at me. I noticed a while back
when doing some manual fault injection experiments on win2k drivers that
under some circumstances, injecting a stack overflow would cause a
double-fault bugcheck, and other times it would spontaneously reboot the
system. I dug around with WinDbg once when I was getting the spontaneous
reboots and noticed that there didn’t seem to be any gap between the stack I
was on and known debug symbols, suggesting that it was simply overflowing
onto critical data and wreaking havoc. So, I was wondering, are some kernel
stacks configured with guard pages and some not? Or, are they never
intentionally given guard pages, but often they just have uncommitted
address space following them?

Thanks a lot!
–Micah Brodsky

OSR_Community_User · August 15, 2004, 9:17pm

On Thu, 2004-08-12 at 15:16, Micah Brodsky wrote:

So, I was wondering, are some kernel
stacks configured with guard pages and some not?

As far as I know, no kernel stacks use guard pages. You get 12k and
that’s it.

-sd

Maxim_S_Shatskih · August 15, 2004, 9:27pm

They use guard pages, which cause double fault (and then a BSOD) if hit

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Steve Dispensa”
To: “Windows System Software Devs Interest List”
Sent: Monday, August 16, 2004 5:15 AM
Subject: Re: [ntdev] Some kernel stacks have guard pages, some don’t?

> On Thu, 2004-08-12 at 15:16, Micah Brodsky wrote:
> > So, I was wondering, are some kernel
> > stacks configured with guard pages and some not?
>
> As far as I know, no kernel stacks use guard pages. You get 12k and
> that’s it.
>
> -sd
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · August 15, 2004, 10:21pm

On Sun, 2004-08-15 at 20:25, Maxim S. Shatskih wrote:

They use guard pages, which cause double fault (and then a BSOD) if hit

Hmm, I was thinking about dynamic stack expansion… sigh…

Maxim_S_Shatskih · August 15, 2004, 11:30pm

> > They use guard pages, which cause double fault (and then a BSOD) if hit

Hmm, I was thinking about dynamic stack expansion… sigh…

The problem is that the stack overflow (or guard page) in ring 0 can only be
handled as a double fault, and you cannot return from a double fault.

These are x86 issues and not Windows ones.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com