Question on kernel mode stack corruption

Rajasekaran Chandrasekaran rajachan1982 at gmail.com
Wed Jun 13 03:25:26 EDT 2018


Hi,

Sorry for the long email.

I am seeing segmentation fault happening in random userspace processes
periodically.  I am running Linux kernel 4.1 version with atom x86 CPU.
While inspecting core-dump of the user process from gdb, general-purpose
registers seems to be corrupted where as EIP, ESP and EBP are all good and
my stack frame is also proper.

Process gets segmentation fault while dereferencing EAX thinking EAX
contains a valid address, but since EAX value got corrupted, it gets killed
due to invalid address access.

Based on the book understanding linux kernel, all general-purpose registers
gets stored in the kernel mode stack of the process, where as special
registers(EIP, ESP etc) gets stored in thread_struct.

Could it be possible during context switch, kernel mode stack gets
corrupted resulting in bad EAX value when the control reaches user-space
process? Would it be possible for some other conditions to lead to invalid
EAX contents?

Thanks,
Raj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20180613/770e5820/attachment.html>


More information about the Kernelnewbies mailing list