Introduce the build system for kstackwatch, a new kernel stack
corruption debugging tool. This patch adds the necessary Kconfig
and Makefile infrastructure to support the kstackwatch subsystem.
kstackwatch uses hardware write breakpoints to detect stack
corruption in real-time, providing precise identification of
the instruction that overwrites stack canaries or local variables.
This is a significant improvement over traditional stack protection
mechanisms that only detect corruption at function exit.
The implementation is placed in mm/kstackwatch/ alongside other
memory debugging tools like KASAN, KFENCE, and KMSAN. The tool
requires STACKPROTECTOR, hardware breakpoint support, and kprobes
functionality to operate.
The modular design splits functionality across:
- kernel.c: Main logic and module lifecycle
- stack.c: Stack canary detection and probing
- watch.c: Hardware breakpoint management
Signed-off-by: Jinchao Wang <wangjinchao...@gmail.com>
---
mm/Kconfig.debug | 12 ++++++++++++
mm/Makefile | 1 +
mm/kstackwatch/Makefile | 3 +++
mm/kstackwatch/kernel.c | 0
mm/kstackwatch/kstackwatch.h | 0
mm/kstackwatch/stack.c | 0
mm/kstackwatch/watch.c | 0
7 files changed, 16 insertions(+)
create mode 100644 mm/kstackwatch/Makefile
create mode 100644 mm/kstackwatch/kernel.c
create mode 100644 mm/kstackwatch/kstackwatch.h
create mode 100644 mm/kstackwatch/stack.c
create mode 100644 mm/kstackwatch/watch.c
diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
index 32b65073d0cc..dd9c1bb7f549 100644
--- a/mm/Kconfig.debug
+++ b/mm/Kconfig.debug
@@ -309,3 +309,15 @@ config PER_VMA_LOCK_STATS
overhead in the page fault path.
If in doubt, say N.
+
+
+config KSTACK_WATCH
+ tristate "Kernel Stack Watch"
+ depends on STACKPROTECTOR && HAVE_HW_BREAKPOINT && KPROBES &&
HAVE_KRETPROBES
+ help
+ This debugging tool monitors kernel stack usage. When enabled,
+ it can detect potential stack corruption by watching the remaining
+ stack space. This provides real-time warnings before a crash occurs,
+ which is useful for debugging stability issues.
+
+ If unsure, say N.
diff --git a/mm/Makefile b/mm/Makefile
index ef54aa615d9d..665c9f2bf987 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -92,6 +92,7 @@ obj-$(CONFIG_PAGE_POISONING) += page_poison.o
obj-$(CONFIG_KASAN) += kasan/
obj-$(CONFIG_KFENCE) += kfence/
obj-$(CONFIG_KMSAN) += kmsan/
+obj-$(CONFIG_KSTACK_WATCH) += kstackwatch/
obj-$(CONFIG_FAILSLAB) += failslab.o
obj-$(CONFIG_FAIL_PAGE_ALLOC) += fail_page_alloc.o
obj-$(CONFIG_MEMTEST) += memtest.o
diff --git a/mm/kstackwatch/Makefile b/mm/kstackwatch/Makefile
new file mode 100644
index 000000000000..076822eb7661
--- /dev/null
+++ b/mm/kstackwatch/Makefile
@@ -0,0 +1,3 @@
+obj-$(CONFIG_KSTACK_WATCH) += kstackwatch.o
+
+kstackwatch-y := kernel.o stack.o watch.o
diff --git a/mm/kstackwatch/kernel.c b/mm/kstackwatch/kernel.c
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/mm/kstackwatch/kstackwatch.h b/mm/kstackwatch/kstackwatch.h
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/mm/kstackwatch/stack.c b/mm/kstackwatch/stack.c
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/mm/kstackwatch/watch.c b/mm/kstackwatch/watch.c
new file mode 100644
index 000000000000..e69de29bb2d1
--
2.43.0
