This patch series introduces Kernel Stack Watch (KSW), a lightweight debugging tool for detecting kernel stack corruption in real-time. The motivation comes from cases where corruption happens silently in one function but only manifests later as a crash in another, with no direct call trace connection. Such problems are often very difficult to debug with existing tools.
KSW works by combining hardware breakpoints with kprobes/kretprobes. It can watch a stack canary or a selected local variable, and detect the moment the corruption actually occurs. This allows developers to pinpoint the real source, rather than only observing the final crash. Key features include: - Lightweight design with minimal impact on bug reproducibility - Real-time detection of stack corruption - Simple configuration through `/proc/kstackwatch` - Support for recursive functions with configurable nesting depth To validate the approach, I have also prepared test modules and scripts that simulate corruption scenarios. I am sharing this work to seek feedback on the idea and the design. Any comments or suggestions for improvement are very welcome. The series is structured as follows: Jinchao Wang (13): mm: Add kstackwatch build infrastructure x86/HWBP: Add arch_reinstall_hw_breakpoint() for atomic updates mm/kstackwatch: Add module core and configuration interface mm/kstackwatch: Add HWBP pre-allocation infrastructure mm/kstackwatch: Add atomic HWBP arm/disarm operations mm/kstackwatch: Add stack address resolution functions mm/kstackwatch: Add kprobe and stack watch control mm/kstackwatch: Wire up watch and stack subsystems in module core mm/kstackwatch: Add architecture support validation mm/kstackwatch: Handle nested function calls mm/kstackwatch: Ignore corruption in kretprobe trampolines mm/kstackwatch: Add debug and test functions mm/kstackwatch: Add a test module and script arch/x86/include/asm/hw_breakpoint.h | 1 + arch/x86/kernel/hw_breakpoint.c | 50 ++++++ mm/Kconfig.debug | 23 +++ mm/Makefile | 1 + mm/kstackwatch/Makefile | 11 ++ mm/kstackwatch/kernel.c | 248 ++++++++++++++++++++++++++ mm/kstackwatch/kstackwatch.h | 56 ++++++ mm/kstackwatch/kstackwatch_test.c | 237 ++++++++++++++++++++++++ mm/kstackwatch/stack.c | 222 +++++++++++++++++++++++ mm/kstackwatch/watch.c | 240 +++++++++++++++++++++++++ tools/kstackwatch/kstackwatch_test.sh | 122 +++++++++++++ 11 files changed, 1211 insertions(+) create mode 100644 mm/kstackwatch/Makefile create mode 100644 mm/kstackwatch/kernel.c create mode 100644 mm/kstackwatch/kstackwatch.h create mode 100644 mm/kstackwatch/kstackwatch_test.c create mode 100644 mm/kstackwatch/stack.c create mode 100644 mm/kstackwatch/watch.c create mode 100644 tools/kstackwatch/kstackwatch_test.sh -- 2.43.0
