Identify the kernel's stack guard page, shifted stack

The main two changes here are to document and identify the guard
page before the kernel's stack to help detect stack overflows,
and to shift the stack down a page so it ends on a neater address.
I've also updated the docs in a few places to be clearer.

I would have liked to update the double fault handler to identify
kernel stack overflows with more confidence, but the stack pointer
could still be in valid stack space. I may come back to this later.

Signed-off-by: SlyMarbo <[email protected]>

Author: SlyMarbo

kernel/Cargo.toml

@@ -31,7 +31,7 @@ run-command = [
 
 [package.metadata.bootloader]
 boot-info-address = "0xffff800040000000"
-kernel-stack-address = "0xffff800055550000"
+kernel-stack-address = "0xffff80005554f000"
 kernel-stack-size = 128
 physical-memory-offset = "0xffff800060000000"
 

kernel/src/memory/README.md

@@ -4,10 +4,11 @@ Firefly uses the following layout of virtual memory:
 
 | Region              |           Start address |            Last address |                 Pages |      Size |
 | ------------------- | ----------------------: | ----------------------: | --------------------: | --------: |
-| NULL page           |                   `0x0` |             `0x1f_ffff` |         1x 2 MiB page |     2 MiB |
+| NULL page           |                   `0x0` |             `0x1f_ffff` |            not mapped |     2 MiB |
 | Userspace           |             `0x20_0000` |      `0x7fff_ffff_ffff` |        rest of memory | < 128 TiB |
 | Kernel binary       | `0xffff_8000_0000_0000` | `0xffff_8000_3fff_ffff` | up to 512x 2 MiB page |     1 GiB |
-| Bootloader info     | `0xffff_8000_4000_0000` | `0xffff_8000_4000_0fff` |         1x 4 kiB page |     4 kiB |
-| Kernel heap         | `0xffff_8000_4444_0000` | `0xffff_8000_444b_ffff` |       128x 4 kiB page |   512 kiB |
-| Kernel stack        | `0xffff_8000_5555_1000` | `0xffff_8000_555d_0fff` |       128x 4 kiB page |   512 kiB |
+| Bootloader info     | `0xffff_8000_4000_0000` | `0xffff_8000_4000_0fff` |         1x 4 KiB page |     4 KiB |
+| Kernel heap         | `0xffff_8000_4444_0000` | `0xffff_8000_444b_ffff` |       128x 4 KiB page |   512 KiB |
+| Kernel stack guard  | `0xffff_8000_5554_f000` | `0xffff_8000_5554_ffff` |            not mapped |     4 KiB |
+| Kernel stack        | `0xffff_8000_5555_0000` | `0xffff_8000_555c_ffff` |       128x 4 KiB page |   512 KiB |
 | Physical memory map | `0xffff_8000_6000_0000` | `0xffff_ffff_ffff_ffff` |        rest of memory | < 128 TiB |

kernel/src/memory/constants.rs

@@ -21,7 +21,8 @@ use x86_64::{PhysAddr, VirtAddr};
 // | Kernel binary       | 0xffff_8000_0000_0000 | 0xffff_8000_3fff_ffff |
 // | Bootloader info     | 0xffff_8000_4000_0000 | 0xffff_8000_4000_0fff |
 // | Kernel heap         | 0xffff_8000_4444_0000 | 0xffff_8000_444b_ffff |
-// | Kernel stack        | 0xffff_8000_5555_1000 | 0xffff_8000_555d_0fff |
+// | Kernel stack guard  | 0xffff_8000_5554_f000 | 0xffff_8000_5554_ffff |
+// | Kernel stack        | 0xffff_8000_5555_0000 | 0xffff_8000_555c_ffff |
 // | Physical memory map | 0xffff_8000_6000_0000 | 0xffff_ffff_ffff_ffff |
 
 /// NULL_PAGE is reserved and always unmapped to ensure that null pointer
@@ -59,14 +60,22 @@ pub const KERNEL_HEAP: VirtAddrRange = VirtAddrRange::new(KERNEL_HEAP_START, KER
 const KERNEL_HEAP_START: VirtAddr = const_virt_addr(0xffff_8000_4444_0000 as u64);
 const KERNEL_HEAP_END: VirtAddr = const_virt_addr(0xffff_8000_444b_ffff as u64);
 
+/// KERNEL_STACK_GUARD is the area of memory we deliberately leave unmapped
+/// so we can diagnose stack overflows by spotting page faults in this region.
+///
+pub const KERNEL_STACK_GUARD: VirtAddrRange =
+    VirtAddrRange::new(KERNEL_STACK_GUARD_START, KERNEL_STACK_GUARD_END);
+const KERNEL_STACK_GUARD_START: VirtAddr = const_virt_addr(0xffff_8000_5554_f000 as u64);
+const KERNEL_STACK_GUARD_END: VirtAddr = const_virt_addr(0xffff_8000_5554_ffff as u64);
+
 /// KERNEL_STACK is the virtual address of the kernel's stack.
 ///
 /// Note that the stack counts downwards, so the start address is larger than
 /// the end address.
 ///
 pub const KERNEL_STACK: VirtAddrRange = VirtAddrRange::new(KERNEL_STACK_END, KERNEL_STACK_START);
-const KERNEL_STACK_START: VirtAddr = const_virt_addr(0xffff_8000_555d_0fff as u64);
-const KERNEL_STACK_END: VirtAddr = const_virt_addr(0xffff_8000_5555_1000 as u64);
+const KERNEL_STACK_START: VirtAddr = const_virt_addr(0xffff_8000_555c_ffff as u64);
+const KERNEL_STACK_END: VirtAddr = const_virt_addr(0xffff_8000_5555_0000 as u64);
 
 /// PHYSICAL_MEMORY_OFFSET is the virtual address at which the mapping of
 /// all physical memory begins. That is, for any valid physical address,

kernel/src/memory/mod.rs

@@ -189,7 +189,7 @@ pub mod vmm;
 
 pub use crate::memory::constants::{
     phys_to_virt_addr, VirtAddrRange, BOOT_INFO, KERNEL_BINARY, KERNEL_HEAP, KERNEL_STACK,
-    NULL_PAGE, PHYSICAL_MEMORY, PHYSICAL_MEMORY_OFFSET, USERSPACE,
+    KERNEL_STACK_GUARD, NULL_PAGE, PHYSICAL_MEMORY, PHYSICAL_MEMORY_OFFSET, USERSPACE,
 };
 
 // PML4 functionality.

kernel/src/memory/vmm/mapping.rs

@@ -3,7 +3,7 @@
 
 use crate::memory::{
     phys_to_virt_addr, VirtAddrRange, BOOT_INFO, KERNEL_BINARY, KERNEL_HEAP, KERNEL_STACK,
-    NULL_PAGE, PHYSICAL_MEMORY, USERSPACE,
+    KERNEL_STACK_GUARD, NULL_PAGE, PHYSICAL_MEMORY, USERSPACE,
 };
 use alloc::vec::Vec;
 use core::fmt;
@@ -154,6 +154,8 @@ pub unsafe fn level_4_table(pml4: &PageTable) -> Vec<Mapping> {
             PagePurpose::KernelHeap
         } else if KERNEL_STACK.contains(&range) {
             PagePurpose::KernelStack
+        } else if KERNEL_STACK_GUARD.contains(&range) {
+            PagePurpose::KernelStackGuard
         } else if PHYSICAL_MEMORY.contains(&range) {
             PagePurpose::AllPhysicalMemory
         } else {
@@ -210,6 +212,7 @@ pub enum PagePurpose {
     KernelStatics,
     KernelBinaryUnknown,
     KernelStack,
+    KernelStackGuard,
     KernelHeap,
     AllPhysicalMemory,
 }
@@ -227,6 +230,7 @@ impl fmt::Display for PagePurpose {
             PagePurpose::KernelStatics => write!(f, " (kernel statics)"),
             PagePurpose::KernelBinaryUnknown => write!(f, " (kernel binary unknown)"),
             PagePurpose::KernelStack => write!(f, " (kernel stack)"),
+            PagePurpose::KernelStackGuard => write!(f, " (kernel stack guard)"),
             PagePurpose::KernelHeap => write!(f, " (kernel heap)"),
             PagePurpose::AllPhysicalMemory => write!(f, " (all physical memory)"),
         }

kernel/src/memory/vmm/mod.rs

@@ -75,7 +75,10 @@ unsafe fn remap_kernel(mapper: &mut OffsetPageTable) {
     for mapping in mappings.iter() {
         match mapping.purpose {
             // Unmap pages we no longer need.
-            PagePurpose::Unknown | PagePurpose::NullPage | PagePurpose::Userspace => {
+            PagePurpose::Unknown
+            | PagePurpose::NullPage
+            | PagePurpose::Userspace
+            | PagePurpose::KernelStackGuard => {
                 mapping.unmap(mapper).expect("failed to unmap page");
             }
             // Global and read-write (kernel stack, heap, data, physical memory).