On Mon, 27 Jan 1997 16:33:23 -0800 (PST) 
 Bill Studenmund <skippy@macro.stanford.edu> wrote:

 > This idea is different from a guard page in that we don't get a
 > screetching halt when we overflow, but would work on processors that would
 > freak if they didn't have a stack (ones that lack fall-back stacks).
 > Hopefully the overflow is small, so that the buffer protects whatever's
 > below it. And hopefully we don't overflow with code which gives the exact
 > flag value as a subroutine parameter.

Ok, so I decided to take a look at the original 4.4BSD STACKCHECK
code in the hp300 port (long since gone from NetBSD :-).  The comment
at the top of locore.s:

/*    
 * STACKCHECK enables two types of kernel stack checking:
 *      1. stack "overflow".  On every clock interrupt we ensure that 
 *         the current kernel stack has not grown into the user struct
 *         page, i.e. size exceeded UPAGES-1 pages. 
 *      2. stack "underflow".  Before every rte to user mode we ensure
 *         that we will be exactly at the base of the stack after the
 *         exception frame has been popped.
 * Both checks are performed at splclock since they operate on the
 * global temporary stack.
 */   

This checking was turned off by default, since it can be kind of
expensive (and since clock interrupts happen 100 times a second,
you want it to be as inexpensive as possible, especially on
something like an hp320 :-)

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939