> What I mean to say is that i386/machdep.c::sendsig() uses this logic to
> send a signal to the precess when a bad stack is detected.

not just a "bad stack", and *IMPOSSIBLE* stack.  read the code:

> sendsig(...)
>         [...]
> 	if (useracc((caddr_t)fp, sizeof (struct sigframe), B_WRITE) == 0) {
> 		/*
> 		 * Process has trashed its stack; give it an illegal
> 		 * instruction to halt it in its tracks.
> 		 */
> 		SIGACTION(p, SIGILL) = SIG_DFL;
> 		sig = sigmask(SIGILL);
> 		p->p_sigignore &= ~sig;
> 		p->p_sigcatch &= ~sig;
> 		p->p_sigmask &= ~sig;
> 		psignal(p, SIGILL);
> 		return;
> 	}

"If i can't write to the stack, to put anything on it, then (do
something evil)."

In this case, it has no *choice* about what to do.  It's like
(for a CPU) running over then end of the writable area of your stack:
how can you deliver the page fault if you can't put it on the stack?
(So the CPU resets.)




chris

------------------------------------------------------------------------------