Hi all,
Here is a PoC of NULL pointer dereference checking in coreboot x86. It is surprisingly easy to implement.
It uses strange expand down segments, making a data segment from 4KB-4GB (with base 0). It should catch most NULL derefence symbols. Unfortunately we access 0x500 while placing the coreboot tables. The hack in the patch just swaps the ds selector work arounding that.
More advanced method would use paging and PAE, first 4MB with 4KB pages rest with 4MB pages identity mapped. We could even mark other than coreboot RAM range as "missing" allowing more fine grained tests what is where accessed.
Even the segment hack above could be used to check the stack overflows, but I think we will need in IDT instead of interrupt gate a task gate and set there a exception stack, otherwise it will end very badly while CPU is trying to safe stack yet again during the exception.
PS: Qemu does not implement segment limit checking, so just try on real HW. Dont forget to switch off GDB debugging otherwise you wont get human readable exception notice, on the other hand you can try to debug that ;)
Thanks, Rudolf