<div> </div>
<div>Not sure for all the tasks slab is created initailly with contiguous memory. Slab cache</div>
<div>is shrinked when the system is low on memory. </div>
<div> </div>
<div>If the memory is contiguous wriring few bytes after the kernel stack may corrupt a task_struct</div>
<div>of other task and it may for eg. corrupt the linked list element resuling in a crash. If it is not</div>
<div>contiguous, then it may corrupt some other data. If the data is crucial like link or based on </div>
<div>the value some decision is taken then it will crash. If some statistics field is overwritten</div>
<div>it may not impact the system stability. </div>
<div> </div>
<div> </div>
<div> </div>
<div><br> </div>
<div class="gmail_quote">On Thu, Sep 13, 2012 at 12:42 PM, shubham sharma <span dir="ltr"><<a href="mailto:shubham20006@gmail.com" target="_blank">shubham20006@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">Hi,<br>
<div><br>On Thu, Sep 13, 2012 at 12:29 PM, Kshemendra KP<br><<a href="mailto:kshemendra@suphalaam.com" target="_blank">kshemendra@suphalaam.com</a>> wrote:<br>><br>> In user space when you write beyond your address space (if your write<br>
> crosses<br>> the page boundary alloacted to you), then process is terminated. In the<br>> kernel<br>> you are still writinng inside the kernel address space. Your write is not<br>> beyond<br>> kernel address space.<br>
><br>> Secondly you are corrupting some other data structure. The kernel stack is<br>> part<br>> of task_struct of the running process, a kmalloc or slab allocator might<br>> have<br>> provided this memory (task_-struct). When you write beyond this if the<br>
> write modiefies some crucial data structure that may result in hang or a<br>> crash.<br><br></div>I did a quick calculation on this. The number of slab objects<br>allocated for task_struct in my system are 280 and each size of each<br>
object is 3264<br><br>---8<---<br>root@shubh-VirtualBox:~# cat /proc/slabinfo | grep task_struct<br>task_struct 262 280 3264 10 8 : tunables 0 0<br> 0 : slabdata 28 28 0<br>---8<---<br>
<br>So if my understanding is correct, in case if i define an array of<br>more than 280*3264 bytes then it will corrupt the task_struct of at<br>least one significantly important process or at least the task_struct<br>of the process for my terminal will get corrupted?<br>
<div>
<div><br>><br>><br>><br>><br>> On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma <<a href="mailto:shubham20006@gmail.com" target="_blank">shubham20006@gmail.com</a>><br>> wrote:<br>>><br>>> Hi,<br>
>><br>>> As far as i know, the size of stack allocated in the kernel space is<br>>> 8Kb for each process. But in case i use more than 8Kb of memory from<br>>> the stack then what will happen? I think that in that case the system<br>
>> would crash because i am accessing an illegal memory area. I wrote<br>>> kernel module in which i defined an integer array whose size was 8000.<br>>> But still it did not crash my system. Why?<br>>><br>
>> The module i wrote was as follows:<br>>><br>>> #include <linux/kernel.h><br>>> #include <linux/module.h><br>>><br>>> int __init init_my_module(void)<br>>> {<br>>> int arr[8000];<br>
>> printk("%s:%d\tmodule initilized\n", __func__, __LINE__);<br>>> arr[1] = 1;<br>>> arr[4000] = 1;<br>>> arr[7999] = 1;<br>>> printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n", __func__,<br>
>> __LINE__, arr[1], arr[4000], arr[7999]);<br>>> return 0;<br>>> }<br>>><br>>> void __exit cleanup_my_module(void)<br>>> {<br>>> printk("exiting\n");<br>
>> return;<br>>> }<br>>><br>>> module_init(init_my_module);<br>>> module_exit(cleanup_my_module);<br>>><br>>> MODULE_LICENSE("GPL");<br>>><br>>> _______________________________________________<br>
>> Kernelnewbies mailing list<br>>> <a href="mailto:Kernelnewbies@kernelnewbies.org" target="_blank">Kernelnewbies@kernelnewbies.org</a><br>>> <a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
><br>><br></div></div></blockquote></div><br>