kernel stack memory

shubham sharma shubham20006 at gmail.com
Thu Sep 13 03:25:44 EDT 2012


Hi,

On Thu, Sep 13, 2012 at 12:29 PM, Kshemendra KP
<kshemendra at suphalaam.com> wrote:
>
> In user space when you write beyond your address space (if your write
> crosses
> the page boundary alloacted to you), then process is terminated. In the
> kernel
> you are still writinng inside the kernel address space. Your write is not
> beyond
> kernel address space.
>
> Secondly you are corrupting some other data structure. The kernel stack is
> part
> of task_struct of the running process, a kmalloc or slab allocator might
> have
> provided this memory (task_-struct).  When you write beyond this if the
> write modiefies some crucial data structure that may result in hang or a
> crash.

I did a quick calculation on this. The number of slab objects
allocated for task_struct in my system are 280 and each size of each
object is 3264

---8<---
root at shubh-VirtualBox:~# cat /proc/slabinfo  | grep task_struct
task_struct          262    280   3264   10    8 : tunables    0    0
  0 : slabdata     28     28      0
---8<---

So if my understanding is correct, in case if i define an array of
more than 280*3264 bytes then it will corrupt the task_struct of at
least one significantly important process or at least the task_struct
of the process for my terminal will get corrupted?

>
>
>
>
> On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma <shubham20006 at gmail.com>
> wrote:
>>
>> Hi,
>>
>> As far as i know, the size of stack allocated in the kernel space is
>> 8Kb for each process. But in case i use more than 8Kb of memory from
>> the stack then what will happen? I think that in that case the system
>> would crash because i am accessing an illegal memory area. I wrote
>> kernel module in which i defined an integer array whose size was 8000.
>> But still it did not crash my system. Why?
>>
>> The module i wrote was as follows:
>>
>> #include <linux/kernel.h>
>> #include <linux/module.h>
>>
>> int __init init_my_module(void)
>> {
>>         int arr[8000];
>>         printk("%s:%d\tmodule initilized\n", __func__, __LINE__);
>>         arr[1] = 1;
>>         arr[4000] = 1;
>>         arr[7999] = 1;
>>         printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n", __func__,
>> __LINE__, arr[1], arr[4000], arr[7999]);
>>         return 0;
>> }
>>
>> void __exit cleanup_my_module(void)
>> {
>>         printk("exiting\n");
>>         return;
>> }
>>
>> module_init(init_my_module);
>> module_exit(cleanup_my_module);
>>
>> MODULE_LICENSE("GPL");
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies at kernelnewbies.org
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>



More information about the Kernelnewbies mailing list