kernel stack memory

Kshemendra KP kshemendra at suphalaam.com
Thu Sep 13 03:30:00 EDT 2012 

Not sure for all the tasks slab is created initailly with contiguous
memory. Slab cache
is shrinked when the system is low on memory.

If the memory is contiguous wriring few bytes after the kernel stack may
corrupt a task_struct
of other task and  it may for eg. corrupt the linked list element resuling
in a crash. If it is not
contiguous, then it may corrupt some other data. If the data is crucial
like link or based on
the value some decision is taken then it will crash.  If some statistics
field is overwritten
it may not impact the system stability.





On Thu, Sep 13, 2012 at 12:42 PM, shubham sharma <shubham20006 at gmail.com>wrote:

> Hi,
>
> On Thu, Sep 13, 2012 at 12:29 PM, Kshemendra KP
> <kshemendra at suphalaam.com> wrote:
> >
> > In user space when you write beyond your address space (if your write
> > crosses
> > the page boundary alloacted to you), then process is terminated. In the
> > kernel
> > you are still writinng inside the kernel address space. Your write is not
> > beyond
> > kernel address space.
> >
> > Secondly you are corrupting some other data structure. The kernel stack
> is
> > part
> > of task_struct of the running process, a kmalloc or slab allocator might
> > have
> > provided this memory (task_-struct).  When you write beyond this if the
> > write modiefies some crucial data structure that may result in hang or a
> > crash.
>
> I did a quick calculation on this. The number of slab objects
> allocated for task_struct in my system are 280 and each size of each
> object is 3264
>
> ---8<---
> root at shubh-VirtualBox:~# cat /proc/slabinfo  | grep task_struct
> task_struct          262    280   3264   10    8 : tunables    0    0
>   0 : slabdata     28     28      0
> ---8<---
>
> So if my understanding is correct, in case if i define an array of
> more than 280*3264 bytes then it will corrupt the task_struct of at
> least one significantly important process or at least the task_struct
> of the process for my terminal will get corrupted?
>
> >
> >
> >
> >
> > On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma <shubham20006 at gmail.com
> >
> > wrote:
> >>
> >> Hi,
> >>
> >> As far as i know, the size of stack allocated in the kernel space is
> >> 8Kb for each process. But in case i use more than 8Kb of memory from
> >> the stack then what will happen? I think that in that case the system
> >> would crash because i am accessing an illegal memory area. I wrote
> >> kernel module in which i defined an integer array whose size was 8000.
> >> But still it did not crash my system. Why?
> >>
> >> The module i wrote was as follows:
> >>
> >> #include <linux/kernel.h>
> >> #include <linux/module.h>
> >>
> >> int __init init_my_module(void)
> >> {
> >>         int arr[8000];
> >>         printk("%s:%d\tmodule initilized\n", __func__, __LINE__);
> >>         arr[1] = 1;
> >>         arr[4000] = 1;
> >>         arr[7999] = 1;
> >>         printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n",
> __func__,
> >> __LINE__, arr[1], arr[4000], arr[7999]);
> >>         return 0;
> >> }
> >>
> >> void __exit cleanup_my_module(void)
> >> {
> >>         printk("exiting\n");
> >>         return;
> >> }
> >>
> >> module_init(init_my_module);
> >> module_exit(cleanup_my_module);
> >>
> >> MODULE_LICENSE("GPL");
> >>
> >> _______________________________________________
> >> Kernelnewbies mailing list
> >> Kernelnewbies at kernelnewbies.org
> >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120913/9981e17f/attachment.html

More information about the Kernelnewbies mailing list