Thread (12 messages) 12 messages, 9 authors, 2012-09-16

kernel stack memory

From: shubham sharma <hidden>
Date: 2012-09-13 07:25:44 

Hi,

On Thu, Sep 13, 2012 at 12:29 PM, Kshemendra KP
[off-list ref] wrote:
In user space when you write beyond your address space (if your write
crosses
the page boundary alloacted to you), then process is terminated. In the
kernel
you are still writinng inside the kernel address space. Your write is not
beyond
kernel address space.

Secondly you are corrupting some other data structure. The kernel stack is
part
of task_struct of the running process, a kmalloc or slab allocator might
have
provided this memory (task_-struct).  When you write beyond this if the
write modiefies some crucial data structure that may result in hang or a
crash.
I did a quick calculation on this. The number of slab objects
allocated for task_struct in my system are 280 and each size of each
object is 3264

---8<---
root at shubh-VirtualBox:~# cat /proc/slabinfo  | grep task_struct
task_struct          262    280   3264   10    8 : tunables    0    0
  0 : slabdata     28     28      0
---8<---

So if my understanding is correct, in case if i define an array of
more than 280*3264 bytes then it will corrupt the task_struct of at
least one significantly important process or@least the task_struct
of the process for my terminal will get corrupted?




On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma [off-list ref]
wrote:
quoted
Hi,

As far as i know, the size of stack allocated in the kernel space is
8Kb for each process. But in case i use more than 8Kb of memory from
the stack then what will happen? I think that in that case the system
would crash because i am accessing an illegal memory area. I wrote
kernel module in which i defined an integer array whose size was 8000.
But still it did not crash my system. Why?

The module i wrote was as follows:

#include <linux/kernel.h>
#include <linux/module.h>

int __init init_my_module(void)
{
        int arr[8000];
        printk("%s:%d\tmodule initilized\n", __func__, __LINE__);
        arr[1] = 1;
        arr[4000] = 1;
        arr[7999] = 1;
        printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n", __func__,
__LINE__, arr[1], arr[4000], arr[7999]);
        return 0;
}

void __exit cleanup_my_module(void)
{
        printk("exiting\n");
        return;
}

module_init(init_my_module);
module_exit(cleanup_my_module);

MODULE_LICENSE("GPL");

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies at kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help