Hi,
On Thu, Sep 13, 2012 at 12:29 PM, Kshemendra KP
<kshemendra@xxxxxxxxxxxxx> wrote:
>
> In user space when you write beyond your address space (if your write
> crosses
> the page boundary alloacted to you), then process is terminated. In the
> kernel
> you are still writinng inside the kernel address space. Your write is not
> beyond
> kernel address space.
>
> Secondly you are corrupting some other data structure. The kernel stack is
> part
> of task_struct of the running process, a kmalloc or slab allocator might
> have
> provided this memory (task_-struct). When you write beyond this if the
> write modiefies some crucial data structure that may result in hang or a
> crash.
I did a quick calculation on this. The number of slab objects
allocated for task_struct in my system are 280 and each size of each
object is 3264
---8<---
root@shubh-VirtualBox:~# cat /proc/slabinfo | grep task_struct
task_struct 262 280 3264 10 8 : tunables 0 0
0 : slabdata 28 28 0
---8<---
So if my understanding is correct, in case if i define an array of
more than 280*3264 bytes then it will corrupt the task_struct of at
least one significantly important process or at least the task_struct
of the process for my terminal will get corrupted?
>
>
>
>
> On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma <shubham20006@xxxxxxxxx>
> wrote:
>>
>> Hi,
>>
>> As far as i know, the size of stack allocated in the kernel space is
>> 8Kb for each process. But in case i use more than 8Kb of memory from
>> the stack then what will happen? I think that in that case the system
>> would crash because i am accessing an illegal memory area. I wrote
>> kernel module in which i defined an integer array whose size was 8000.
>> But still it did not crash my system. Why?
>>
>> The module i wrote was as follows:
>>
>> #include <linux/kernel.h>
>> #include <linux/module.h>
>>
>> int __init init_my_module(void)
>> {
>> int arr[8000];
>> printk("%s:%d\tmodule initilized\n", __func__, __LINE__);
>> arr[1] = 1;
>> arr[4000] = 1;
>> arr[7999] = 1;
>> printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n", __func__,
>> __LINE__, arr[1], arr[4000], arr[7999]);
>> return 0;
>> }
>>
>> void __exit cleanup_my_module(void)
>> {
>> printk("exiting\n");
>> return;
>> }
>>
>> module_init(init_my_module);
>> module_exit(cleanup_my_module);
>>
>> MODULE_LICENSE("GPL");
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies@xxxxxxxxxxxxxxxxx
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
