i don't know why you want to corrupt kernel stack by using this method, stack
usually grow from high address to low address, if you allocate a buff in a
function then use memset(), it is writing data from low address to high
address.in your implementation, you allocate an array with 8000*4=32000 bytes (
int arr[8000]; ), then you try to corrupt stack by using memset(), which
operate memory by bytes, rather than by int. so this memset() only corrupt the
first 8192 bytes of the buffer, which is far away from your current task stack.
thread_info locates at the bottom of current task's stack, please
reference the source code of current_thread_info() function of your platform. i
think it is true for X86 or ARM. if you really want to corrupt current
kernel task's stack, please try below code, i did't test it but i think it
should work, at least you can find something from the log: char *sp_addr;
struct thread_info *thread = current_thread_info(); sp_addr = (char*)thread;
printk("sp_addr==thread:%p, task:%p\n", thread, thread->task);
memset (sp_addr, 0x0, 1024);
printk("after corrupt, task:%p, it is dying...\n", thread->task);
> Date: Thu, 13 Sep 2012 15:32:05 +0530
> Subject: Re: kernel stack memory
> From: [email protected]
> To: [email protected]
> CC: [email protected]; [email protected]
>
> Hi,
>
> On Thu, Sep 13, 2012 at 1:59 PM, Arun KS <[email protected]> wrote:
> > Hello Shubham,
> >
> > On Thu, Sep 13, 2012 at 12:15 PM, shubham sharma <[email protected]>
> > wrote:
> >>
> >> Hi,
> >>
> >> As far as i know, the size of stack allocated in the kernel space is
> >> 8Kb for each process. But in case i use more than 8Kb of memory from
> >> the stack then what will happen? I think that in that case the system
> >> would crash because i am accessing an illegal memory area. I wrote
> >> kernel module in which i defined an integer array whose size was 8000.
> >> But still it did not crash my system. Why?
> >>
> >> The module i wrote was as follows:
> >>
> >> #include <linux/kernel.h>
> >> #include <linux/module.h>
> >>
> >> int __init init_my_module(void)
> >> {
> >> int arr[8000];
> >> printk("%s:%d\tmodule initilized\n", __func__, __LINE__);
> >> arr[1] = 1;
> >> arr[4000] = 1;
> >> arr[7999] = 1;
> >
> > Instead do a memset.
> > memset(arr, 0, 8192);
> >
> > If you do this the current calling process thread_info will be set to zero.
> > This should cause a crash.
>
> I tried and this is also not causing any crash.
>
> Thanks,
> Adil
> >
> > Thanks,
> > Arun
> >
> >
> >>
> >> printk("%s:%d\tarr[1]:%d, arr[4000]:%d, arr[7999]:%d\n", __func__,
> >> __LINE__, arr[1], arr[4000], arr[7999]);
> >> return 0;
> >> }
> >>
> >> void __exit cleanup_my_module(void)
> >> {
> >> printk("exiting\n");
> >> return;
> >> }
> >>
> >> module_init(init_my_module);
> >> module_exit(cleanup_my_module);
> >>
> >> MODULE_LICENSE("GPL");
> >>
> >> _______________________________________________
> >> Kernelnewbies mailing list
> >> [email protected]
> >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> >
> >
> >
> > _______________________________________________
> > Kernelnewbies mailing list
> > [email protected]
> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> >
>
> _______________________________________________
> Kernelnewbies mailing list
> [email protected]
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________
Kernelnewbies mailing list
[email protected]
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
