堆溢出或堆栈溢出时的Linux内核行为 [英] Linux kernel behaviour on heap overrun or stack overflow
问题描述
我试图理解一些重要的OS概念(为简单起见,请坚持使用Linux内核).假设我以 kernel模式 运行此程序,也许将这些行(caseA或caseB而不是两者)添加到某些系统调用的源代码中.
I am trying to understand few important OS concepts (for simplicity, lets stick to Linux Kernel). Assume I run this in kernel mode , perhaps adding these lines (either caseA or caseB not both) into source code of some system call.
# Assume __malloc() here is a simple heap memory manager
void consume_heap_forever(void)
{
for (;;)
(void) __malloc(PAGE_SIZE);
}
情况A:以上内容在循环中消耗了堆.我将首先开始消耗内存,然后一切都会正常.在足够高的消耗之后,会发生什么(崩溃之前)?我知道内核空间在进程地址空间的保留块中.我越过内核使用的堆栈部分时会崩溃吗?还是这会扩展预留空间(并可能消耗整个虚拟内存)?
Case A: The above consumes heap in a loop. I will first start consuming memory and things will go normal. After a high enough consumption, what begins to happen (before a crash) ? I know that kernel space is within reserved chunk in process address space. Will I crash at point when I cross the stack portion the kernel uses? Or will this expand that reservation (and perhaps consume whole of virtual memory)?
# Vanilla Factorial logic
int factorial(int value)
{
if (value == 0)
return 1;
return value * factorial(value-1)
}
案例B:我知道内核为它保留了固定的(很少)堆栈.因此,也许当我给一个足够大的值时,我将用完预定义的堆栈空间.这里发生什么崩溃?我会进入内核的堆部分吗?
Case B: I am aware that the kernel has a fixed (and small) amount of stack reserved for it. So perhaps when I give a value big enough -- I will run out of that predefined stack space. What kind of crash happens here? Will I cross into the heap section of kernel?
推荐答案
在您的示例A中,您的应用程序将永远循环.在某个时候,malloc将无法将页面映射到逻辑地址空间,并且将返回0.
In your example A, your application would loop forever. At some point malloc will be unable to map pages to the logical address space and will return 0.
在示例B中:每个进程都有自己的内核模式堆栈(通常有一个共享的中断堆栈).
In your example B: Each process has its own kernel mode stack (usually, there is one shared interrupt stack).
您最终可能会在堆栈末尾触及保护页面并获得访问冲突.您不会在内核的内存池上运行.
It's likely that you'd eventually hit a guard page at the end of the stack and get an access violation. You're not going to run over the kernel's memory pool.
这篇关于堆溢出或堆栈溢出时的Linux内核行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
