Changes between Version 17 and Version 18 of Dev/KernelHack/COINS/worklog/201111

Timestamp:

Nov 25, 2011 2:51:04 AM (12 years ago)

Author:

mitty

Comment:

--

Dev/KernelHack/COINS/worklog/201111

@@ -3904 +3904 @@
 Nov 24 01:48:53 ubuntu-lucid64 kernel: [ 1509.353971] proc_file_read: Apparent buffer overflow!
 }}}
+
+ == /proc fs with seq_file ==
+ * [http://wiki.bit-hive.com/tomizoo/pg/proc%20fs%20%A4%F2%BB%C8%A4%C3%A4%BF%A5%AB%A1%BC%A5%CD%A5%EB%BE%F0%CA%F3%A4%CE%C9%BD%BC%A8%20%A4%BD%A4%CE2 proc fs を使ったカーネル情報の表示 その2 - とみぞーノート]
+ * [http://pylone.jp/blog/tips_seq_file seq_fileの使い方 - Pylone Blog]
+
+ * 参考
+  * fs/proc/loadavg.c
+   * single_open
+  * fs/proc/devices.c
+   * seq_open
+
+ * s0711489@ubuntu-lucid64:~$ sudo insmod stackmod.ko entry=1000
+ * s0711489@ubuntu-lucid64:~$ sudo mknod /dev/stack c 251 0
+ * s0711489@ubuntu-lucid64:~$ sudo chmod 666 /dev/stack
+ * s0711489@ubuntu-lucid64:~$ dd if=/dev/zero of=/dev/stack
+{{{
+dd: writing to `/dev/stack': No space left on device
+1001+0 records in
+1000+0 records out
+512000 bytes (512 kB) copied, 0.0338233 s, 15.1 MB/s
+}}}
+
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 1000
+stack.data[0].length:    512
+stack.data[1].length:    512
+
+(snip)
+
+stack.data[997].length:    512
+stack.data[998].length:    512
+stack.data[999].length:    512
+}}}
+
+ * s0711489@ubuntu-lucid64:~$ tailf /var/log/kern.log
+{{{
+Nov 24 03:26:17 ubuntu-lucid64 kernel: [ 4468.813821] /proc/stackmod is opened
+}}}
+
+ === no stack, no /proc output ===
+ * s0711489@ubuntu-lucid64:~$ echo hoge > /dev/stack
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 1
+stack.data[0].length:      5
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /dev/stack
+{{{
+hoge
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+}}}
+
+ === debug with gdb ===
+ * s0711489@ubuntu-lucid64:~$ cat /sys/module/stackmod/sections/.text
+{{{
+0xffffffffa0056000
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /sys/module/stackmod/sections/.data
+{{{
+0xffffffffa00568e8
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /sys/module/stackmod/sections/.bss
+{{{
+0xffffffffa0056b30
+}}}
+
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+}}}
+{{{
+(gdb) file vmlinux
+Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/x86_64/vmlinux...(no debugging symbols found)...done.
+(gdb) add-symbol-file ../../04/stackmod/stackmod.o 0xffffffffa0056000 -s .data 0xffffffffa00568e8 -s .bss 0xffffffffa0056b30
+add symbol table from file "../../04/stackmod/stackmod.o" at
+        .text_addr = 0xffffffffa0056000
+        .data_addr = 0xffffffffa00568e8
+        .bss_addr = 0xffffffffa0056b30
+(y or n) y
+Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/04/stackmod/stackmod.o...done.
+(gdb) target remote localhost:8864
+Remote debugging using localhost:8864
+0xffffffff810097a9 in native_safe_halt ()
+    at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/x86_64/arch/x86/include/asm/irqflags.h:49
+49              asm volatile("sti; hlt": : :"memory");
+(gdb) b proc_seq_start
+Breakpoint 1 at 0xffffffffa00560cb: file /home/ugrad/07/s0711489/coursework/KernelHack/04/stackmod/stackmod.c, line 153.
+(gdb) c
+Continuing.
+
+Breakpoint 1, proc_seq_start (m=0xffff880017e3a180, pos=0xffff88001b737e98)
+    at /home/ugrad/07/s0711489/coursework/KernelHack/04/stackmod/stackmod.c:153
+153             if (*pos == 0) {
+(gdb) p *pos
+$1 = 0
+(gdb) n
+154                     seq_printf(m, "stack: %d\n", stack.depth);
+(gdb)
+157             if (*pos < stack.depth) {
+(gdb)
+162     }
+(gdb)
+157             if (*pos < stack.depth) {
+(gdb)
+162     }
+(gdb)
+seq_read (file=0xffff88001b66c240,
+    buf=0xc8a000 <Address 0xc8a000 out of bounds>, size=32768,
+    ppos=0xffff88001b737f48) at fs/seq_file.c:197
+197                     if (!p || IS_ERR(p))
+(gdb) bt
+#0  seq_read (file=0xffff88001b66c240,
+    buf=0xc8a000 <Address 0xc8a000 out of bounds>, size=32768,
+    ppos=0xffff88001b737f48) at fs/seq_file.c:197
+#1  0xffffffff81124b07 in proc_reg_read (file=0xffff88001b66c240,
+    buf=0xc8a000 <Address 0xc8a000 out of bounds>, count=32768,
+    ppos=0xffff88001b737f48) at fs/proc/inode.c:163
+#2  0xffffffff810df784 in vfs_read (file=0xffff88001b66c240,
+    buf=0xc8a000 <Address 0xc8a000 out of bounds>, count=0,
+    pos=0xffff88001b737f48) at fs/read_write.c:310
+#3  0xffffffff810dfa2b in sys_read (fd=<value optimized out>,
+    buf=0xc8a000 <Address 0xc8a000 out of bounds>, count=32768)
+    at fs/read_write.c:400
+#4  0xffffffff810029eb in ?? ()
+#5  0x0000000000000246 in ?? ()
+#6  0x00007fffced80000 in ?? ()
+#7  0x0000000000000000 in ?? ()
+(gdb) c
+Continuing.
+}}}
+
+ === fix it to read /proc correctly ===
+ * s0711489@ubuntu-lucid64:~$ sudo insmod stackmod.ko
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 0
+}}}
+ * s0711489@ubuntu-lucid64:~$ sudo mknod /dev/stack c 251 0
+ * s0711489@ubuntu-lucid64:~$ sudo chmod 666 /dev/stack
+ * s0711489@ubuntu-lucid64:~$ echo hoge > /dev/stack
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 1
+stack.data[0].length:      5
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /dev/stack
+{{{
+hoge
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 0
+}}}
+
+ * s0711489@ubuntu-lucid64:~$ dd if=/dev/zero of=/dev/stack bs=10
+{{{
+dd: writing `/dev/stack': No space left on device
+129+0 records in
+128+0 records out
+1280 bytes (1.3 kB) copied, 0.00669531 s, 191 kB/s
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 128
+stack.data[0].length:     10
+stack.data[1].length:     10
+
+(snip)
+
+stack.data[125].length:     10
+stack.data[126].length:     10
+stack.data[127].length:     10
+}}}
+ * s0711489@ubuntu-lucid64:~$ cat /dev/stack
+ * s0711489@ubuntu-lucid64:~$ cat /proc/stackmod
+{{{
+stack: 0
+}}}