[[PageOutline]] = 11/02 = == informative system calls == * kernel/sys.c * sethostname, gethostname * about copy_to_user/copy_from_user * kernel/hrtimer.c * nanosleep * about timespec * kernel/posix-timers.c * clock_gettime * about timespec * kernel/module.c * delete_module * about strncpy_from_user * kernel/printk.c * about !__LOG_BUF_LEN/access_ok == testing new_debug syscall == * windell57:i386 s0711489$ make -j2 {{{ Kernel: arch/x86/boot/bzImage is ready (#3) }}} * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * s0711489@ubuntu-lucid:~$ sudo reboot * s0711489@ubuntu-lucid:~$ cat > new_debug-sys.c * s0711489@ubuntu-lucid:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c * s0711489@ubuntu-lucid:~$ ./a.out {{{ new_debug() }}} * s0711489@ubuntu-lucid:~$ dmesg | tail -n 2 {{{ [ 6.833440] dhclient3 used greatest stack depth: 5560 bytes left [ 579.378377] new_debug() }}} * s0711489@ubuntu-lucid:~$ ./a.out hoge fuga piyo {{{ [-570566464.-1216585740] hoge [0.000000000] fuga [0.000000000] piyo }}} * s0711489@ubuntu-lucid:~$ dmesg | tail -n 5 {{{ [ 6.833440] dhclient3 used greatest stack depth: 5560 bytes left [ 579.378377] new_debug() [ 596.785236] hoge [ 596.785274] fuga [ 596.785282] piyo }}} == maybe useful == * http://hira-consulting.com/wiki/index.php?linux2.6%2Farch%2Fi386%2Flib%2Fusercopy.c * http://hira-consulting.com/wiki/?linux2.6%2Finclude%2Flinux%2Ferr.h * IS_ERR_OR_NULL * !__LOG_BUF_LEN * https://www.codeblog.org/blog/gniibe/20060323.html * [https://www.codeblog.org/blog/gniibe/20060327.html#p02 get_user/put_user, set_fs のまとめ] * http://www.ibm.com/developerworks/jp/linux/library/l-system-calls/ の「copy_to_user」の定義が変 {{{ unsigned long copy_from_user( void *to, const void __user *from, unsigned long n ); unsigned long copy_to_user( void *to, const void __user *from, unsigned long n ); }}} * 以下が正しい {{{ unsigned long copy_from_user( void *to, const void __user *from, unsigned long n ); unsigned long copy_to_user( void __user *to, const void *from, unsigned long n ); }}} = 11/04 = * define as '''static''' char !__log_buf[!__LOG_BUF_LEN] in printk.c * sys_clock_gettime uses copy_to_user in its code = 11/08 = * new_debug() が正常に動作したりしなかったりする * 結論 -> staticで確保していなかったのが良くない == char message[!__LOG_BUF_LEN]; == * windell46:i386 s0711489$ ./build {{{ press enter key to make with i386 kernel Kernel: arch/x86/boot/bzImage is ready (#6) }}} * windell46:i386 s0711489$ make modules * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * s0711489@ubuntu-lucid:~$ sudo reboot {{{ Linux ubuntu-lucid 2.6.35.14 #6 SMP Tue Nov 8 17:26:43 JST 2011 i686 GNU/Linux }}} * windell46:~ s0711489$ scp -r .subversion/ 172.16.237.130:~ * s0711489@ubuntu-lucid:~$ svn co https://XXXXXXXXXXXX/trunk/coursework/KernelHack/03/ {{{ Checked out revision 1387. }}} * s0711489@ubuntu-lucid:~/03$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ new_debug with argv[i]: Bad address }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 {{{ new_debug with argv[i]: Bad address new_debug with argv[i]: Bad address }}} === gdb === * viola06:i386 s0711489$ gdb {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 {{{ Breakpoint 1, sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 (gdb) 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 15 errno = -EFAULT; 16 goto out; 17 } 18 19 if (message == NULL) { 20 errno = -EINVAL; 21 goto out; 22 } 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 24 errno = -EFAULT; 25 goto out; 26 } 27 message[sizeof(message) - 1] = '\0'; 28 29 printk(KERN_DEBUG "%s\n", message); 30 31 if (tp_user != NULL) { 32 sys_clock_gettime(CLOCK_REALTIME, &ts); 33 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 34 errno = -EFAULT; 35 goto out; 36 } 37 } 38 39 errno = 0; 40 41 out: 42 return errno; 43 } (gdb) Line number 44 out of range; arch/x86/kernel/new_debug.c has 43 lines. (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 41 out: (gdb) 43 } (gdb) p errno $1 = -14 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:43 0xc100288c in ?? () Value returned is $2 = -14 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 41 out: (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:41 0xc100288c in ?? () Value returned is $3 = -14 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 {{{ new_debug with argv[i]: Bad address new_debug with argv[i]: Bad address }}} * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 (gdb) 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 15 errno = -EFAULT; 16 goto out; 17 } 18 19 if (message == NULL) { 20 errno = -EINVAL; 21 goto out; 22 } 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 24 errno = -EFAULT; 25 goto out; 26 } 27 message[sizeof(message) - 1] = '\0'; 28 29 printk(KERN_DEBUG "%s\n", message); 30 31 if (tp_user != NULL) { 32 sys_clock_gettime(CLOCK_REALTIME, &ts); 33 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) l 109 * If @count is smaller than the length of the string, copies @count bytes 110 * and returns @count. 111 */ 112 long 113 strncpy_from_user(char *dst, const char __user *src, long count) 114 { 115 long res = -EFAULT; 116 if (access_ok(VERIFY_READ, src, 1)) 117 __do_strncpy_from_user(dst, src, count, res); 118 return res; (gdb) 119 } 120 EXPORT_SYMBOL(strncpy_from_user); 121 122 /* 123 * Zero Userspace 124 */ 125 126 #define __do_clear_user(addr,size) \ 127 do { \ 128 int __d0; \ (gdb) 129 might_fault(); \ 130 __asm__ __volatile__( \ 131 "0: rep; stosl\n" \ 132 " movl %2,%0\n" \ 133 "1: rep; stosb\n" \ 134 "2:\n" \ 135 ".section .fixup,\"ax\"\n" \ 136 "3: lea 0(%2,%0,4),%0\n" \ 137 " jmp 2b\n" \ 138 ".previous\n" \ (gdb) 139 _ASM_EXTABLE(0b,3b) \ 140 _ASM_EXTABLE(1b,2b) \ 141 : "=&c"(size), "=&D" (__d0) \ 142 : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \ 143 } while (0) 144 145 /** 146 * clear_user: - Zero a block of memory in user space. 147 * @to: Destination address, in user space. 148 * @n: Number of bytes to zero. (gdb) s 116 if (access_ok(VERIFY_READ, src, 1)) (gdb) 119 } (gdb) p src $1 = 0x8048646 "new_debug()" (gdb) p dst $2 = 0xdf275f9c "" (gdb) p count $3 = 262143 (gdb) p res $4 = -14 (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:119 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $5 = -14 (gdb) s 41 out: (gdb) 43 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:43 0xc100288c in ?? () Value returned is $6 = -14 (gdb) s Cannot find bounds of current function (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ new_debug with argv[i]: Bad address }}} * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user ( dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) 116 if (access_ok(VERIFY_READ, src, 1)) (gdb) 119 } (gdb) finish Run till exit from #0 strncpy_from_user ( dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:119 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $1 = -14 (gdb) Run till exit from #0 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 0xc100288c in ?? () Value returned is $2 = -14 (gdb) Run till exit from #0 0xc100288c in ?? () }}} * gdbでステップ実行していると、finishで関数から抜けようとした際に、以下のようにkernel panicを起こすことが多々あった[[br]][[Image(WS002510.png,33%)]][[Image(WS002511.png,33%)]] * まれにうまく動作した場合、message[]はstaticでは無いのに前のデータが残っていることがある模様 * guest {{{ s0711489@ubuntu-lucid:~/03$ ./a.out new_debug() s0711489@ubuntu-lucid:~/03$ ./a.out }}} * gdb {{{ Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 }}} * [[Image(WS002512.png,33%)]] == len = strnlen_user == * vim arch/x86/kernel/new_debug.c {{{#!diff Index: arch/x86/kernel/new_debug.c =================================================================== --- arch/x86/kernel/new_debug.c (リビジョン 1381) +++ arch/x86/kernel/new_debug.c (作業コピー) @@ -10,16 +10,22 @@ int errno; char message[__LOG_BUF_LEN]; struct timespec ts; + long len = 0; if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { errno = -EFAULT; goto out; } - if (message == NULL) { + if (message_user == NULL) { errno = -EINVAL; goto out; } + len = strnlen_user(message_user, __LOG_BUF_LEN); + if (len == 0 || len > __LOG_BUF_LEN) { + errno = -EINVAL; + goto out; + } if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { errno = -EFAULT; goto out; }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#7) }}} * s0711489@ubuntu-lucid:~$ sudo reboot * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ new_debug with argv[i]: Invalid argument }}} * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) 197 unsigned long mask = -__addr_ok(s); (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:197 Program received signal SIGINT, Interrupt. 0xc1332240 in __ticket_spin_lock () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/spinlock.h:65 65 asm volatile ( (gdb) detach Ending remote debugging. }}} * [[Image(WS002515.png,33%)]] == !__LOG_BUF_LEN 1024 == * vim arch/x86/kernel/new_debug.c {{{#!diff Index: arch/x86/kernel/new_debug.c =================================================================== --- arch/x86/kernel/new_debug.c (リビジョン 1388) +++ arch/x86/kernel/new_debug.c (作業コピー) @@ -4,7 +4,7 @@ #include /* from kernel/printk.c */ -#define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) +#define __LOG_BUF_LEN 1024 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { int errno; }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#8) }}} * windell46:i386 s0711489$ make modules * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * gdb {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d8a0: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 sys_clock_gettime(CLOCK_REALTIME, &ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) 197 unsigned long mask = -__addr_ok(s); (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:197 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 12 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) p message $2 = '\000' , "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w\004\000\000\200\242\v\371F\000\000\000\002\000\000\000\230"... (gdb) p message_user $3 = 0x8048646 "new_debug()" (gdb) s strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8f1 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $4 = 11 (gdb) p message_user $5 = 0x8048646 "new_debug()" (gdb) p message $6 = "new_debug()", '\000' , "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w"... (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) n 37 if (tp_user != NULL) { (gdb) s 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $7 = 0 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ new_debug() }}} * 期待通りの挙動を示した == static char message [] == * vim arch/x86/kernel/new_debug.c {{{#!diff Index: arch/x86/kernel/new_debug.c =================================================================== --- arch/x86/kernel/new_debug.c (リビジョン 1388) +++ arch/x86/kernel/new_debug.c (作業コピー) @@ -8,7 +8,7 @@ SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { int errno; - char message[__LOG_BUF_LEN]; + static char message[__LOG_BUF_LEN]; struct timespec ts; long len = 0; }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#9) }}} * windell46:i386 s0711489$ make modules * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * gdb {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 sys_clock_gettime(CLOCK_REALTIME, &ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 2 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $2 = 1 (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) p message $3 = "1\000ga\000ebug()", '\000' (gdb) n 37 if (tp_user != NULL) { (gdb) s 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) p ts $4 = {tv_sec = -598564864, tv_nsec = -1217056780} (gdb) n 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) p ts $5 = {tv_sec = -598564864, tv_nsec = -1217056780} (gdb) n 49 } (gdb) p ts_user No symbol "ts_user" in current context. (gdb) p tp_ tp_event tp_perf_event_destroy tp_probes tp_user (gdb) p tp_user $6 = (struct timespec *) 0xbf8af014 (gdb) p errno $7 = 0 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $8 = 0 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b099e "2", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b09a0 "3", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e99c "1", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) n 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) p tp_user $9 = (struct timespec *) 0xbfc1d654 (gdb) p ts $10 = {tv_sec = 0, tv_nsec = 0} (gdb) n 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $11 = 0 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e9a0 "3", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out hoge fuga {{{ [-598562624.-1216589836] hoge [0.000000000] fuga }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 {{{ [-598564864.-1217056780] 1 [0.000000000] 2 [0.000000000] 3 }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 {{{ [-598564864.-1215885324] 1 [0.000000000] 2 [0.000000000] 3 }}} * こちらも問題無く動作した == very long argument == * gdb {{{ (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfcf7619 '0' , "1", '0' , "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) p message $12 = '\000' (gdb) p message_user $13 = 0xbfcf7619 '0' , "1", '0' , "200"... (gdb) p tp_user $14 = (struct timespec *) 0xbfcf62d4 (gdb) s 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) p len $15 = (gdb) n 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' , "1", '0' , "200"..., count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' , "1", '0' , "200"..., count=262143) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfcf7619 '0' , "1", '0' , "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $16 = 5000 (gdb) p message $17 = '0' , "1", '0' , "2", '0' , "3", '0' , "4", '0' , "5", '0' , "6", '0' , "7", '0' , "8", '0' , "9", '0' , "1", '0' , "11", '0' , "12", '0' , "13", '0' , "14", '0' , "15", '0' , "16", '0' , "17", '0' ... (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) n 33 message[sizeof(message) - 1] = '\0'; (gdb) p sizeof(message) $18 = 262144 (gdb) n 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) p ts $19 = {tv_sec = -598614528, tv_nsec = -1216688140} (gdb) n 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfcf7619 '0' , "1", '0' , "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $20 = 0 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000 {{{ [-598614528.-1216688140] 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000 }}} * s0711489@ubuntu-lucid:~/03$ dmesg | tail -n 2 {{{ [ 6.197442] vmblock: version magic '2.6.32-33-generic SMP mod_unload modversions 586 ' should be '2.6.35.14 SMP mod_unload 686 ' [ 276.962399] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000 }}} * printk() {{{ Breakpoint 1, sys_new_debug (message_user=0xbfee1619 '0' , "1", '0' , "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) s 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 614 va_start(args, fmt); (gdb) finish Run till exit from #0 printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 sys_new_debug (message_user=0xbfee1619 '0' , "1", '0' , "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:37 37 if (tp_user != NULL) { Value returned is $21 = 1041 (gdb) Run till exit from #0 sys_new_debug (message_user=0xbfee1619 '0' , "1", '0' , "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:37 0xc100288c in ?? () Value returned is $22 = 0 (gdb) c Continuing. }}} == shorten message[] == * printk()は1020文字程度しか出力してくれない(Ubuntu 10.04 i386)ので、バッファイサイズをずっと短くする * vim arch/x86/kernel/new_debug.c {{{#!diff Index: arch/x86/kernel/new_debug.c =================================================================== --- arch/x86/kernel/new_debug.c (リビジョン 1389) +++ arch/x86/kernel/new_debug.c (作業コピー) @@ -4,7 +4,7 @@ #include /* from kernel/printk.c */ -#define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) +#define __LOG_BUF_LEN 1024 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { int errno; }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#11) }}} * windell46:i386 s0711489$ make modules * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * s0711489@ubuntu-lucid:~/03$ ./a.out {{{ new_debug() }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4 {{{ [-572681344.-1217335308] 1 [0.000000000] 2 [0.000000000] 3 [0.000000000] 4 }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345 {{{ [-572680448.-1215909900] 1 [0.000000000] 2 [0.000000000] 3 [0.000000000] 4 [0.000000000] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 new_debug with argv[i]: Invalid argument new_debug with argv[i]: Invalid argument }}} * gdb {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. b sys_new_debug (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa735b9 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa735b9 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa735b9 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa735b9 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 1001 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa739a2 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa739a2 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa739a2 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa739a2 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $2 = 1021 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 '0' ..., src=0xbfa739a2 '0' ..., count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 '0' ..., src=0xbfa739a2 '0' ..., count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfa739a2 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $3 = 1020 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa73d9f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa73d9f '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa73d9f '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa73d9f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $4 = 1024 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 '0' ..., src=0xbfa73d9f '0' ..., count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 '0' ..., src=0xbfa73d9f '0' ..., count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfa73d9f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $5 = 1023 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa7419f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa7419f '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa7419f '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa7419f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $6 = 1025 (gdb) s 49 } (gdb) l 25 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) p errno $7 = -22 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfa7419f '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $8 = -22 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa745a0 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa745a0 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa745a0 '0' ..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa745a0 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $9 = 1025 (gdb) s 49 } (gdb) p errno $10 = -22 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfa745a0 '0' ..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $11 = -22 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~/03$ ./a.out 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345 {{{ [-593455808.-1216405516] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 new_debug with argv[i]: Invalid argument new_debug with argv[i]: Invalid argument }}} = 11/09 = == change sys_clock_gettime to getnstimeofday == * http://hira-consulting.com/wiki/index.php?getnstimeofday%28%29%2Flinux2.6 * vim arch/x86/kernel/new_debug.c {{{#!diff Index: arch/x86/kernel/new_debug.c =================================================================== --- arch/x86/kernel/new_debug.c (リビジョン 1390) +++ arch/x86/kernel/new_debug.c (作業コピー) @@ -35,7 +35,7 @@ printk(KERN_DEBUG "%s\n", message); if (tp_user != NULL) { - sys_clock_gettime(CLOCK_REALTIME, &ts); + getnstimeofday(&ts); if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { errno = -EFAULT; goto out; }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#12) }}} * s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh * gdb {{{ (gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 getnstimeofday(&ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 12 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $2 = 11 (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 614 va_start(args, fmt); (gdb) finish Run till exit from #0 printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:37 37 if (tp_user != NULL) { Value returned is $3 = 33 (gdb) s 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $4 = 0 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~$ ./a.out {{{ new_debug() }}} * gdb {{{ Breakpoint 1, sys_new_debug (message_user=0xbfb1b9b9 "1", tp_user=0xbfb1b324) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) p message $5 = "new_debug()", '\000' (gdb) p message_user $6 = 0xbfb1b9b9 "1" (gdb) p tp_user $7 = (struct timespec *) 0xbfb1b324 (gdb) p ts $8 = {tv_sec = -570499584, tv_nsec = -1216356364} (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) 38 getnstimeofday(&ts); (gdb) 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) p ts $9 = {tv_sec = 1320815780, tv_nsec = 601392214} (gdb) p tp_user $10 = (struct timespec *) 0xbfb1b324 (gdb) n 49 } (gdb) p tp_user $11 = (struct timespec *) 0xbfb1b324 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfb1b9b9 "1", tp_user=0xbfb1b324) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $12 = 0 (gdb) c Continuing. }}} * s0711489@ubuntu-lucid:~$ ./a.out 1 {{{ [1320815780.601392214] 1 }}} * s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4 {{{ [1320815837.554212464] 1 [1320815837.554367435] 2 [1320815837.554373628] 3 [1320815837.554378429] 4 }}} * s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4 {{{ [1320815846.036561542] 1 [1320815846.036726240] 2 [1320815846.036732514] 3 [1320815846.036737329] 4 }}} * s0711489@ubuntu-lucid:~$ tail /var/log/debug {{{ Nov 9 14:14:21 ubuntu-lucid kernel: [ 187.486803] new_debug() Nov 9 14:16:38 ubuntu-lucid kernel: [ 364.616724] 1 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607587] 1 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607744] 2 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607750] 3 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607755] 4 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.089936] 1 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090102] 2 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090109] 3 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090114] 4 }}} == fix macro for new_debug == * vim arch/x86/include/asm/new_debug.h {{{#!diff Index: arch/x86/include/asm/new_debug.h =================================================================== --- arch/x86/include/asm/new_debug.h (リビジョン 1381) +++ arch/x86/include/asm/new_debug.h (作業コピー) @@ -2,6 +2,6 @@ #define _ASM_X86_NEW_DEBUG_H #include -#define new_debug(x) syscall(__NR_new_debug, x) +#define new_debug(x,y) syscall(__NR_new_debug, x, y) #endif /* _ASM_X86_NEW_DEBUG_H */ }}} * windell46:i386 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#12) }}} == add new_debug to x86_64 == * vim arch/x86/include/asm/unistd_64.h {{{#!diff Index: arch/x86/include/asm/unistd_64.h =================================================================== --- arch/x86/include/asm/unistd_64.h (リビジョン 1397) +++ arch/x86/include/asm/unistd_64.h (作業コピー) @@ -665,6 +665,8 @@ __SYSCALL(__NR_recvmmsg, sys_recvmmsg) #define __NR_new_hello 300 __SYSCALL(__NR_new_hello, sys_new_hello) +#define __NR_new_debug 301 +__SYSCALL(__NR_new_debug, sys_new_debug) #ifndef __NO_STUBS #define __ARCH_WANT_OLD_READDIR }}} * viola06:x86_64 s0711489$ ./build {{{ Kernel: arch/x86/boot/bzImage is ready (#5) }}} * s0711489@ubuntu-lucid64:~$ sudo /mnt/hgfs/tools/install.sh * s0711489@ubuntu-lucid64:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ 03/new_debug-sys.c * s0711489@ubuntu-lucid64:~$ ./a.out {{{ new_debug() }}} * s0711489@ubuntu-lucid64:~$ ./a.out 1 2 3 4 5 6 7 8 {{{ [1320819346.718424802] 1 [1320819346.718761534] 2 [1320819346.718767685] 3 [1320819346.718772404] 4 [1320819346.718776934] 5 [1320819346.718781608] 6 [1320819346.718786123] 7 [1320819346.718790631] 8 }}} * s0711489@ubuntu-lucid64:~$ tail /var/log/kern.log {{{ Nov 9 15:15:24 ubuntu-lucid64 kernel: [ 27.316107] cc1 used greatest stack depth: 4368 bytes left Nov 9 15:15:36 ubuntu-lucid64 kernel: [ 39.137213] new_debug() Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629638] 1 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629978] 2 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629985] 3 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629990] 4 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629994] 5 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629999] 6 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.630004] 7 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.630008] 8 }}} = 11/11 = * vmallocは勝手に解放されることがあるらしい * http://f42.aaa.livedoor.jp/~hassaku/crswikicrs/?LinuxDriver%A4%D8%A4%CE%C6%BB15%3F > vmallocを使うことは推奨されません。 * http://wiki.bit-hive.com/linuxkernelmemo/pg/kmalloc,vmalloc * http://stackoverflow.com/questions/116343/what-is-the-difference-between-vmalloc-and-kmalloc == stackmod == * 適当な深さのスタックデバイス * writeするとpushされる * readするとpopされる == modtest == * http://www.hakodate-ct.ac.jp/~tokai/tokai/research/kmod.html#basic に従って、何もしないkernel moduleの作成 * windell46:04 s0711489$ touch Makefile * windell46:04 s0711489$ touch modtest.c = 11/15 = == test module == * s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko * s0711489@ubuntu-lucid:~$ lsmod | grep test {{{ modtest 511 0 }}} * s0711489@ubuntu-lucid:~$ sudo rmmod modtest * s0711489@ubuntu-lucid:~$ tailf /var/log/kern.log {{{ Nov 16 12:57:12 ubuntu-lucid kernel: [ 184.191269] modtest is loaded Nov 16 12:57:49 ubuntu-lucid kernel: [ 221.183851] modtest is unloaded }}} === accept parameter === * s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko * s0711489@ubuntu-lucid:~$ sudo rmmod modtest * s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko entry=1024 * s0711489@ubuntu-lucid:~$ sudo rmmod modtest * s0711489@ubuntu-lucid:~$ tail /var/log/kern.log {{{ Nov 16 13:55:37 ubuntu-lucid kernel: [ 3688.894628] modtest is loaded with 128 entry Nov 16 13:55:42 ubuntu-lucid kernel: [ 3694.171780] modtest is unloaded Nov 16 13:55:49 ubuntu-lucid kernel: [ 3700.375278] modtest is loaded with 1024 entry Nov 16 13:55:52 ubuntu-lucid kernel: [ 3704.198557] modtest is unloaded }}} * s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko entry=1024 * s0711489@ubuntu-lucid:~$ cat /sys/module/modtest/parameters/entry {{{ 1024 }}} == stack module (copy from modtest) == * s0711489@ubuntu-lucid:~$ sudo insmod stackmod.ko * s0711489@ubuntu-lucid:~$ sudo rmmod stackmod * s0711489@ubuntu-lucid:~$ tail /var/log/kern.log {{{ Nov 16 14:56:16 ubuntu-lucid kernel: [ 7326.677171] stackmod is loaded Nov 16 14:56:16 ubuntu-lucid kernel: [ 7326.677175] stackmod: 128 entry, major is 251, minor is 0 Nov 16 14:56:24 ubuntu-lucid kernel: [ 7335.090496] stackmod is unloaded }}}