wiki:Dev/KernelHack/COINS/worklog/201111

Context Navigation

Version 5 (modified by mitty, 13 years ago) (diff)
--

11/02

informative system calls

kernel/sys.c
- sethostname, gethostname
- about copy_to_user/copy_from_user
kernel/hrtimer.c
- nanosleep
- about timespec
kernel/posix-timers.c
- clock_gettime
- about timespec
kernel/module.c
- delete_module
- about strncpy_from_user
kernel/printk.c
- about __LOG_BUF_LEN/access_ok

testing new_debug syscall

windell57:i386 s0711489$ make -j2

Kernel: arch/x86/boot/bzImage is ready  (#3)

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
s0711489@ubuntu-lucid:~$ sudo reboot

s0711489@ubuntu-lucid:~$ cat > new_debug-sys.c
s0711489@ubuntu-lucid:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c

s0711489@ubuntu-lucid:~$ ./a.out
```
new_debug()
```

s0711489@ubuntu-lucid:~$ dmesg | tail -n 2

[    6.833440] dhclient3 used greatest stack depth: 5560 bytes left
[  579.378377] new_debug()

s0711489@ubuntu-lucid:~$ ./a.out hoge fuga piyo

[-570566464.-1216585740] hoge
[0.000000000] fuga
[0.000000000] piyo

s0711489@ubuntu-lucid:~$ dmesg | tail -n 5

[    6.833440] dhclient3 used greatest stack depth: 5560 bytes left
[  579.378377] new_debug()
[  596.785236] hoge
[  596.785274] fuga
[  596.785282] piyo

maybe useful

http://hira-consulting.com/wiki/index.php?linux2.6%2Farch%2Fi386%2Flib%2Fusercopy.c
http://hira-consulting.com/wiki/?linux2.6%2Finclude%2Flinux%2Ferr.h
IS_ERR_OR_NULL
__LOG_BUF_LEN

https://www.codeblog.org/blog/gniibe/20060323.html
get_user/put_user, set_fs のまとめ

http://www.ibm.com/developerworks/jp/linux/library/l-system-calls/ の「copy_to_user」の定義が変

unsigned long copy_from_user( void *to, const void __user *from, unsigned long n );
unsigned long copy_to_user( void *to, const void __user *from, unsigned long n );

以下が正しい

unsigned long copy_from_user( void *to, const void __user *from, unsigned long n );
unsigned long copy_to_user( void __user *to, const void *from, unsigned long n );

11/04

define as static char __log_buf[__LOG_BUF_LEN] in printk.c
sys_clock_gettime uses copy_to_user in its code

11/08

new_debug() が正常に動作したりしなかったりする
- 結論 -> staticで確保していなかったのが良くない

char message[__LOG_BUF_LEN];

windell46:i386 s0711489$ ./build

press enter key to make with i386 kernel

Kernel: arch/x86/boot/bzImage is ready  (#6)

windell46:i386 s0711489$ make modules

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh

s0711489@ubuntu-lucid:~$ sudo reboot

Linux ubuntu-lucid 2.6.35.14 #6 SMP Tue Nov 8 17:26:43 JST 2011 i686 GNU/Linux

windell46:~ s0711489$ scp -r .subversion/ 172.16.237.130:~

s0711489@ubuntu-lucid:~$ svn co https://XXXXXXXXXXXX/trunk/coursework/KernelHack/03/
```
Checked out revision 1387.
```

s0711489@ubuntu-lucid:~/03$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c
s0711489@ubuntu-lucid:~/03$ ./a.out
```
new_debug with argv[i]: Bad address
```

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2

new_debug with argv[i]: Bad address
new_debug with argv[i]: Bad address

gdb

viola06:i386 s0711489$ gdb

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2

Breakpoint 1, sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN   (1 << CONFIG_LOG_BUF_SHIFT)
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              char message[__LOG_BUF_LEN];
12              struct timespec ts;
13
(gdb)
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
15                      errno = -EFAULT;
16                      goto out;
17              }
18
19              if (message == NULL) {
20                      errno = -EINVAL;
21                      goto out;
22              }
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
24                      errno = -EFAULT;
25                      goto out;
26              }
27              message[sizeof(message) - 1] = '\0';
28
29              printk(KERN_DEBUG "%s\n", message);
30
31              if (tp_user != NULL) {
32                      sys_clock_gettime(CLOCK_REALTIME, &ts);
33                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb)
34                              errno = -EFAULT;
35                              goto out;
36                      }
37              }
38
39              errno = 0;
40
41      out:
42              return errno;
43      }
(gdb)
Line number 44 out of range; arch/x86/kernel/new_debug.c has 43 lines.
(gdb) s
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
41      out:
(gdb)
43      }
(gdb) p errno
$1 = -14
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:43
0xc100288c in ?? ()
Value returned is $2 = -14
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
41      out:
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:41
0xc100288c in ?? ()
Value returned is $3 = -14
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2

new_debug with argv[i]: Bad address
new_debug with argv[i]: Bad address

s0711489@ubuntu-lucid:~/03$ ./a.out

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN   (1 << CONFIG_LOG_BUF_SHIFT)
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              char message[__LOG_BUF_LEN];
12              struct timespec ts;
13
(gdb)
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
15                      errno = -EFAULT;
16                      goto out;
17              }
18
19              if (message == NULL) {
20                      errno = -EINVAL;
21                      goto out;
22              }
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
24                      errno = -EFAULT;
25                      goto out;
26              }
27              message[sizeof(message) - 1] = '\0';
28
29              printk(KERN_DEBUG "%s\n", message);
30
31              if (tp_user != NULL) {
32                      sys_clock_gettime(CLOCK_REALTIME, &ts);
33                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb) s
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) l
109      * If @count is smaller than the length of the string, copies @count bytes
110      * and returns @count.
111      */
112     long
113     strncpy_from_user(char *dst, const char __user *src, long count)
114     {
115             long res = -EFAULT;
116             if (access_ok(VERIFY_READ, src, 1))
117                     __do_strncpy_from_user(dst, src, count, res);
118             return res;
(gdb)
119     }
120     EXPORT_SYMBOL(strncpy_from_user);
121
122     /*
123      * Zero Userspace
124      */
125
126     #define __do_clear_user(addr,size)                                      \
127     do {                                                                    \
128             int __d0;                                                       \
(gdb)
129             might_fault();                                                  \
130             __asm__ __volatile__(                                           \
131                     "0:     rep; stosl\n"                                   \
132                     "       movl %2,%0\n"                                   \
133                     "1:     rep; stosb\n"                                   \
134                     "2:\n"                                                  \
135                     ".section .fixup,\"ax\"\n"                              \
136                     "3:     lea 0(%2,%0,4),%0\n"                            \
137                     "       jmp 2b\n"                                       \
138                     ".previous\n"                                           \
(gdb)
139                     _ASM_EXTABLE(0b,3b)                                     \
140                     _ASM_EXTABLE(1b,2b)                                     \
141                     : "=&c"(size), "=&D" (__d0)                             \
142                     : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0));     \
143     } while (0)
144
145     /**
146      * clear_user: - Zero a block of memory in user space.
147      * @to:   Destination address, in user space.
148      * @n:    Number of bytes to zero.
(gdb) s
116             if (access_ok(VERIFY_READ, src, 1))
(gdb)
119     }
(gdb) p src
$1 = 0x8048646 "new_debug()"
(gdb) p dst
$2 = 0xdf275f9c ""
(gdb) p count
$3 = 262143
(gdb) p res
$4 = -14
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:119
0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $5 = -14
(gdb) s
41      out:
(gdb)
43      }
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:43
0xc100288c in ?? ()
Value returned is $6 = -14
(gdb) s
Cannot find bounds of current function
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out
```
new_debug with argv[i]: Bad address
```

s0711489@ubuntu-lucid:~/03$ ./a.out

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (
    dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()",
    count=262143) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb)
116             if (access_ok(VERIFY_READ, src, 1))
(gdb)
119     }
(gdb) finish
Run till exit from #0  strncpy_from_user (
    dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()",
    count=262143) at arch/x86/lib/usercopy_32.c:119
0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $1 = -14
(gdb)
Run till exit from #0  0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23
0xc100288c in ?? ()
Value returned is $2 = -14
(gdb)
Run till exit from #0  0xc100288c in ?? ()

gdbでステップ実行していると、finishで関数から抜けようとした際に、以下のようにkernel panicを起こすことが多々あった

まれにうまく動作した場合、message[]はstaticでは無いのに前のデータが残っていることがある模様

guest

s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug()
s0711489@ubuntu-lucid:~/03$ ./a.out

gdb

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
14              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
23              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114

len = strnlen_user

vim arch/x86/kernel/new_debug.c

arch/x86/kernel/new_debug.c

         int errno;
         char message[__LOG_BUF_LEN];
         struct timespec ts;
+        long len = 0;
         if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
                 errno = -EFAULT;
                 goto out;
+        }
         if (message == NULL) {
+        if (message_user == NULL) {
                 errno = -EINVAL;
                 goto out;
+        }
+        len = strnlen_user(message_user, __LOG_BUF_LEN);
+        if (len == 0 || len > __LOG_BUF_LEN) {
+                errno = -EINVAL;
+                goto out;
+        }
         if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
                 errno = -EFAULT;
                 goto out;

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#7)

s0711489@ubuntu-lucid:~$ sudo reboot

s0711489@ubuntu-lucid:~/03$ ./a.out

new_debug with argv[i]: Invalid argument

s0711489@ubuntu-lucid:~/03$ ./a.out

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb)
197             unsigned long mask = -__addr_ok(s);
(gdb) finish
Run till exit from #0  strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:197

Program received signal SIGINT, Interrupt.
0xc1332240 in __ticket_spin_lock () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/spinlock.h:65
65              asm volatile (
(gdb) detach
Ending remote debugging.

__LOG_BUF_LEN 1024

vim arch/x86/kernel/new_debug.c

arch/x86/kernel/new_debug.c

 #include <linux/time.h>
 /* from kernel/printk.c */
 #define __LOG_BUF_LEN   (1 << CONFIG_LOG_BUF_SHIFT)
+#define __LOG_BUF_LEN   1024
 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
         int errno;

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#8)

windell46:i386 s0711489$ make modules

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh

gdb

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d8a0: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN   1024
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              char message[__LOG_BUF_LEN];
12              struct timespec ts;
13              long len = 0;
(gdb)
14
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
16                      errno = -EFAULT;
17                      goto out;
18              }
19
20              if (message_user == NULL) {
21                      errno = -EINVAL;
22                      goto out;
23              }
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
25              if (len == 0 || len > __LOG_BUF_LEN) {
26                      errno = -EINVAL;
27                      goto out;
28              }
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
30                      errno = -EFAULT;
31                      goto out;
32              }
33              message[sizeof(message) - 1] = '\0';
(gdb)
34
35              printk(KERN_DEBUG "%s\n", message);
36
37              if (tp_user != NULL) {
38                      sys_clock_gettime(CLOCK_REALTIME, &ts);
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
40                              errno = -EFAULT;
41                              goto out;
42                      }
43              }
(gdb)
44
45              errno = 0;
46
47      out:
48              return errno;
49      }
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb)
197             unsigned long mask = -__addr_ok(s);
(gdb) finish
Run till exit from #0  strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:197
sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $1 = 12
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb) p message
$2 = '\000' <repeats 176 times>, "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w\004\000\000\200\242\v\371F\000\000\000\002\000\000\000\230"...
(gdb) p message_user
$3 = 0x8048646 "new_debug()"
(gdb) s
strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114
0xc101d8f1 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $4 = 11
(gdb) p message_user
$5 = 0x8048646 "new_debug()"
(gdb) p message
$6 = "new_debug()", '\000' <repeats 165 times>, "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w"...
(gdb) s
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb) n
37              if (tp_user != NULL) {
(gdb) s
49      }
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $7 = 0
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out
```
new_debug()
```

期待通りの挙動を示した

static char message []

vim arch/x86/kernel/new_debug.c

arch/x86/kernel/new_debug.c

 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
         int errno;
         char message[__LOG_BUF_LEN];
+        static char message[__LOG_BUF_LEN];
         struct timespec ts;
         long len = 0;

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#9)

windell46:i386 s0711489$ make modules

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh

gdb

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN   (1 << CONFIG_LOG_BUF_SHIFT)
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              static char message[__LOG_BUF_LEN];
12              struct timespec ts;
13              long len = 0;
(gdb)
14
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
16                      errno = -EFAULT;
17                      goto out;
18              }
19
20              if (message_user == NULL) {
21                      errno = -EINVAL;
22                      goto out;
23              }
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
25              if (len == 0 || len > __LOG_BUF_LEN) {
26                      errno = -EINVAL;
27                      goto out;
28              }
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
30                      errno = -EFAULT;
31                      goto out;
32              }
33              message[sizeof(message) - 1] = '\0';
(gdb)
34
35              printk(KERN_DEBUG "%s\n", message);
36
37              if (tp_user != NULL) {
38                      sys_clock_gettime(CLOCK_REALTIME, &ts);
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
40                              errno = -EFAULT;
41                              goto out;
42                      }
43              }
(gdb)
44
45              errno = 0;
46
47      out:
48              return errno;
49      }
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $1 = 2
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114
0xc101d8ea in sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $2 = 1
(gdb) s
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb) p message
$3 = "1\000ga\000ebug()", '\000' <repeats 262132 times>
(gdb) n
37              if (tp_user != NULL) {
(gdb) s
38                      sys_clock_gettime(CLOCK_REALTIME, &ts);
(gdb) p ts
$4 = {tv_sec = -598564864, tv_nsec = -1217056780}
(gdb) n
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb) p ts
$5 = {tv_sec = -598564864, tv_nsec = -1217056780}
(gdb) n
49      }
(gdb) p ts_user
No symbol "ts_user" in current context.
(gdb) p tp_
tp_event               tp_perf_event_destroy  tp_probes              tp_user
(gdb) p tp_user
$6 = (struct timespec *) 0xbf8af014
(gdb) p errno
$7 = 0
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $8 = 0
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbf8b099e "2", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbf8b09a0 "3", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfc1e99c "1", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb) n
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
25              if (len == 0 || len > __LOG_BUF_LEN) {
(gdb)
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
37              if (tp_user != NULL) {
(gdb) p tp_user
$9 = (struct timespec *) 0xbfc1d654
(gdb) p ts
$10 = {tv_sec = 0, tv_nsec = 0}
(gdb) n
38                      sys_clock_gettime(CLOCK_REALTIME, &ts);
(gdb)
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb)
49      }
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $11 = 0
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfc1e9a0 "3", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out hoge fuga

[-598562624.-1216589836] hoge
[0.000000000] fuga

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3

[-598564864.-1217056780] 1
[0.000000000] 2
[0.000000000] 3

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3

[-598564864.-1215885324] 1
[0.000000000] 2
[0.000000000] 3

こちらも問題無く動作した

very long argument

gdb

(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4)
    at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb) p message
$12 = '\000' <repeats 262143 times>
(gdb) p message_user
$13 = 0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"...
(gdb) p tp_user
$14 = (struct timespec *) 0xbfcf62d4
(gdb) s
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) p len
$15 = <value optimized out>
(gdb) n
25              if (len == 0 || len > __LOG_BUF_LEN) {
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., count=262143)
    at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., count=262143)
    at arch/x86/lib/usercopy_32.c:114
0xc101d8ea in sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4)
    at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $16 = 5000
(gdb) p message
$17 = '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "2", '0' <repeats 99 times>, "3", '0' <repeats 99 times>, "4", '0' <repeats 99 times>, "5", '0' <repeats 99 times>, "6", '0' <repeats 99 times>, "7", '0' <repeats 99 times>, "8", '0' <repeats 99 times>, "9", '0' <repeats 98 times>, "1", '0' <repeats 99 times>, "11", '0' <repeats 98 times>, "12", '0' <repeats 98 times>, "13", '0' <repeats 98 times>, "14", '0' <repeats 98 times>, "15", '0' <repeats 98 times>, "16", '0' <repeats 98 times>, "17", '0' <repeats 98 times>...
(gdb) s
35              printk(KERN_DEBUG "%s\n", message);
(gdb) n
33              message[sizeof(message) - 1] = '\0';
(gdb) p sizeof(message)
$18 = 262144
(gdb) n
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
37              if (tp_user != NULL) {
(gdb)
38                      sys_clock_gettime(CLOCK_REALTIME, &ts);
(gdb) p ts
$19 = {tv_sec = -598614528, tv_nsec = -1216688140}
(gdb) n
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb)
49      }
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4)
    at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $20 = 0
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000
```
[-598614528.-1216688140] 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000
```

s0711489@ubuntu-lucid:~/03$ dmesg | tail -n 2

[    6.197442] vmblock: version magic '2.6.32-33-generic SMP mod_unload modversions 586 ' should be '2.6.35.14 SMP mod_unload 686 '
[  276.962399] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000

printk()

Breakpoint 1, sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4)
    at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
25              if (len == 0 || len > __LOG_BUF_LEN) {
(gdb)
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb) s
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614
614             va_start(args, fmt);
(gdb) finish
Run till exit from #0  printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614
sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4)
    at arch/x86/kernel/new_debug.c:37
37              if (tp_user != NULL) {
Value returned is $21 = 1041
(gdb)
Run till exit from #0  sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4)
    at arch/x86/kernel/new_debug.c:37
0xc100288c in ?? ()
Value returned is $22 = 0
(gdb) c
Continuing.

shorten message[]

printk()は1020文字程度しか出力してくれない(Ubuntu 10.04 i386)ので、バッファイサイズをずっと短くする

vim arch/x86/kernel/new_debug.c

arch/x86/kernel/new_debug.c

 #include <linux/time.h>
 /* from kernel/printk.c */
 #define __LOG_BUF_LEN   (1 << CONFIG_LOG_BUF_SHIFT)
+#define __LOG_BUF_LEN 1024
 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
         int errno;

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#11)

windell46:i386 s0711489$ make modules

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh

s0711489@ubuntu-lucid:~/03$ ./a.out
```
new_debug()
```

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4

[-572681344.-1217335308] 1
[0.000000000] 2
[0.000000000] 3
[0.000000000] 4

s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345
```
[-572680448.-1215909900] 1
[0.000000000] 2
[0.000000000] 3
[0.000000000] 4
[0.000000000] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000
[0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020
[0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123
new_debug with argv[i]: Invalid argument
new_debug with argv[i]: Invalid argument
```

gdb

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
b sys_new_debug
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfa735b9 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) s
strnlen_user (s=0xbfa735b9 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbfa735b9 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbfa735b9 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $1 = 1001
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) s
strnlen_user (s=0xbfa739a2 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbfa739a2 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $2 = 1021
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa739a2 '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa739a2 '0' <repeats 200 times>..., count=1023)
    at arch/x86/lib/usercopy_32.c:114
0xc101d8ea in sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $3 = 1020
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) s
strnlen_user (s=0xbfa73d9f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbfa73d9f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $4 = 1024
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa73d9f '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa73d9f '0' <repeats 200 times>..., count=1023)
    at arch/x86/lib/usercopy_32.c:114
0xc101d8ea in sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $5 = 1023
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) s
strnlen_user (s=0xbfa7419f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbfa7419f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $6 = 1025
(gdb) s
49      }
(gdb) l 25
20              if (message_user == NULL) {
21                      errno = -EINVAL;
22                      goto out;
23              }
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
25              if (len == 0 || len > __LOG_BUF_LEN) {
26                      errno = -EINVAL;
27                      goto out;
28              }
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb) p errno
$7 = -22
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $8 = -22
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb) s
strnlen_user (s=0xbfa745a0 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0xbfa745a0 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $9 = 1025
(gdb) s
49      }
(gdb) p errno
$10 = -22
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $11 = -22
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~/03$ ./a.out 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345
```
[-593455808.-1216405516] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000
[0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020
[0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123
new_debug with argv[i]: Invalid argument
new_debug with argv[i]: Invalid argument
```

11/09

change sys_clock_gettime to getnstimeofday

http://hira-consulting.com/wiki/index.php?getnstimeofday%28%29%2Flinux2.6

vim arch/x86/kernel/new_debug.c

arch/x86/kernel/new_debug.c

         printk(KERN_DEBUG "%s\n", message);
         if (tp_user != NULL) {
                 sys_clock_gettime(CLOCK_REALTIME, &ts);
+                getnstimeofday(&ts);
                 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
                         errno = -EFAULT;
                         goto out;

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#12)

s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh

gdb

(gdb) file vmlinux
Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done.
(gdb) b sys_new_debug
Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9.
(gdb) target remote windell46:8832
Remote debugging using windell46:8832
0xc1007cdf in native_safe_halt ()
    at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49
49              asm volatile("sti; hlt": : :"memory");
(gdb) c
Continuing.

Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0)
    at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN 1024
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              static char message[__LOG_BUF_LEN];
12              struct timespec ts;
13              long len = 0;
(gdb)
14
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
16                      errno = -EFAULT;
17                      goto out;
18              }
19
20              if (message_user == NULL) {
21                      errno = -EINVAL;
22                      goto out;
23              }
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
25              if (len == 0 || len > __LOG_BUF_LEN) {
26                      errno = -EINVAL;
27                      goto out;
28              }
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
30                      errno = -EFAULT;
31                      goto out;
32              }
33              message[sizeof(message) - 1] = '\0';
(gdb)
34
35              printk(KERN_DEBUG "%s\n", message);
36
37              if (tp_user != NULL) {
38                      getnstimeofday(&ts);
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
40                              errno = -EFAULT;
41                              goto out;
42                      }
43              }
(gdb)
44
45              errno = 0;
46
47      out:
48              return errno;
49      }
(gdb) s
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
strnlen_user (s=0x8048646 "new_debug()", n=1024)
    at arch/x86/lib/usercopy_32.c:196
196     {
(gdb) finish
Run till exit from #0  strnlen_user (s=0x8048646 "new_debug()", n=1024)
    at arch/x86/lib/usercopy_32.c:196
sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0)
    at arch/x86/kernel/new_debug.c:25
25              if (len == 0 || len > __LOG_BUF_LEN) {
Value returned is $1 = 12
(gdb) s
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
strncpy_from_user (dst=0xc158da00 "", src=0x8048646 "new_debug()", count=1023)
    at arch/x86/lib/usercopy_32.c:114
114     {
(gdb) finish
Run till exit from #0  strncpy_from_user (dst=0xc158da00 "",
    src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114
0xc101d8ea in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0)
    at arch/x86/kernel/new_debug.c:29
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
Value returned is $2 = 11
(gdb) s
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614
614             va_start(args, fmt);
(gdb) finish
Run till exit from #0  printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614
sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0)
    at arch/x86/kernel/new_debug.c:37
37              if (tp_user != NULL) {
Value returned is $3 = 33
(gdb) s
49      }
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0x8048646 "new_debug()",
    tp_user=0x0) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $4 = 0
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~$ ./a.out
```
new_debug()
```

gdb

Breakpoint 1, sys_new_debug (message_user=0xbfb1b9b9 "1", tp_user=0xbfb1b324)
    at arch/x86/kernel/new_debug.c:9
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
(gdb) l
4       #include <linux/time.h>
5
6       /* from kernel/printk.c */
7       #define __LOG_BUF_LEN 1024
8
9       SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) {
10              int errno;
11              static char message[__LOG_BUF_LEN];
12              struct timespec ts;
13              long len = 0;
(gdb) p message
$5 = "new_debug()", '\000' <repeats 1012 times>
(gdb) p message_user
$6 = 0xbfb1b9b9 "1"
(gdb) p tp_user
$7 = (struct timespec *) 0xbfb1b324
(gdb) p ts
$8 = {tv_sec = -570499584, tv_nsec = -1216356364}
(gdb) n
15              if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) {
(gdb)
20              if (message_user == NULL) {
(gdb)
24              len = strnlen_user(message_user, __LOG_BUF_LEN);
(gdb)
25              if (len == 0 || len > __LOG_BUF_LEN) {
(gdb)
29              if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) {
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
33              message[sizeof(message) - 1] = '\0';
(gdb)
35              printk(KERN_DEBUG "%s\n", message);
(gdb)
37              if (tp_user != NULL) {
(gdb)
38                      getnstimeofday(&ts);
(gdb)
39                      if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) {
(gdb) p ts
$9 = {tv_sec = 1320815780, tv_nsec = 601392214}
(gdb) p tp_user
$10 = (struct timespec *) 0xbfb1b324
(gdb) n
49      }
(gdb) p tp_user
$11 = (struct timespec *) 0xbfb1b324
(gdb) finish
Run till exit from #0  sys_new_debug (message_user=0xbfb1b9b9 "1",
    tp_user=0xbfb1b324) at arch/x86/kernel/new_debug.c:49
0xc100288c in ?? ()
Value returned is $12 = 0
(gdb) c
Continuing.

s0711489@ubuntu-lucid:~$ ./a.out 1
```
[1320815780.601392214] 1
```

s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4

[1320815837.554212464] 1
[1320815837.554367435] 2
[1320815837.554373628] 3
[1320815837.554378429] 4

s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4

[1320815846.036561542] 1
[1320815846.036726240] 2
[1320815846.036732514] 3
[1320815846.036737329] 4

s0711489@ubuntu-lucid:~$ tail /var/log/debug

Nov  9 14:14:21 ubuntu-lucid kernel: [  187.486803] new_debug()
Nov  9 14:16:38 ubuntu-lucid kernel: [  364.616724] 1
Nov  9 14:17:17 ubuntu-lucid kernel: [  425.607587] 1
Nov  9 14:17:17 ubuntu-lucid kernel: [  425.607744] 2
Nov  9 14:17:17 ubuntu-lucid kernel: [  425.607750] 3
Nov  9 14:17:17 ubuntu-lucid kernel: [  425.607755] 4
Nov  9 14:17:26 ubuntu-lucid kernel: [  434.089936] 1
Nov  9 14:17:26 ubuntu-lucid kernel: [  434.090102] 2
Nov  9 14:17:26 ubuntu-lucid kernel: [  434.090109] 3
Nov  9 14:17:26 ubuntu-lucid kernel: [  434.090114] 4

fix macro for new_debug

vim arch/x86/include/asm/new_debug.h

arch/x86/include/asm/new_debug.h

 #define _ASM_X86_NEW_DEBUG_H
 #include <asm/unistd.h>
 #define new_debug(x) syscall(__NR_new_debug, x)
+#define new_debug(x,y) syscall(__NR_new_debug, x, y)
 #endif /* _ASM_X86_NEW_DEBUG_H */

windell46:i386 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#12)

add new_debug to x86_64

vim arch/x86/include/asm/unistd_64.h

arch/x86/include/asm/unistd_64.h

 __SYSCALL(__NR_recvmmsg, sys_recvmmsg)
 #define __NR_new_hello              300
 __SYSCALL(__NR_new_hello, sys_new_hello)
+#define __NR_new_debug              301
+__SYSCALL(__NR_new_debug, sys_new_debug)
 #ifndef __NO_STUBS
 #define __ARCH_WANT_OLD_READDIR

viola06:x86_64 s0711489$ ./build

Kernel: arch/x86/boot/bzImage is ready  (#5)

s0711489@ubuntu-lucid64:~$ sudo /mnt/hgfs/tools/install.sh

s0711489@ubuntu-lucid64:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ 03/new_debug-sys.c

s0711489@ubuntu-lucid64:~$ ./a.out
```
new_debug()
```

s0711489@ubuntu-lucid64:~$ ./a.out 1 2 3 4 5 6 7 8

[1320819346.718424802] 1
[1320819346.718761534] 2
[1320819346.718767685] 3
[1320819346.718772404] 4
[1320819346.718776934] 5
[1320819346.718781608] 6
[1320819346.718786123] 7
[1320819346.718790631] 8

s0711489@ubuntu-lucid64:~$ tail /var/log/kern.log

Nov  9 15:15:24 ubuntu-lucid64 kernel: [   27.316107] cc1 used greatest stack depth: 4368 bytes left
Nov  9 15:15:36 ubuntu-lucid64 kernel: [   39.137213] new_debug()
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629638] 1
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629978] 2
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629985] 3
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629990] 4
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629994] 5
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.629999] 6
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.630004] 7
Nov  9 15:15:46 ubuntu-lucid64 kernel: [   49.630008] 8

11/11

vmallocは勝手に解放されることがあるらしい
http://f42.aaa.livedoor.jp/~hassaku/crswikicrs/?LinuxDriver%A4%D8%A4%CE%C6%BB15%3F

vmallocを使うことは推奨されません。
http://wiki.bit-hive.com/linuxkernelmemo/pg/kmalloc,vmalloc
http://stackoverflow.com/questions/116343/what-is-the-difference-between-vmalloc-and-kmalloc

stackmod

適当な深さのスタックデバイス
writeするとpushされる
readするとpopされる

modtest

http://www.hakodate-ct.ac.jp/~tokai/tokai/research/kmod.html#basic に従って、何もしないkernel moduleの作成

windell46:04 s0711489$ touch Makefile
windell46:04 s0711489$ touch modtest.c

Attachments (4)

WS002510.png (83.7 KB) - added by mitty 13 years ago.
WS002511.png (96.7 KB) - added by mitty 13 years ago.
WS002512.png (80.1 KB) - added by mitty 13 years ago.
WS002515.png (72.2 KB) - added by mitty 13 years ago.

Download all attachments as: .zip

Download in other formats:

Plain Text