Version 6 (modified by mitty, 13 years ago) (diff) |
---|
11/02
informative system calls
- kernel/sys.c
- sethostname, gethostname
- about copy_to_user/copy_from_user
- kernel/hrtimer.c
- nanosleep
- about timespec
- kernel/posix-timers.c
- clock_gettime
- about timespec
- kernel/module.c
- delete_module
- about strncpy_from_user
- kernel/printk.c
- about __LOG_BUF_LEN/access_ok
testing new_debug syscall
- windell57:i386 s0711489$ make -j2
Kernel: arch/x86/boot/bzImage is ready (#3)
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- s0711489@ubuntu-lucid:~$ sudo reboot
- s0711489@ubuntu-lucid:~$ cat > new_debug-sys.c
- s0711489@ubuntu-lucid:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c
- s0711489@ubuntu-lucid:~$ ./a.out
new_debug()
- s0711489@ubuntu-lucid:~$ dmesg | tail -n 2
[ 6.833440] dhclient3 used greatest stack depth: 5560 bytes left [ 579.378377] new_debug()
- s0711489@ubuntu-lucid:~$ ./a.out hoge fuga piyo
[-570566464.-1216585740] hoge [0.000000000] fuga [0.000000000] piyo
- s0711489@ubuntu-lucid:~$ dmesg | tail -n 5
[ 6.833440] dhclient3 used greatest stack depth: 5560 bytes left [ 579.378377] new_debug() [ 596.785236] hoge [ 596.785274] fuga [ 596.785282] piyo
maybe useful
- http://hira-consulting.com/wiki/index.php?linux2.6%2Farch%2Fi386%2Flib%2Fusercopy.c
- http://hira-consulting.com/wiki/?linux2.6%2Finclude%2Flinux%2Ferr.h
- IS_ERR_OR_NULL
- __LOG_BUF_LEN
- https://www.codeblog.org/blog/gniibe/20060323.html
- get_user/put_user, set_fs のまとめ
- http://www.ibm.com/developerworks/jp/linux/library/l-system-calls/ の「copy_to_user」の定義が変
unsigned long copy_from_user( void *to, const void __user *from, unsigned long n ); unsigned long copy_to_user( void *to, const void __user *from, unsigned long n );
- 以下が正しい
unsigned long copy_from_user( void *to, const void __user *from, unsigned long n ); unsigned long copy_to_user( void __user *to, const void *from, unsigned long n );
- 以下が正しい
11/04
- define as static char __log_buf[__LOG_BUF_LEN] in printk.c
- sys_clock_gettime uses copy_to_user in its code
11/08
- new_debug() が正常に動作したりしなかったりする
- 結論 -> staticで確保していなかったのが良くない
char message[__LOG_BUF_LEN];
- windell46:i386 s0711489$ ./build
press enter key to make with i386 kernel Kernel: arch/x86/boot/bzImage is ready (#6)
- windell46:i386 s0711489$ make modules
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- s0711489@ubuntu-lucid:~$ sudo reboot
Linux ubuntu-lucid 2.6.35.14 #6 SMP Tue Nov 8 17:26:43 JST 2011 i686 GNU/Linux
- windell46:~ s0711489$ scp -r .subversion/ 172.16.237.130:~
- s0711489@ubuntu-lucid:~$ svn co https://XXXXXXXXXXXX/trunk/coursework/KernelHack/03/
Checked out revision 1387.
- s0711489@ubuntu-lucid:~/03$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ new_debug-sys.c
- s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug with argv[i]: Bad address
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2
new_debug with argv[i]: Bad address new_debug with argv[i]: Bad address
gdb
- viola06:i386 s0711489$ gdb
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2
Breakpoint 1, sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 (gdb) 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 15 errno = -EFAULT; 16 goto out; 17 } 18 19 if (message == NULL) { 20 errno = -EINVAL; 21 goto out; 22 } 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 24 errno = -EFAULT; 25 goto out; 26 } 27 message[sizeof(message) - 1] = '\0'; 28 29 printk(KERN_DEBUG "%s\n", message); 30 31 if (tp_user != NULL) { 32 sys_clock_gettime(CLOCK_REALTIME, &ts); 33 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 34 errno = -EFAULT; 35 goto out; 36 } 37 } 38 39 errno = 0; 40 41 out: 42 return errno; 43 } (gdb) Line number 44 out of range; arch/x86/kernel/new_debug.c has 43 lines. (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 41 out: (gdb) 43 } (gdb) p errno $1 = -14 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc6499e "1", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:43 0xc100288c in ?? () Value returned is $2 = -14 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 41 out: (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc649a0 "2", tp_user=0xbfc63804) at arch/x86/kernel/new_debug.c:41 0xc100288c in ?? () Value returned is $3 = -14 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2
new_debug with argv[i]: Bad address new_debug with argv[i]: Bad address
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2
- s0711489@ubuntu-lucid:~/03$ ./a.out
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 (gdb) 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 15 errno = -EFAULT; 16 goto out; 17 } 18 19 if (message == NULL) { 20 errno = -EINVAL; 21 goto out; 22 } 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 24 errno = -EFAULT; 25 goto out; 26 } 27 message[sizeof(message) - 1] = '\0'; 28 29 printk(KERN_DEBUG "%s\n", message); 30 31 if (tp_user != NULL) { 32 sys_clock_gettime(CLOCK_REALTIME, &ts); 33 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) l 109 * If @count is smaller than the length of the string, copies @count bytes 110 * and returns @count. 111 */ 112 long 113 strncpy_from_user(char *dst, const char __user *src, long count) 114 { 115 long res = -EFAULT; 116 if (access_ok(VERIFY_READ, src, 1)) 117 __do_strncpy_from_user(dst, src, count, res); 118 return res; (gdb) 119 } 120 EXPORT_SYMBOL(strncpy_from_user); 121 122 /* 123 * Zero Userspace 124 */ 125 126 #define __do_clear_user(addr,size) \ 127 do { \ 128 int __d0; \ (gdb) 129 might_fault(); \ 130 __asm__ __volatile__( \ 131 "0: rep; stosl\n" \ 132 " movl %2,%0\n" \ 133 "1: rep; stosb\n" \ 134 "2:\n" \ 135 ".section .fixup,\"ax\"\n" \ 136 "3: lea 0(%2,%0,4),%0\n" \ 137 " jmp 2b\n" \ 138 ".previous\n" \ (gdb) 139 _ASM_EXTABLE(0b,3b) \ 140 _ASM_EXTABLE(1b,2b) \ 141 : "=&c"(size), "=&D" (__d0) \ 142 : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \ 143 } while (0) 144 145 /** 146 * clear_user: - Zero a block of memory in user space. 147 * @to: Destination address, in user space. 148 * @n: Number of bytes to zero. (gdb) s 116 if (access_ok(VERIFY_READ, src, 1)) (gdb) 119 } (gdb) p src $1 = 0x8048646 "new_debug()" (gdb) p dst $2 = 0xdf275f9c "" (gdb) p count $3 = 262143 (gdb) p res $4 = -14 (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xdf275f9c "", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:119 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $5 = -14 (gdb) s 41 out: (gdb) 43 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:43 0xc100288c in ?? () Value returned is $6 = -14 (gdb) s Cannot find bounds of current function (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug with argv[i]: Bad address
- s0711489@ubuntu-lucid:~/03$ ./a.out
- s0711489@ubuntu-lucid:~/03$ ./a.out
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89f: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user ( dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) 116 if (access_ok(VERIFY_READ, src, 1)) (gdb) 119 } (gdb) finish Run till exit from #0 strncpy_from_user ( dst=0xdc3d9f9c "\210\035i\b\250\035i\b\330\035i\b\250\270L\b\b\036i\b\030\036i\b\350\343O\b8\036i\bX\036i\bx\036i\b\270\036i\b\350\036i\b\330\036i\b\370\036i\b\b\037i\b\350\036i\b(\037i\b8\037i\bH\037i\bh\037i\b\210\037i\b\250\037i\b\350\037i\bX\021W\b\310\037i\bp\200h\b", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:119 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $1 = -14 (gdb) Run till exit from #0 0xc101d8d3 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:23 0xc100288c in ?? () Value returned is $2 = -14 (gdb) Run till exit from #0 0xc100288c in ?? ()
- まれにうまく動作した場合、message[]はstaticでは無いのに前のデータが残っていることがある模様
- guest
s0711489@ubuntu-lucid:~/03$ ./a.out new_debug() s0711489@ubuntu-lucid:~/03$ ./a.out
- gdb
Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 14 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 23 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xdc569f9c "new_debug()", src=0x8048646 "new_debug()", count=262143) at arch/x86/lib/usercopy_32.c:114
- guest
len = strnlen_user
- vim arch/x86/kernel/new_debug.c
-
arch/x86/kernel/new_debug.c
10 10 int errno; 11 11 char message[__LOG_BUF_LEN]; 12 12 struct timespec ts; 13 long len = 0; 13 14 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 15 16 errno = -EFAULT; 16 17 goto out; 17 18 } 18 19 19 if (message == NULL) {20 if (message_user == NULL) { 20 21 errno = -EINVAL; 21 22 goto out; 22 23 } 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 23 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 24 30 errno = -EFAULT; 25 31 goto out;
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#7)
- s0711489@ubuntu-lucid:~$ sudo reboot
- s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug with argv[i]: Invalid argument
- s0711489@ubuntu-lucid:~/03$ ./a.out
Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) 197 unsigned long mask = -__addr_ok(s); (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=262144) at arch/x86/lib/usercopy_32.c:197 Program received signal SIGINT, Interrupt. 0xc1332240 in __ticket_spin_lock () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/spinlock.h:65 65 asm volatile ( (gdb) detach Ending remote debugging.
__LOG_BUF_LEN 1024
- vim arch/x86/kernel/new_debug.c
-
arch/x86/kernel/new_debug.c
4 4 #include <linux/time.h> 5 5 6 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT)7 #define __LOG_BUF_LEN 1024 8 8 9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 10 int errno;
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#8)
- windell46:i386 s0711489$ make modules
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- gdb
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d8a0: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 sys_clock_gettime(CLOCK_REALTIME, &ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) 197 unsigned long mask = -__addr_ok(s); (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:197 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 12 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) p message $2 = '\000' <repeats 176 times>, "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w\004\000\000\200\242\v\371F\000\000\000\002\000\000\000\230"... (gdb) p message_user $3 = 0x8048646 "new_debug()" (gdb) s strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xddec9b98 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8f1 in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $4 = 11 (gdb) p message_user $5 = 0x8048646 "new_debug()" (gdb) p message $6 = "new_debug()", '\000' <repeats 165 times>, "\022\002\000\000[\356U鬜\354\335,\236\354\335\060\236\354\335\064\236\354\335\070\236\354\335<\236\354\335\220\216NN\224O\377\206\002\222\374\302[\356U\351\203\002a\033\336\314}\350\002\222\374\302\b\301\261\215P\000\000\000\000\000\000\000 \000\000\000,\236\354\335L\236\354\335;^\035\301\354\235\354\335,\236\354\335b\236\354\335\250\026\367\337\331\377\377\377\000\000\000\000\000\177\300\301\000\000\000\000Ȝ\354\335\037p\000\301\020\235\354\335\223\206\004\301\254a\a\371F\000\000\000\374`\a\371F\000\000\000\374`\a\371F\000\000\000@\204\300\301@\177\300\301C\224)*\017H\017\000\000\000\000\000\034T\215\337\017H\017\000\070\235\354݄c\002\301t\235\354\335,b\004\301F\000\000\000\360S\215\337\017H\017\000\000\000\000\000R\334\070*\003\000\000\000\300\344\063\301@B\017\000\000\000\000\000@>\300\301\200\235\354\335|v\004\301@B\017\000\000\000\000\000@`\374\370F\000\000\000t\235\354\335X\235\354\335d\235\354\335\250d\001\301l\235\354\335\304f\001\301\220\235\354\335\063\352\004\301\063`\016\001\000\000\000\000\v\026\341\226w"... (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) n 37 if (tp_user != NULL) { (gdb) s 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $7 = 0 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug()
- 期待通りの挙動を示した
static char message []
- vim arch/x86/kernel/new_debug.c
-
arch/x86/kernel/new_debug.c
8 8 9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 10 int errno; 11 char message[__LOG_BUF_LEN];11 static char message[__LOG_BUF_LEN]; 12 12 struct timespec ts; 13 13 long len = 0; 14 14
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#9)
- windell46:i386 s0711489$ make modules
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- gdb
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 sys_clock_gettime(CLOCK_REALTIME, &ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbf8b099c "1", n=262144) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 2 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "fuga", src=0xbf8b099c "1", count=262143) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $2 = 1 (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) p message $3 = "1\000ga\000ebug()", '\000' <repeats 262132 times> (gdb) n 37 if (tp_user != NULL) { (gdb) s 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) p ts $4 = {tv_sec = -598564864, tv_nsec = -1217056780} (gdb) n 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) p ts $5 = {tv_sec = -598564864, tv_nsec = -1217056780} (gdb) n 49 } (gdb) p ts_user No symbol "ts_user" in current context. (gdb) p tp_ tp_event tp_perf_event_destroy tp_probes tp_user (gdb) p tp_user $6 = (struct timespec *) 0xbf8af014 (gdb) p errno $7 = 0 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbf8b099c "1", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $8 = 0 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b099e "2", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbf8b09a0 "3", tp_user=0xbf8af014) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e99c "1", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) n 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) p tp_user $9 = (struct timespec *) 0xbfc1d654 (gdb) p ts $10 = {tv_sec = 0, tv_nsec = 0} (gdb) n 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfc1e99e "2", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $11 = 0 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfc1e9a0 "3", tp_user=0xbfc1d654) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out hoge fuga
[-598562624.-1216589836] hoge [0.000000000] fuga
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3
[-598564864.-1217056780] 1 [0.000000000] 2 [0.000000000] 3
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3
[-598564864.-1215885324] 1 [0.000000000] 2 [0.000000000] 3
- こちらも問題無く動作した
very long argument
- gdb
(gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) p message $12 = '\000' <repeats 262143 times> (gdb) p message_user $13 = 0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"... (gdb) p tp_user $14 = (struct timespec *) 0xbfcf62d4 (gdb) s 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) p len $15 = <value optimized out> (gdb) n 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., count=262143) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "", src=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., count=262143) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $16 = 5000 (gdb) p message $17 = '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "2", '0' <repeats 99 times>, "3", '0' <repeats 99 times>, "4", '0' <repeats 99 times>, "5", '0' <repeats 99 times>, "6", '0' <repeats 99 times>, "7", '0' <repeats 99 times>, "8", '0' <repeats 99 times>, "9", '0' <repeats 98 times>, "1", '0' <repeats 99 times>, "11", '0' <repeats 98 times>, "12", '0' <repeats 98 times>, "13", '0' <repeats 98 times>, "14", '0' <repeats 98 times>, "15", '0' <repeats 98 times>, "16", '0' <repeats 98 times>, "17", '0' <repeats 98 times>... (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) n 33 message[sizeof(message) - 1] = '\0'; (gdb) p sizeof(message) $18 = 262144 (gdb) n 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) 38 sys_clock_gettime(CLOCK_REALTIME, &ts); (gdb) p ts $19 = {tv_sec = -598614528, tv_nsec = -1216688140} (gdb) n 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfcf7619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfcf62d4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $20 = 0 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000
[-598614528.-1216688140] 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000
- s0711489@ubuntu-lucid:~/03$ dmesg | tail -n 2
[ 6.197442] vmblock: version magic '2.6.32-33-generic SMP mod_unload modversions 586 ' should be '2.6.35.14 SMP mod_unload 686 ' [ 276.962399] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000
- printk()
Breakpoint 1, sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) s 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 614 va_start(args, fmt); (gdb) finish Run till exit from #0 printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:37 37 if (tp_user != NULL) { Value returned is $21 = 1041 (gdb) Run till exit from #0 sys_new_debug (message_user=0xbfee1619 '0' <repeats 97 times>, "1", '0' <repeats 99 times>, "200"..., tp_user=0xbfedfda4) at arch/x86/kernel/new_debug.c:37 0xc100288c in ?? () Value returned is $22 = 0 (gdb) c Continuing.
shorten message[]
- printk()は1020文字程度しか出力してくれない(Ubuntu 10.04 i386)ので、バッファイサイズをずっと短くする
- vim arch/x86/kernel/new_debug.c
-
arch/x86/kernel/new_debug.c
4 4 #include <linux/time.h> 5 5 6 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT)7 #define __LOG_BUF_LEN 1024 8 8 9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 10 int errno;
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#11)
- windell46:i386 s0711489$ make modules
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- s0711489@ubuntu-lucid:~/03$ ./a.out
new_debug()
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4
[-572681344.-1217335308] 1 [0.000000000] 2 [0.000000000] 3 [0.000000000] 4
- s0711489@ubuntu-lucid:~/03$ ./a.out 1 2 3 4 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345
[-572680448.-1215909900] 1 [0.000000000] 2 [0.000000000] 3 [0.000000000] 4 [0.000000000] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 new_debug with argv[i]: Invalid argument new_debug with argv[i]: Invalid argument
- gdb
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. b sys_new_debug (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa735b9 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa735b9 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa735b9 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa735b9 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 1001 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa739a2 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa739a2 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $2 = 1021 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa739a2 '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa739a2 '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfa739a2 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $3 = 1020 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa73d9f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa73d9f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $4 = 1024 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa73d9f '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 '0' <repeats 200 times>..., src=0xbfa73d9f '0' <repeats 200 times>..., count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0xbfa73d9f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $5 = 1023 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa7419f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa7419f '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $6 = 1025 (gdb) s 49 } (gdb) l 25 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) p errno $7 = -22 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfa7419f '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $8 = -22 (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) s strnlen_user (s=0xbfa745a0 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0xbfa745a0 '0' <repeats 200 times>..., n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $9 = 1025 (gdb) s 49 } (gdb) p errno $10 = -22 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfa745a0 '0' <repeats 200 times>..., tp_user=0xbfa716a4) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $11 = -22 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~/03$ ./a.out 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345
[-593455808.-1216405516] 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 [0.000000000] 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 new_debug with argv[i]: Invalid argument new_debug with argv[i]: Invalid argument
- s0711489@ubuntu-lucid:~/03$ ./a.out 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000020123 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000201234 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000002012345
11/09
change sys_clock_gettime to getnstimeofday
- vim arch/x86/kernel/new_debug.c
-
arch/x86/kernel/new_debug.c
35 35 printk(KERN_DEBUG "%s\n", message); 36 36 37 37 if (tp_user != NULL) { 38 sys_clock_gettime(CLOCK_REALTIME,&ts);38 getnstimeofday(&ts); 39 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 40 errno = -EFAULT; 41 41 goto out;
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#12)
- s0711489@ubuntu-lucid:~$ sudo /mnt/hgfs/tools/install.sh
- gdb
(gdb) file vmlinux Reading symbols from /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/vmlinux...(no debugging symbols found)...done. (gdb) b sys_new_debug Breakpoint 1 at 0xc101d89c: file arch/x86/kernel/new_debug.c, line 9. (gdb) target remote windell46:8832 Remote debugging using windell46:8832 0xc1007cdf in native_safe_halt () at /home/ugrad/07/s0711489/coursework/KernelHack/linux-2.6.35.14/i386/arch/x86/include/asm/irqflags.h:49 49 asm volatile("sti; hlt": : :"memory"); (gdb) c Continuing. Breakpoint 1, sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) 14 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { 16 errno = -EFAULT; 17 goto out; 18 } 19 20 if (message_user == NULL) { 21 errno = -EINVAL; 22 goto out; 23 } (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); 25 if (len == 0 || len > __LOG_BUF_LEN) { 26 errno = -EINVAL; 27 goto out; 28 } 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { 30 errno = -EFAULT; 31 goto out; 32 } 33 message[sizeof(message) - 1] = '\0'; (gdb) 34 35 printk(KERN_DEBUG "%s\n", message); 36 37 if (tp_user != NULL) { 38 getnstimeofday(&ts); 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { 40 errno = -EFAULT; 41 goto out; 42 } 43 } (gdb) 44 45 errno = 0; 46 47 out: 48 return errno; 49 } (gdb) s 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 196 { (gdb) finish Run till exit from #0 strnlen_user (s=0x8048646 "new_debug()", n=1024) at arch/x86/lib/usercopy_32.c:196 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:25 25 if (len == 0 || len > __LOG_BUF_LEN) { Value returned is $1 = 12 (gdb) s 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) strncpy_from_user (dst=0xc158da00 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 114 { (gdb) finish Run till exit from #0 strncpy_from_user (dst=0xc158da00 "", src=0x8048646 "new_debug()", count=1023) at arch/x86/lib/usercopy_32.c:114 0xc101d8ea in sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:29 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { Value returned is $2 = 11 (gdb) s 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 614 va_start(args, fmt); (gdb) finish Run till exit from #0 printk (fmt=0xc1449542 "<7>%s\n") at kernel/printk.c:614 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:37 37 if (tp_user != NULL) { Value returned is $3 = 33 (gdb) s 49 } (gdb) finish Run till exit from #0 sys_new_debug (message_user=0x8048646 "new_debug()", tp_user=0x0) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $4 = 0 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~$ ./a.out
new_debug()
- s0711489@ubuntu-lucid:~$ ./a.out
- gdb
Breakpoint 1, sys_new_debug (message_user=0xbfb1b9b9 "1", tp_user=0xbfb1b324) at arch/x86/kernel/new_debug.c:9 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { (gdb) l 4 #include <linux/time.h> 5 6 /* from kernel/printk.c */ 7 #define __LOG_BUF_LEN 1024 8 9 SYSCALL_DEFINE2(new_debug, const char *, message_user, struct timespec*, tp_user) { 10 int errno; 11 static char message[__LOG_BUF_LEN]; 12 struct timespec ts; 13 long len = 0; (gdb) p message $5 = "new_debug()", '\000' <repeats 1012 times> (gdb) p message_user $6 = 0xbfb1b9b9 "1" (gdb) p tp_user $7 = (struct timespec *) 0xbfb1b324 (gdb) p ts $8 = {tv_sec = -570499584, tv_nsec = -1216356364} (gdb) n 15 if(tp_user != NULL && ! access_ok(VERIFY_WRITE, tp_user, sizeof(*tp_user)) ) { (gdb) 20 if (message_user == NULL) { (gdb) 24 len = strnlen_user(message_user, __LOG_BUF_LEN); (gdb) 25 if (len == 0 || len > __LOG_BUF_LEN) { (gdb) 29 if (strncpy_from_user(message, message_user, sizeof(message) - 1) < 0) { (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 33 message[sizeof(message) - 1] = '\0'; (gdb) 35 printk(KERN_DEBUG "%s\n", message); (gdb) 37 if (tp_user != NULL) { (gdb) 38 getnstimeofday(&ts); (gdb) 39 if (copy_to_user(tp_user, &ts, sizeof(ts)) != 0) { (gdb) p ts $9 = {tv_sec = 1320815780, tv_nsec = 601392214} (gdb) p tp_user $10 = (struct timespec *) 0xbfb1b324 (gdb) n 49 } (gdb) p tp_user $11 = (struct timespec *) 0xbfb1b324 (gdb) finish Run till exit from #0 sys_new_debug (message_user=0xbfb1b9b9 "1", tp_user=0xbfb1b324) at arch/x86/kernel/new_debug.c:49 0xc100288c in ?? () Value returned is $12 = 0 (gdb) c Continuing.
- s0711489@ubuntu-lucid:~$ ./a.out 1
[1320815780.601392214] 1
- s0711489@ubuntu-lucid:~$ ./a.out 1
- s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4
[1320815837.554212464] 1 [1320815837.554367435] 2 [1320815837.554373628] 3 [1320815837.554378429] 4
- s0711489@ubuntu-lucid:~$ ./a.out 1 2 3 4
[1320815846.036561542] 1 [1320815846.036726240] 2 [1320815846.036732514] 3 [1320815846.036737329] 4
- s0711489@ubuntu-lucid:~$ tail /var/log/debug
Nov 9 14:14:21 ubuntu-lucid kernel: [ 187.486803] new_debug() Nov 9 14:16:38 ubuntu-lucid kernel: [ 364.616724] 1 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607587] 1 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607744] 2 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607750] 3 Nov 9 14:17:17 ubuntu-lucid kernel: [ 425.607755] 4 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.089936] 1 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090102] 2 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090109] 3 Nov 9 14:17:26 ubuntu-lucid kernel: [ 434.090114] 4
fix macro for new_debug
- vim arch/x86/include/asm/new_debug.h
-
arch/x86/include/asm/new_debug.h
2 2 #define _ASM_X86_NEW_DEBUG_H 3 3 4 4 #include <asm/unistd.h> 5 #define new_debug(x ) syscall(__NR_new_debug, x)5 #define new_debug(x,y) syscall(__NR_new_debug, x, y) 6 6 7 7 #endif /* _ASM_X86_NEW_DEBUG_H */
-
- windell46:i386 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#12)
add new_debug to x86_64
- vim arch/x86/include/asm/unistd_64.h
-
arch/x86/include/asm/unistd_64.h
665 665 __SYSCALL(__NR_recvmmsg, sys_recvmmsg) 666 666 #define __NR_new_hello 300 667 667 __SYSCALL(__NR_new_hello, sys_new_hello) 668 #define __NR_new_debug 301 669 __SYSCALL(__NR_new_debug, sys_new_debug) 668 670 669 671 #ifndef __NO_STUBS 670 672 #define __ARCH_WANT_OLD_READDIR
-
- viola06:x86_64 s0711489$ ./build
Kernel: arch/x86/boot/bzImage is ready (#5)
- s0711489@ubuntu-lucid64:~$ sudo /mnt/hgfs/tools/install.sh
- s0711489@ubuntu-lucid64:~$ gcc -I /lib/modules/2.6.35.14/build/arch/x86/include/ 03/new_debug-sys.c
- s0711489@ubuntu-lucid64:~$ ./a.out
new_debug()
- s0711489@ubuntu-lucid64:~$ ./a.out 1 2 3 4 5 6 7 8
[1320819346.718424802] 1 [1320819346.718761534] 2 [1320819346.718767685] 3 [1320819346.718772404] 4 [1320819346.718776934] 5 [1320819346.718781608] 6 [1320819346.718786123] 7 [1320819346.718790631] 8
- s0711489@ubuntu-lucid64:~$ tail /var/log/kern.log
Nov 9 15:15:24 ubuntu-lucid64 kernel: [ 27.316107] cc1 used greatest stack depth: 4368 bytes left Nov 9 15:15:36 ubuntu-lucid64 kernel: [ 39.137213] new_debug() Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629638] 1 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629978] 2 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629985] 3 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629990] 4 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629994] 5 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.629999] 6 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.630004] 7 Nov 9 15:15:46 ubuntu-lucid64 kernel: [ 49.630008] 8
11/11
- vmallocは勝手に解放されることがあるらしい
- http://f42.aaa.livedoor.jp/~hassaku/crswikicrs/?LinuxDriver%A4%D8%A4%CE%C6%BB15%3F
vmallocを使うことは推奨されません。
- http://wiki.bit-hive.com/linuxkernelmemo/pg/kmalloc,vmalloc
- http://stackoverflow.com/questions/116343/what-is-the-difference-between-vmalloc-and-kmalloc
stackmod
- 適当な深さのスタックデバイス
- writeするとpushされる
- readするとpopされる
modtest
- http://www.hakodate-ct.ac.jp/~tokai/tokai/research/kmod.html#basic に従って、何もしないkernel moduleの作成
- windell46:04 s0711489$ touch Makefile
- windell46:04 s0711489$ touch modtest.c
11/15
test module
- s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko
- s0711489@ubuntu-lucid:~$ lsmod | grep test
modtest 511 0
- s0711489@ubuntu-lucid:~$ sudo rmmod modtest
- s0711489@ubuntu-lucid:~$ tailf /var/log/kern.log
Nov 16 12:57:12 ubuntu-lucid kernel: [ 184.191269] modtest is loaded Nov 16 12:57:49 ubuntu-lucid kernel: [ 221.183851] modtest is unloaded
accept parameter
- s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko
- s0711489@ubuntu-lucid:~$ sudo rmmod modtest
- s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko entry=1024
- s0711489@ubuntu-lucid:~$ sudo rmmod modtest
- s0711489@ubuntu-lucid:~$ tail /var/log/kern.log
Nov 16 13:55:37 ubuntu-lucid kernel: [ 3688.894628] modtest is loaded with 128 entry Nov 16 13:55:42 ubuntu-lucid kernel: [ 3694.171780] modtest is unloaded Nov 16 13:55:49 ubuntu-lucid kernel: [ 3700.375278] modtest is loaded with 1024 entry Nov 16 13:55:52 ubuntu-lucid kernel: [ 3704.198557] modtest is unloaded
- s0711489@ubuntu-lucid:~$ sudo insmod modtest.ko entry=1024
- s0711489@ubuntu-lucid:~$ cat /sys/module/modtest/parameters/entry
1024
stack module (copy from modtest)
- s0711489@ubuntu-lucid:~$ sudo insmod stackmod.ko
- s0711489@ubuntu-lucid:~$ sudo rmmod stackmod
- s0711489@ubuntu-lucid:~$ tail /var/log/kern.log
Nov 16 14:56:16 ubuntu-lucid kernel: [ 7326.677171] stackmod is loaded Nov 16 14:56:16 ubuntu-lucid kernel: [ 7326.677175] stackmod: 128 entry, major is 251, minor is 0 Nov 16 14:56:24 ubuntu-lucid kernel: [ 7335.090496] stackmod is unloaded
Attachments (4)
- WS002510.png (83.7 KB) - added by mitty 13 years ago.
- WS002511.png (96.7 KB) - added by mitty 13 years ago.
- WS002512.png (80.1 KB) - added by mitty 13 years ago.
- WS002515.png (72.2 KB) - added by mitty 13 years ago.
Download all attachments as: .zip