{"id":1646,"date":"2015-12-10T17:47:47","date_gmt":"2015-12-10T09:47:47","guid":{"rendered":"http:\/\/www.51cos.com\/?p=1646"},"modified":"2015-12-10T17:47:47","modified_gmt":"2015-12-10T09:47:47","slug":"linux%e9%a9%b1%e5%8a%a8%e7%a8%8b%e5%ba%8f%e8%b0%83%e8%af%95%e5%b8%b8%e7%94%a8%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"http:\/\/www.51cos.com\/?p=1646","title":{"rendered":"linux\u9a71\u52a8\u7a0b\u5e8f\u8c03\u8bd5\u5e38\u7528\u65b9\u6cd5"},"content":{"rendered":"<div id=\"article_content\" class=\"article_content\">\n<p>\u9a71\u52a8\u7a0b\u5e8f\u5f00\u53d1\u7684\u4e00\u4e2a\u91cd\u5927\u96be\u70b9\u5c31\u662f\u4e0d\u6613\u8c03\u8bd5\u3002\u672c\u6587\u76ee\u7684\u5c31\u662f\u4ecb\u7ecd\u9a71\u52a8\u5f00\u53d1\u4e2d\u5e38\u7528\u7684\u51e0\u79cd\u76f4\u63a5\u548c\u95f4\u63a5\u7684\u8c03\u8bd5\u624b\u6bb5\uff0c\u5b83\u4eec\u662f\uff1a<\/p>\n<ul>\n<li>\u5229\u7528printk<\/li>\n<li>\u67e5\u770bOOP\u6d88\u606f<\/li>\n<li>\u5229\u7528strace<\/li>\n<li>\u5229\u7528\u5185\u6838\u5185\u7f6e\u7684hacking\u9009\u9879<\/li>\n<li>\u5229\u7528ioctl\u65b9\u6cd5<\/li>\n<li>\u5229\u7528\/proc \u6587\u4ef6\u7cfb\u7edf<\/li>\n<li>\u4f7f\u7528kgdb<\/li>\n<\/ul>\n<p>\u4e00\u3001\u5229\u7528printk<\/p>\n<p>\u8fd9\u662f\u9a71\u52a8\u5f00\u53d1\u4e2d\u6700\u6734\u5b9e\u65e0\u534e\uff0c\u540c\u65f6\u4e5f\u662f\u6700\u5e38\u7528\u548c\u6709\u6548\u7684\u624b\u6bb5\u3002scull\u9a71\u52a8\u7684main.c\u7b2c338\u884c\u5982\u4e0b\uff0c\u5c31\u662f\u4f7f\u7528printk\u8fdb\u884c\u8c03\u8bd5\u7684\u4f8b\u5b50\uff0c\u8fd9\u6837\u7684\u4f8b\u5b50\u76f8\u4fe1\u5927\u5bb6\u5728\u9605\u8bfb\u9a71\u52a8\u6e90\u7801\u65f6\u968f\u5904\u53ef\u89c1\u3002<\/p>\n<p>338 \/\/\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 printk(KERN_ALERT &#8220;wakeup by signal in process %d\\n&#8221;, current-&gt;pid);<\/p>\n<p>printk\u7684\u529f\u80fd\u4e0e\u6211\u4eec\u7ecf\u5e38\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u4f7f\u7528\u7684printf\u662f\u4e00\u6837\u7684\uff0c\u4e0d\u540c\u4e4b\u5904\u5728\u4e8eprintk\u53ef\u4ee5\u5728\u6253\u5370\u5b57\u7b26\u4e32\u524d\u9762\u52a0\u4e0a\u5185\u6838\u5b9a\u4e49\u7684\u5b8f\uff0c\u4f8b\u5982\u4e0a\u9762\u4f8b\u5b50\u4e2d\u7684KERN_ALERT\uff08\u6ce8\u610f\uff1a\u5b8f\u4e0e\u5b57\u7b26\u4e32\u4e4b\u95f4\u6ca1\u6709\u9017\u53f7\uff09\u3002<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>#define KERN_EMERG &#8220;&lt;0&gt;&#8221;<\/li>\n<li>#define KERN_ALERT &#8220;&lt;1&gt;&#8221;<\/li>\n<li>#define KERN_CRIT &#8220;&lt;2&gt;&#8221;<\/li>\n<li>#define KERN_ERR &#8220;&lt;3&gt;&#8221;<\/li>\n<li>#define KERN_WARNING &#8220;&lt;4&gt;&#8221;<\/li>\n<li>#define KERN_NOTICE &#8220;&lt;5&gt;&#8221;<\/li>\n<li>#define KERN_INFO &#8220;&lt;6&gt;&#8221;<\/li>\n<li>#define KERN_DEBUG &#8220;&lt;7&gt;&#8221;<\/li>\n<li>#define DEFAULT_CONSOLE_LOGLEVEL 7<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u8fd9\u4e2a\u5b8f\u662f\u7528\u6765\u5b9a\u4e49\u9700\u8981\u6253\u5370\u7684\u5b57\u7b26\u4e32\u7684\u7ea7\u522b\u3002\u503c\u8d8a\u5c0f\uff0c\u7ea7\u522b\u8d8a\u9ad8\u3002\u5185\u6838\u4e2d\u6709\u4e2a\u53c2\u6570\u7528\u6765\u63a7\u5236\u662f\u5426\u5c06printk\u6253\u5370\u7684\u5b57\u7b26\u4e32\u8f93\u51fa\u5230\u63a7\u5236\u53f0\uff08\u5c4f\u5e55\u6216\u8005\/sys\/log\/syslog\u65e5\u5fd7\u6587\u4ef6\uff09<\/p>\n<p># cat \/proc\/sys\/kernel\/printk<br \/>\n6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 7<\/p>\n<p>\u7b2c\u4e00\u4e2a6\u8868\u793a\u7ea7\u522b\u9ad8\u4e8e\uff08\u5c0f\u4e8e\uff096\u7684\u6d88\u606f\u624d\u4f1a\u88ab\u8f93\u51fa\u5230\u63a7\u5236\u53f0\uff0c\u7b2c\u4e8c\u4e2a4\u8868\u793a\u5982\u679c\u8c03\u7528printk\u65f6\u6ca1\u6709\u6307\u5b9a\u6d88\u606f\u7ea7\u522b\uff08\u5b8f\uff09\u5219\u6d88\u606f\u7684\u7ea7\u522b\u4e3a4\uff0c\u7b2c\u4e09\u4e2a1\u8868\u793a\u63a5\u53d7\u7684\u6700\u9ad8\uff08\u6700\u5c0f\uff09\u7ea7\u522b\u662f1\uff0c\u7b2c\u56db\u4e2a7\u8868\u793a\u7cfb\u7edf\u542f\u52a8\u65f6\u7b2c\u4e00\u4e2a6\u539f\u6765\u7684\u521d\u503c\u662f7\u3002<\/p>\n<p>\u56e0\u6b64\uff0c\u5982\u679c\u4f60\u53d1\u73b0\u5728\u63a7\u5236\u53f0\u4e0a\u770b\u4e0d\u5230\u4f60\u7a0b\u5e8f\u4e2d\u67d0\u4e9bprintk\u7684\u8f93\u51fa\uff0c\u8bf7\u4f7f\u7528echo 8 &gt; \/proc\/sys\/kernel\/printk\u6765\u89e3\u51b3\u3002<\/p>\n<p>\u6211\u4eec\u5728\u590d\u6742\u9a71\u52a8\u7684\u5f00\u53d1\u8fc7\u7a0b\u4e2d\uff0c\u4e3a\u4e86\u8c03\u8bd5\u4f1a\u5728\u6e90\u7801\u4e2d\u52a0\u5165\u6210\u767e\u4e0a\u5343\u7684printk\u8bed\u53e5\u3002\u800c\u5f53\u8c03\u8bd5\u5b8c\u6bd5\u5f62\u6210\u6700\u7ec8\u4ea7\u54c1\u7684\u65f6\u5019\u5fc5\u7136\u4f1a\u5c06\u8fd9\u4e9bprintk\u8bed\u53e5\u5220 \u9664\uff08\u4e3a\u4ec0\u4e48\uff1f\u60f3\u60f3\u4f60\u81ea\u5df1\u662f\u9a71\u52a8\u7684\u4f7f\u7528\u8005\u800c\u4e0d\u662f\u5f00\u53d1\u8005\u5427\u3002\u8bb0\u4f4f\uff1a\u5df1\u6240\u4e0d\u6b32\uff0c\u52ff\u65bd\u4e8e\u4eba\uff09\uff0c\u8fd9\u4e2a\u5de5\u4f5c\u91cf\u662f\u4e0d\u5c0f\u7684\u3002\u6700\u8981\u547d\u7684\u662f\uff0c\u5982\u679c\u6211\u4eec\u5c06\u8c03\u8bd5\u7528\u7684printk\u8bed \u53e5\u5220\u9664\u540e\uff0c\u7528\u6237\u53c8\u62a5\u544a\u6211\u4eec\u7684\u9a71\u52a8\u6709bug\uff0c\u6240\u4ee5\u6211\u4eec\u53c8\u4e0d\u5f97\u4e0d\u624b\u5de5\u5c06\u8fd9\u4e9b\u4e0a\u5343\u6761\u7684printk\u8bed\u53e5\u518d\u91cd\u65b0\u52a0\u4e0a\u3002oh\uff0cmy god\uff0c\u6740\u4e86\u6211\u5427\u3002\u6240\u4ee5\uff0c\u6211\u4eec\u9700\u8981\u4e00\u79cd\u80fd\u65b9\u4fbf\u5730\u6253\u5f00\u548c\u5173\u95ed\u8c03\u8bd5\u4fe1\u606f\u7684\u624b\u6bb5\u3002\u54ea\u91cc\u80fd\u627e\u5230\u8fd9\u79cd\u624b\u6bb5\u5462\uff1f\u54c8\u54c8\uff0c\u8fdc\u5728\u5929\u8fb9\uff0c\u8fd1\u5728\u773c\u524d\u3002\u770b\u770bscull\u9a71\u52a8\u6216\u8005 leds\u9a71\u52a8\u7684\u6e90\u4ee3\u7801\u5427\uff01<\/p>\n<p>#define LEDS_DEBUG<br \/>\n#undef PDEBUG\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/* undef it, just in case *\/<br \/>\n#ifdef LEDS_DEBUG<br \/>\n#ifdef __KERNEL__<br \/>\n\/* This one if debugging is on, and kernel space *\/<br \/>\n#define PDEBUG(fmt, args\u2026) printk( KERN_EMERG &#8220;leds: &#8221; fmt, ## args)<br \/>\n#else<br \/>\n\/* This one for user space *\/<br \/>\n#define PDEBUG(fmt, args\u2026) fprintf(stderr, fmt, ## args)<br \/>\n#endif<br \/>\n#else<br \/>\n#define PDEBUG(fmt, args\u2026) \/* not debugging: nothing *\/<br \/>\n#endif<br \/>\n#undef PDEBUGG<br \/>\n#define PDEBUGG(fmt, args\u2026) \/* nothing: it\u2019s a placeholder *\/<\/p>\n<p>\u8fd9\u6837\u4e00\u6765\uff0c\u5728\u5f00\u53d1\u9a71\u52a8\u7684\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60f3\u6253\u5370\u8c03\u8bd5\u6d88\u606f\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u7528PDEBUG(&#8220;address of i_cdev is %p\\n&#8221;, inode-&gt;i_cdev);\uff0c\u5982\u679c\u4e0d\u60f3\u770b\u5230\u8be5\u8c03\u8bd5\u6d88\u606f\uff0c\u5c31\u53ea\u9700\u8981\u7b80\u5355\u7684\u5c06PDEBUG\u6539\u4e3aPDEBUGG\u5373\u53ef\u3002\u800c\u5f53\u6211\u4eec\u8c03\u8bd5\u5b8c\u6bd5\u5f62\u6210\u6700\u7ec8\u4ea7\u54c1 \u65f6\uff0c\u53ea\u9700\u8981\u7b80\u5355\u5730\u5c06\u7b2c1\u884c\u6ce8\u91ca\u6389\u5373\u53ef\u3002<\/p>\n<p>\u4e0a\u8fb9\u90a3\u4e00\u6bb5\u4ee3\u7801\u4e2d\u7684__KERNEL__\u662f\u5185\u6838\u4e2d\u5b9a\u4e49\u7684\u5b8f\uff0c\u5f53\u6211\u4eec\u7f16\u8bd1\u5185\u6838\uff08\u5305\u62ec\u6a21\u5757\uff09\u65f6\uff0c\u5b83\u4f1a\u88ab\u5b9a\u4e49\u3002\u5f53\u7136\u5982\u679c\u4f60\u4e0d\u660e\u767d\u4ee3\u7801\u4e2d\u7684\u2026\u548c##\u662f\u4ec0\u4e48\u610f \u601d\u7684\u8bdd\uff0c\u5c31\u8bf7\u8ba4\u771f\u67e5\u9605\u4e00\u4e0bgcc\u5173\u4e8e\u9884\u5904\u7406\u90e8\u5206\u7684\u8d44\u6599\u5427\uff01\u5982\u679c\u4f60\u5b9e\u5728\u592a\u61d2\u4e0d\u613f\u610f\u53bb\u67e5\u9605\u7684\u8bdd\uff0c\u90a3\u5c31\u5145\u5f53VC\u5de5\u7a0b\u5e08\u628a\u4e0a\u9762\u7684\u4ee3\u7801copy\u5230\u4f60\u7684\u4ee3\u7801\u4e2d\u53bb\u5427\u3002<\/p>\n<p>\u4e8c\u3001\u67e5\u770bOOP\u6d88\u606f<\/p>\n<p>OOP\u610f\u4e3a\u60ca\u8bb6\u3002\u5f53\u4f60\u7684\u9a71\u52a8\u6709\u95ee\u9898\uff0c\u5185\u6838\u4e0d\u60ca\u8bb6\u624d\u602a\uff1a\u563f\uff01\u5c0f\u5b50\uff0c\u4f60\u5e72\u5417\u4e71\u6765\uff01\u597d\u5427\uff0c\u5c31\u8ba9\u6211\u4eec\u6765\u770b\u770b\u5185\u6838\u662f\u5982\u4f55\u60ca\u8bb6\u7684\u3002<\/p>\n<p>\u6839\u636efaulty.c\uff08<a href=\"http:\/\/www.cnerent.com\/download\/faulty.c\"><u><strong>\u5355\u51fb\u4e0b\u8f7d<\/strong><\/u><\/a>\uff09 \u7f16\u8bd1\u51fafaulty.ko\uff0c\u5e76 insmod faulty.ko\u3002\u6267\u884cecho yang &gt;\/dev\/faulty\uff0c\u7ed3\u679c\u5185\u6838\u5c31\u60ca\u8bb6\u4e86\u3002\u5185\u6838\u4e3a\u4ec0\u4e48\u4f1a\u60ca\u8bb6\u5462\uff1f\u56e0\u4e3afaulty\u9a71\u52a8\u7684write\u51fd\u6570\u6267\u884c\u4e86*(int *)0 = 0\uff0c\u5411\u5185\u5b580\u5730\u5740\u5199\u5165\uff0c\u8fd9\u662f\u5185\u6838\u7edd\u5bf9\u4e0d\u4f1a\u5bb9\u8bb8\u7684\u3002<\/p>\n<p>52 ssize_t faulty_write (struct file *filp, const char __user *buf, size_t count,<br \/>\n53\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 loff_t *pos)<br \/>\n54 {<br \/>\n55\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/* make a simple fault by dereferencing a NULL pointer *\/<br \/>\n56\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 *(int *)0 = 0;<br \/>\n57\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return 0;<br \/>\n58 }<\/p>\n<p>1 Unable to handle kernel NULL pointer dereference at virtual address 00000000<br \/>\n2 pgd = c3894000<br \/>\n3 [00000000] *pgd=33830031, *pte=00000000, *ppte=00000000<br \/>\n4 Internal error: Oops: 817 [#1] PREEMPT<br \/>\n5 Modules linked in: faulty scull<br \/>\n6 CPU: 0\u00a0\u00a0\u00a0 Not tainted\u00a0 (2.6.22.6 #4)<br \/>\n7 PC is at faulty_write+0\u00d710\/0\u00d718 [faulty]<br \/>\n8 LR is at vfs_write+0xc4\/0\u00d7148<br \/>\n9 pc : [&lt;bf00608c&gt;]\u00a0\u00a0\u00a0 lr : [&lt;c0088eb8&gt;]\u00a0\u00a0\u00a0 psr: a0000013<br \/>\n10 sp : c3871f44\u00a0 ip : c3871f54\u00a0 fp : c3871f50<br \/>\n11 r10: 4021765c\u00a0 r9 : c3870000\u00a0 r8 : 00000000<br \/>\n12 r7 : 00000004\u00a0 r6 : c3871f78\u00a0 r5 : 40016000\u00a0 r4 : c38e5160<br \/>\n13 r3 : c3871f78\u00a0 r2 : 00000004\u00a0 r1 : 40016000\u00a0 r0 : 00000000<br \/>\n14 Flags: NzCv\u00a0 IRQs on\u00a0 FIQs on\u00a0 Mode SVC_32\u00a0 Segment user<br \/>\n15 Control: c000717f\u00a0 Table: 33894000\u00a0 DAC: 00000015<br \/>\n16 Process sh (pid: 745, stack limit = 0xc3870258)<br \/>\n17 Stack: (0xc3871f44 to 0xc3872000)<br \/>\n18 1f40:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 c3871f74 c3871f54 c0088eb8 bf00608c 00000004 c38e5180 c38e5160<br \/>\n19 1f60: c3871f78 00000000 c3871fa4 c3871f78 c0088ffc c0088e04 00000000 00000000<br \/>\n20 1f80: 00000000 00000004 40016000 40215730 00000004 c002c0e4 00000000 c3871fa8<br \/>\n21 1fa0: c002bf40 c0088fc0 00000004 40016000 00000001 40016000 00000004 00000000<br \/>\n22 1fc0: 00000004 40016000 40215730 00000004 00000001 00000000 4021765c 00000000<br \/>\n23 1fe0: 00000000 bea60964 0000266c 401adb40 60000010 00000001 00000000 00000000<br \/>\n24 Backtrace:<br \/>\n25 [&lt;bf00607c&gt;] (faulty_write+0\u00d70\/0\u00d718 [faulty]) from [&lt;c0088eb8&gt;] (vfs_write+0xc4\/0\u00d7148)<br \/>\n26 [&lt;c0088df4&gt;] (vfs_write+0\u00d70\/0\u00d7148) from [&lt;c0088ffc&gt;] (sys_write+0x4c\/0\u00d774)<br \/>\n27\u00a0 r7:00000000 r6:c3871f78 r5:c38e5160 r4:c38e5180<br \/>\n28 [&lt;c0088fb0&gt;] (sys_write+0\u00d70\/0\u00d774) from [&lt;c002bf40&gt;] (ret_fast_syscall+0\u00d70\/0x2c)<br \/>\n29\u00a0 r8:c002c0e4 r7:00000004 r6:40215730 r5:40016000 r4:00000004<br \/>\n30 Code: e1a0c00d e92dd800 e24cb004 e3a00000 (e5800000)<\/p>\n<ul>\n<li>1\u884c\u60ca\u8bb6\u7684\u539f\u56e0\uff0c\u4e5f\u5c31\u662f<strong>\u62a5\u544a\u51fa\u9519\u7684\u539f\u56e0<\/strong>\uff1b<\/li>\n<li>2-4\u884c\u662fOOP\u4fe1\u606f\u5e8f\u53f7\uff1b<\/li>\n<li>5\u884c\u662f\u51fa\u9519\u65f6\u5185\u6838\u5df2\u52a0\u8f7d\u6a21\u5757\uff1b<\/li>\n<li>6\u884c\u662f\u53d1\u751f\u9519\u8bef\u7684CPU\u5e8f\u53f7\uff1b<\/li>\n<li>7-15\u884c\u662f<strong>\u53d1\u751f\u9519\u8bef\u7684\u4f4d\u7f6e\uff0c\u4ee5\u53ca\u5f53\u65f6CPU\u5404\u4e2a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u8fd9\u6700\u6709\u5229\u4e8e\u6211\u4eec\u627e\u51fa\u95ee\u9898\u6240\u5728\u5730<\/strong>\uff1b<\/li>\n<li>16\u884c\u662f\u5f53\u524d\u8fdb\u7a0b\u7684\u540d\u5b57\u53ca\u8fdb\u7a0bID<\/li>\n<li>17-23\u884c\u662f\u51fa\u9519\u65f6\uff0c\u6808\u5185\u7684\u5185\u5bb9<\/li>\n<li>24-29\u884c\u662f\u6808\u56de\u6eaf\u4fe1\u606f\uff0c\u53ef\u770b\u51fa<strong>\u76f4\u5230\u51fa\u9519\u65f6\u7684\u51fd\u6570\u9012\u8fdb\u8c03\u7528\u5173\u7cfb<\/strong>\uff08\u786e\u4fddCONFIG_FRAME_POINTER\u88ab\u5b9a\u4e49\uff09<\/li>\n<li>30\u884c\u662f\u51fa\u9519\u6307\u4ee4\u53ca\u5176\u9644\u8fd1\u6307\u4ee4\u7684\u673a\u5668\u7801\uff0c\u51fa\u9519\u6307\u4ee4\u672c\u8eab\u5728\u5c0f\u62ec\u53f7\u4e2d<\/li>\n<\/ul>\n<p>\u53cd\u6c47\u7f16faulty.ko\uff08 arm-linux-objdump -D faulty.ko &gt; faulty.dis \uff1bcat faulty.dis\uff09\u53ef\u4ee5\u770b\u5230\u5982\u4e0b\u7684\u8bed\u53e5\u5982\u4e0b\uff1a<\/p>\n<p>0000007c &lt;faulty_write&gt;:<br \/>\n7c:\u00a0\u00a0 e1a0c00d\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ip, sp<br \/>\n80:\u00a0\u00a0 e92dd800\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 stmdb\u00a0\u00a0 sp!, {fp, ip, lr, pc}<br \/>\n84:\u00a0\u00a0 e24cb004\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub\u00a0\u00a0\u00a0\u00a0 fp, ip, #4\u00a0\u00a0\u00a0\u00a0\u00a0 ; 0\u00d74<br \/>\n88:\u00a0\u00a0 e3a00000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r0, #0\u00a0 ; 0\u00d70<br \/>\n8c:\u00a0\u00a0 e5800000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 str\u00a0\u00a0\u00a0\u00a0 r0, [r0]<br \/>\n90:\u00a0\u00a0 e89da800\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ldmia\u00a0\u00a0 sp, {fp, sp, pc}<\/p>\n<p>\u5b9a\u4f4d\u51fa\u9519\u4f4d\u7f6e\u4ee5\u53ca\u83b7\u53d6\u76f8\u5173\u4fe1\u606f\u7684\u8fc7\u7a0b\uff1a<\/p>\n<p>9 pc : [&lt;bf00608c&gt;]\u00a0\u00a0\u00a0 lr : [&lt;c0088eb8&gt;]\u00a0\u00a0\u00a0 psr: a0000013<\/p>\n<p>25 [&lt;bf00607c&gt;] (faulty_write+0\u00d70\/0\u00d718 [faulty]) from [&lt;c0088eb8&gt;] (vfs_write+0xc4\/0\u00d7148)<br \/>\n26 [&lt;c0088df4&gt;] (vfs_write+0\u00d70\/0\u00d7148) from [&lt;c0088ffc&gt;] (sys_write+0x4c\/0\u00d774)<\/p>\n<p><strong>\u51fa\u9519\u4ee3\u7801\u662ffaulty_write\u51fd\u6570\u4e2d\u7684\u7b2c5\u6761\u6307\u4ee4 \uff08(0xbf00608c-0xbf00607c)\/4+1=5\uff09\uff0c\u8be5\u51fd\u6570\u7684\u9996\u5730\u5740\u662f0xbf00607c\uff0c\u8be5\u51fd\u6570\u603b\u51716\u6761\u6307\u4ee4\uff080\u00d718\uff09\uff0c\u8be5\u51fd\u6570\u662f\u88ab 0xc0088eb8\u7684\u524d\u4e00\u6761\u6307\u4ee4\u8c03\u7528\u7684\uff08\u5373\uff1a\u51fd\u6570\u8fd4\u56de\u5730\u5740\u662f0xc0088eb8\u3002\u8fd9\u4e00\u70b9\u53ef\u4ee5\u4ece\u51fa\u9519\u65f6lr\u7684\u503c\u6b63\u597d\u7b49\u4e8e0xc0088eb8\u5f97\u5230\u5370 \u8bc1\uff09\u3002\u8c03\u7528\u8be5\u51fd\u6570\u7684\u6307\u4ee4\u662fvfs_write\u7684\u7b2c49\u6761\uff080xc4\/4=49\uff09\u6307\u4ee4\u3002<\/strong><\/p>\n<p><strong>\u8fbe\u5230\u51fa\u9519\u5904\u7684\u51fd\u6570\u8c03\u7528\u6d41\u7a0b\u662f\uff1awrite(\u7528\u6237\u7a7a\u95f4\u7684\u7cfb\u7edf\u8c03\u7528)\u2013&gt;sys_write\u2013&gt;vfs_write\u2013&gt;faulty_write<\/strong><\/p>\n<p>OOP\u6d88\u606f\u4e0d\u4ec5\u8ba9\u6211\u5b9a\u4f4d\u4e86\u51fa\u9519\u7684\u5730\u65b9\uff0c\u66f4\u8ba9\u6211\u60ca\u559c\u7684\u662f\uff0c\u5b83\u8ba9\u6211\u77e5\u9053\u4e86\u4e00\u4e9b\u79d8\u5bc6\uff1a1\u3001gcc\u4e2dfp\u5230\u5e95\u6709\u4f55\u7528\u5904\uff1f2\u3001\u4e3a\u4ec0\u4e48gcc\u7f16\u8bd1\u4efb\u4f55\u51fd\u6570\u7684\u65f6 \u5019\uff0c\u603b\u662f\u8981\u628a3\u6761\u770b\u4e0a\u53bb\u50bb\u50bb\u7684\u6307\u4ee4\u653e\u5728\u6574\u4e2a\u51fd\u6570\u7684\u6700\u5f00\u59cb\uff1f3\u3001\u5185\u6838\u548cgdb\u662f\u5982\u4f55\u77e5\u9053\u51fd\u6570\u8c03\u7528\u6808\u987a\u5e8f\uff0c\u5e76\u4f7f\u7528\u51fd\u6570\u7684\u540d\u5b57\u800c\u4e0d\u662f\u5730\u5740\uff1f 4\u3001\u6211\u5982\u4f55\u624d\u80fd\u77e5\u9053\u5404\u4e2a\u51fd\u6570\u5165\u6808\u7684\u5185\u5bb9\uff1f\u54c8\u54c8\uff0c\u6211\u6e10\u6e10\u559c\u6b22\u4e0a\u4e86\u8ba9\u5185\u6838\u60ca\u8bb6\uff0c\u90a3\u5c31\u518d\u770b\u4e00\u6b21\u5185\u6838\u60ca\u8bb6\u5427\u3002<\/p>\n<p>\u6267\u884c cat \/dev\/faulty\uff0c\u5185\u6838\u53c8\u518d\u4e00\u6b21\u60ca\u8bb6\uff01<\/p>\n<p>1 Unable to handle kernel NULL pointer dereference at virtual address 0000000b<br \/>\n2 pgd = c3a88000<br \/>\n3 [0000000b] *pgd=33a79031, *pte=00000000, *ppte=00000000<br \/>\n4 Internal error: Oops: 13 [#2] PREEMPT<br \/>\n5 Modules linked in: faulty<br \/>\n6 CPU: 0\u00a0\u00a0\u00a0 Not tainted\u00a0 (2.6.22.6 #4)<br \/>\n7 <strong>PC is at vfs_read+0xe0\/0\u00d7140<br \/>\n<\/strong>8 LR is at 0xffffffff<br \/>\n9 pc : [&lt;c0088c84&gt;]\u00a0\u00a0\u00a0 lr : [&lt;ffffffff&gt;]\u00a0\u00a0\u00a0 psr: 20000013<br \/>\n10 sp : c38d9f54\u00a0 ip : 0000001c\u00a0 fp : ffffffff<br \/>\n11 r10: 00000001\u00a0 r9 : c38d8000\u00a0 r8 : 00000000<br \/>\n12 r7 : 00000004\u00a0 r6 : ffffffff\u00a0 r5 : ffffffff\u00a0 r4 : ffffffff<br \/>\n13 r3 : ffffffff\u00a0 r2 : 00000000\u00a0 r1 : c38d9f38\u00a0 r0 : 00000004<br \/>\n14 Flags: nzCv\u00a0 IRQs on\u00a0 FIQs on\u00a0 Mode SVC_32\u00a0 Segment user<br \/>\n15 Control: c000717f\u00a0 Table: 33a88000\u00a0 DAC: 00000015<br \/>\n16 Process cat (pid: 767, stack limit = 0xc38d8258)<br \/>\n17 Stack: (0xc38d9f54 to 0xc38da000)<br \/>\n18 9f40:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 00002000 c3c105a0 c3c10580<br \/>\n19 9f60: c38d9f78 00000000 c38d9fa4 c38d9f78 c0088f88 c0088bb4 00000000 00000000<br \/>\n20 9f80: 00000000 00002000 bef07c80 00000003 00000003 c002c0e4 00000000 c38d9fa8<br \/>\n21 9fa0: c002bf40 c0088f4c 00002000 bef07c80 00000003 bef07c80 00002000 00000000<br \/>\n22 9fc0: 00002000 bef07c80 00000003 00000000 00000000 00000001 00000001 00000003<br \/>\n23 9fe0: 00000000 bef07c6c 0000266c 401adab0 60000010 00000003 00000000 00000000<br \/>\n<strong>24 Backtrace: invalid frame pointer 0xffffffff<br \/>\n<\/strong>25 Code: ebffff86 e3500000 e1a07000 da000015 (e594500c)<br \/>\n26 Segmentation fault<\/p>\n<p>\u4e0d\u8fc7\u8fd9\u6b21\u60ca\u8bb6\u5374\u4ee4\u4eba\u5927\u4e3a\u4e0d\u89e3\u3002OOP\u7adf\u7136\u8bf4\u51fa\u9519\u7684\u5730\u65b9\u5728vfs_read\uff08\u8981\u77e5\u9053\u5b83\u53ef\u662f\u5927\u62ff\u4eec\u5343\u9524\u767e\u70bc\u7684\u5185\u6838\u4ee3\u7801\uff09\uff0c\u8fd9\u600e\u4e48\u53ef\u80fd\uff1f\u54c8\u54c8\uff0c\u4e07\u80fd\u7684\u5185\u6838 \u4e5f\u4e0d\u80fd\u8ffd\u8e2a\u51fd\u6570\u8c03\u7528\u6808\u4e86\uff0c\u8fd9\u662f\u4e3a\u4ec0\u4e48\uff1f\u5176\u5b9e\u95ee\u9898\u51fa\u5728faulty_read\u768443\u884c\uff0c\u5b83\u5bfc\u81f4\u5165\u6808\u7684r4\u3001r5\u3001r6\u3001fp\u5168\u90e8\u53d8\u4e3a\u4e86 0xffffffff\uff0cip\u3001lr\u7684\u503c\u672a\u53d8\uff0c\u8fd9\u6837\u4e00\u6765faulty_read\u51fd\u6570\u80fd\u591f\u6210\u529f\u8fd4\u56de\u5230\u5b83\u7684\u8c03\u7528\u8005\u2014\u2014vfs_read\u3002\u4f46\u662f\u53ef\u601c\u7684 vfs_read\uff08\u5fe0\u5b9e\u7684APTCS\u89c4\u5219\u9075\u5b88\u8005\uff09\u5e76\u4e0d\u77e5\u9053\u5b83\u7684r4\u3001r5\u3001r6\u5df2\u7ecf\u88ab\u4e07\u6076\u7684faulty_read\u6539\u53d8\uff0c\u8fd9\u6837\u4e0b\u53bbvfs_read\u547d\u8fd0\u5c31 \u53ef\u60f3\u800c\u77e5\u4e86\u2014\u2014\u5fc5\u6b7b\u65e0\u7591\uff01\u867d\u7136\u5185\u6838\u5f88\u6709\u80fd\u529b\uff0c\u4f46\u7f3a\u5c11\u4e86\u6b63\u786e\u7684fp\u7684\u5e2e\u52a9\uff0c\u5b83\u4e5f\u65e0\u6cd5\u8ffd\u8e2a\u51fd\u6570\u8c03\u7528\u6808\u3002<\/p>\n<p>36 ssize_t faulty_read(struct file *filp, char __user *buf,<br \/>\n37\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 size_t count, loff_t *pos)<br \/>\n38 {<br \/>\n39\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int ret;<br \/>\n40\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 char stack_buf[4];<br \/>\n41<br \/>\n42\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/* Let\u2019s try a buffer overflow\u00a0 *\/<br \/>\n43\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>memset(stack_buf, 0xff, 20);<br \/>\n<\/strong>44\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if (count &gt; 4)<br \/>\n45\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 count = 4; \/* copy 4 bytes to the user *\/<br \/>\n46\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ret = copy_to_user(buf, stack_buf, count);<br \/>\n47\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if (!ret)<br \/>\n48\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return count;<br \/>\n49\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return ret;<br \/>\n50 }<\/p>\n<p>00000000 &lt;faulty_read&gt;:<br \/>\n0:\u00a0\u00a0 e1a0c00d\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ip, sp<br \/>\n4:\u00a0\u00a0 e92dd870\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>stmdb\u00a0\u00a0 sp!, {r4, r5, r6, fp, ip, lr, pc}<br \/>\n<\/strong>\u00a0\u00a0 8:\u00a0\u00a0 e24cb004\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub\u00a0\u00a0\u00a0\u00a0 fp, ip, #4\u00a0\u00a0\u00a0\u00a0\u00a0 ; 0\u00d74<br \/>\nc:\u00a0\u00a0 e24dd004\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub\u00a0\u00a0\u00a0\u00a0 sp, sp, #4\u00a0\u00a0\u00a0\u00a0\u00a0 ; 0\u00d74\uff0c\u8fd9\u91cc\u4e3astack_buf[]\u5728\u6808\u4e0a\u5206\u914d1\u4e2a\u5b57\u7684\u7a7a\u95f4\uff0c\u5c40\u90e8\u53d8\u91cfret\u4f7f\u7528\u5bc4\u5b58\u5668\u5b58\u50a8\uff0c\u56e0\u6b64\u5c31\u4e0d\u5728\u6808\u4e0a\u5206\u914d\u7a7a\u95f4\u4e86<br \/>\n10:\u00a0\u00a0 e24b501c\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub\u00a0\u00a0\u00a0\u00a0 r5, fp, #28\u00a0\u00a0\u00a0\u00a0 ; 0x1c<br \/>\n14:\u00a0\u00a0 e1a04001\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r4, r1<br \/>\n18:\u00a0\u00a0 e1a06002\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r6, r2<br \/>\n1c:\u00a0\u00a0 e3a010ff\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r1, #255\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; 0xff<br \/>\n20:\u00a0\u00a0 e3a02014\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r2, #20 ; 0\u00d714<br \/>\n24:\u00a0\u00a0 e1a00005\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 r0, r5<br \/>\n28:\u00a0\u00a0 ebfffffe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 bl\u00a0\u00a0\u00a0\u00a0\u00a0 28 &lt;faulty_read+0\u00d728&gt;\u00a0 \/\/\u8fd9\u91cc\u5728\u8c03\u7528memset<\/p>\n<p>78:\u00a0\u00a0 e89da878\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>ldmia\u00a0\u00a0 sp, {r3, r4, r5, r6, fp, sp, pc}<\/strong><\/p>\n<p>\u8fd9\u6b21OOP\uff0c\u8ba9\u6211\u6df1\u523b\u5730\u8ba4\u8bc6\u5230\uff1a<\/p>\n<ol>\n<li>\u5185\u6838\u80fd\u529b\u8d85\u5f3a\uff0c\u4f46\u5b83\u4e0d\u662f\uff0c\u4e5f\u4e0d\u53ef\u80fd\u662f\u4e07\u80fd\u7684\u3002\u6240\u4ee5\u5373\u4f7f\u4f60\u80fd\u529b\u518d\u5f3a\uff0c\u4e5f\u8981\u548c\u4f60\u7684team member\u641e\u597d\u5173\u7cfb\uff0c\u5426\u5219\u5728\u5173\u952e\u65f6\u5019\u4f60\u4f1a\u5012\u9709\u7684\uff1b<\/li>\n<li>\u51fa\u9519\u7684\u662ffaulty_read\uff0cvfs_read\u5374\u505a\u4e86\u66ff\u7f6a\u7f8a\u3002\u6240\u4ee5\u4eba\u4e0d\u8981\u88ab\u8868\u9762\u73b0\u8c61\u6240\u8ff7\u60d1\uff0c\u8981\u6df1\u5165\u770b\u672c\u8d28\uff1b<\/li>\n<li>\u5185 \u6838\u672c\u6765\u8d85\u7ea7\u5065\u58ee\uff0c\u53ef\u662f\u4f60\u5199\u7684\u9a71\u52a8\u662f\u5185\u6838\u7684\u7ec4\u6210\u90e8\u5206\uff0c\u7531\u4e8e\u5b83\u51fa\u9519\uff0c\u7ed3\u679c\u6574\u4f53\u5d29\u76d8\u3002\u6240\u4ee5\u5f53\u4f60\u52a0\u5165\u4e00\u4e2a\u56e2\u961f\u7684\u65f6\u5019\u4e00\u5b9a\u8981\u544a\u8beb\u81ea\u5df1\uff0c\u867d\u7136\u4f60\u7684\u89d2\u8272\u4e5f\u8bb8\u5e76\u4e0d\u91cd\u8981\uff0c\u4f46 \u4f60\u7684\u758f\u5ffd\u5927\u610f\u5c06\u8db3\u4ee5\u4ee4\u6574\u4e2a\u975e\u5e38\u725bX\u7684\u56e2\u961f\u5d29\u76d8\u3002\u53cd\u8fc7\u6765\u8bf4\uff0c\u5f53\u4f60\u662fteam leader\u7684\u65f6\u5019\uff0c\u5728\u9009\u56e2\u961f\u6210\u5458\u7684\u65f6\u5019\u4e00\u5b9a\u8981\u614e\u91cd\u3001\u614e\u91cd\u3001\u518d\u614e\u91cd\uff0c\u5373\u4f7f\u4ed6\u53ea\u662f\u4e00\u4e2a\u5c0f\u89d2\u8272\u3002<\/li>\n<li>\u5343\u4e07\u522b\u60f9\u5806\u6808\uff0c\u5b83\u4e00\u65e6\u51fa\u95ee\u9898\uff0c\u5b9a\u4f4d\u9519\u8bef\u5c06\u4f1a\u662f\u4e00\u4ef6\u975e\u5e38\u56f0\u96be\u7684\u4e8b\u60c5\u3002\u6240\u4ee5\uff0c\u5343\u4e07\u522b\u60f9\u4f60\u7684\u9886\u5bfc\uff0c\u5426\u5219\u4f60\u5c06\u6b7b\u5f97\u5f88\u96be\u770b\u3002<\/li>\n<\/ol>\n<p>\u4e09\u3001\u5229\u7528strace<\/p>\n<p>\u6709\u65f6\u5c0f\u95ee\u9898\u53ef\u4ee5\u901a\u8fc7\u76d1\u89c6\u7a0b\u5e8f\u76d1\u63a7\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u7684\u884c\u4e3a\u6765\u8ffd\u8e2a\uff0c\u540c\u65f6\u76d1\u89c6\u7a0b\u5e8f\u4e5f\u6709\u52a9\u4e8e\u5efa\u7acb\u5bf9\u9a71\u52a8\u6b63\u786e\u5de5\u4f5c\u7684\u4fe1\u5fc3\u3002\u4f8b\u5982\uff0c\u5728\u770b\u4e86\u5b83\u7684\u8bfb\u5b9e\u73b0\u5982\u4f55\u54cd\u5e94\u4e0d\u540c\u6570\u91cf\u6570\u636e\u7684\u8bfb\u8bf7\u6c42\u4e4b\u540e\uff0c\u6211\u4eec\u80fd\u591f\u5bf9scull\u6b63\u5728\u6b63\u786e\u8fd0\u884c\u611f\u5230\u6709\u4fe1\u5fc3\u3002<br \/>\n\u6709\u51e0\u4e2a\u65b9\u6cd5\u6765\u76d1\u89c6\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\u8fd0\u884c\u3002\u4f60\u53ef\u4ee5\u8fd0\u884c\u4e00\u4e2a\u8c03\u8bd5\u5668\u6765\u5355\u6b65\u8fc7\u5b83\u7684\u51fd\u6570\uff0c\u589e\u52a0\u6253\u5370\u8bed\u53e5\uff0c\u6216\u8005\u5728 strace \u4e0b\u8fd0\u884c\u7a0b\u5e8f\u3002\u8fd9\u91cc\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u6700\u540e\u4e00\u4e2a\u6280\u672f\uff0c\u56e0\u4e3a\u5f53\u771f\u6b63\u76ee\u7684\u662f\u68c0\u67e5\u5185\u6838\u4ee3\u7801\u65f6\uff0c\u5b83\u662f\u6700\u6709\u7528\u7684\u3002<br \/>\nstrace \u547d\u4ee4\u662f\u4e00\u4e2a\u6709\u529b\u5de5\u5177\uff0c<strong>\u5b83\u80fd\u663e\u793a\u6240\u6709\u7684\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\u53d1\u51fa\u7684\u7cfb\u7edf\u8c03\u7528<\/strong>\u3002 \u5b83\u4e0d\u4ec5\u663e\u793a\u8c03\u7528\uff0c\u8fd8\u4ee5\u7b26\u53f7\u5f62\u5f0f\u663e\u793a\u8c03\u7528\u7684\u53c2\u6570\u548c\u8fd4\u56de\u503c\u3002\u5f53\u4e00\u4e2a\u7cfb\u7edf\u8c03\u7528\u5931\u8d25, \u9519\u8bef\u7684\u7b26\u53f7\u503c(\u4f8b\u5982, ENOMEM)\u548c\u5bf9\u5e94\u7684\u5b57\u4e32(Out of memory) \u90fd\u663e\u793a\u3002strace \u6709\u5f88\u591a\u547d\u4ee4\u884c\u9009\u9879\uff0c\u5176\u4e2d\u6700\u6709\u7528\u7684\u662f -t \u6765\u663e\u793a\u6bcf\u4e2a\u8c03\u7528\u6267\u884c\u7684\u65f6\u95f4\uff0c-T \u6765\u663e\u793a\u8c03\u7528\u4e2d\u82b1\u8d39\u7684\u65f6\u95f4\uff0c-e \u6765\u9650\u5236\u88ab\u8ddf\u8e2a\u8c03\u7528\u7684\u7c7b\u578b\uff08\u4f8b\u5982strace \u2013eread,write\u00a0 ls\u8868\u793a\u53ea\u76d1\u63a7read\u548cwrite\u8c03\u7528\uff09\uff0c\u4ee5\u53ca-o \u6765\u91cd\u5b9a\u5411\u8f93\u51fa\u5230\u4e00\u4e2a\u6587\u4ef6\u3002\u7f3a\u7701\u60c5\u51b5\u4e0b\uff0cstrace \u6253\u5370\u8c03\u7528\u4fe1\u606f\u5230 stderr\u3002<br \/>\nstrace \u4ece\u5185\u6838\u81ea\u8eab\u83b7\u53d6\u4fe1\u606f\u3002\u8fd9\u610f\u5473\u7740\u53ef\u4ee5\u8ddf\u8e2a\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u4e0d\u7ba1\u5b83\u662f\u5426\u5e26\u6709\u8c03\u8bd5\u652f\u6301\u7f16\u8bd1(\u5bf9 gcc \u662f -g \u9009\u9879)\u4ee5\u53ca\u4e0d\u7ba1\u5b83\u662f\u5426\u88abstrip\u8fc7\u3002\u6b64\u5916\uff0c\u4f60\u4e5f\u53ef\u4ee5\u8ffd\u8e2a\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u4e2d\u7684\u8fdb\u7a0b\uff0c\u8fd9\u7c7b\u4f3c\u4e8e\u8c03\u8bd5\u5668\u8fde\u63a5\u5230\u4e00\u4e2a\u8fd0\u884c\u4e2d\u7684\u8fdb\u7a0b\u5e76\u63a7\u5236\u5b83\u3002<br \/>\n\u8ddf\u8e2a\u4fe1\u606f\u5e38\u7528\u6765\u652f\u6301\u53d1\u7ed9\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u8005\u7684\u6545\u969c\u62a5\u544a\uff0c\u4f46\u662f\u5bf9\u5185\u6838\u7a0b\u5e8f\u5458\u4e5f\u662f\u5f88\u6709\u4ef7\u503c\u7684\u3002\u6211\u4eec\u5df2\u7ecf\u770b\u5230\u9a71\u52a8\u4ee3\u7801\u8fd0\u884c\u5982\u4f55\u54cd\u5e94\u7cfb\u7edf\u8c03\u7528\uff0cstrace \u5141\u8bb8\u6211\u4eec\u68c0\u67e5\u6bcf\u4e2a\u8c03\u7528\u7684\u8f93\u5165\u548c\u8f93\u51fa\u6570\u636e\u7684\u4e00\u81f4\u6027\u3002<br \/>\n\u4f8b\u5982\uff0c\u8fd0\u884c\u547d\u4ee4 strace ls \/dev &gt; \/dev\/scull0 \u5c06\u4f1a\u5728\u5c4f\u5e55\u4e0a\u663e\u793a\u5982\u4e0b\u7684\u5185\u5bb9\uff1a<br \/>\nopen(&#8220;\/dev&#8221;, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3<br \/>\nfstat64(3, {st_mode=S_IFDIR|0755, st_size=24576, \u2026}) = 0<br \/>\nfcntl64(3, F_SETFD, FD_CLOEXEC) = 0<br \/>\ngetdents64(3, \/* 141 entries *\/, 4096) = 4088<br \/>\n[&#8230;]<br \/>\ngetdents64(3, \/* 0 entries *\/, 4096) = 0<br \/>\nclose(3) = 0<br \/>\n[&#8230;]<br \/>\nfstat64(1, {st_mode=S_IFCHR|0664, st_rdev=makedev(254, 0), \u2026}) = 0<br \/>\nwrite(1, &#8220;MAKEDEV\\nadmmidi0\\nadmmidi1\\nadmmid&#8221;\u2026, 4096) = 4000<br \/>\nwrite(1, &#8220;b\\nptywc\\nptywd\\nptywe\\nptywf\\nptyx0\\n&#8221;\u2026, 96) = 96<br \/>\nwrite(1, &#8220;b\\nptyxc\\nptyxd\\nptyxe\\nptyxf\\nptyy0\\n&#8221;\u2026, 4096) = 3904<br \/>\nwrite(1, &#8220;s17\\nvcs18\\nvcs19\\nvcs2\\nvcs20\\nvcs21&#8243;\u2026, 192) = 192<br \/>\nwrite(1, &#8220;\\nvcs47\\nvcs48\\nvcs49\\nvcs5\\nvcs50\\nvc&#8221;\u2026, 673) = 673<br \/>\nclose(1) = 0<br \/>\nexit_group(0) = ?<br \/>\n\u4ece\u7b2c\u4e00\u4e2a write \u8c03\u7528\u770b, \u660e\u663e\u5730, \u5728 ls \u7ed3\u675f\u67e5\u770b\u76ee\u6807\u76ee\u5f55\u540e\uff0c\u5b83\u8bd5\u56fe\u5199 4KB\u3002\u4f46\u5947\u602a\u7684\u662f\uff0c\u53ea\u6709 4000 \u5b57\u8282\u88ab\u6210\u529f\u5199\u5165, \u5e76\u4e14\u64cd\u4f5c\u88ab\u91cd\u590d\u3002\u4f46\u5f53\u6211\u4eec\u67e5\u770bscull \u4e2d\u7684\u5199\u5b9e\u73b0\uff0c\u53d1\u73b0\u5b83\u4e00\u6b21\u6700\u591a\u53ea\u5141\u8bb8\u5199\u4e00\u4e2aquantum\uff08\u51714000\u5b57\u8282\uff09\uff0c\u53ef\u89c1\u9a71\u52a8\u672c\u6765\u5c31\u662f\u671f\u671b\u90e8\u5206\u5199\u3002\u51e0\u6b65\u4e4b\u540e, \u6240\u6709\u4e1c\u897f\u6e05\u7a7a, \u7a0b\u5e8f\u6210\u529f\u9000\u51fa\u3002<strong>\u6b63\u662f\u901a\u8fc7strace\u7684\u8f93\u51fa\uff0c\u4f7f\u6211\u4eec\u786e\u4fe1\u9a71\u52a8\u7684\u90e8\u5206\u5199\u529f\u80fd\u8fd0\u884c\u6b63\u786e\u3002<br \/>\n<\/strong>\u4f5c\u4e3a\u53e6\u4e00\u4e2a\u4f8b\u5b50, \u8ba9\u6211\u4eec\u8bfb\u53d6 scull \u8bbe\u5907(\u4f7f\u7528 wc scull0 \u547d\u4ee4):<br \/>\n[&#8230;]<br \/>\nopen(&#8220;\/dev\/scull0&#8221;, O_RDONLY|O_LARGEFILE) = 3<br \/>\nfstat64(3, {st_mode=S_IFCHR|0664, st_rdev=makedev(254, 0), \u2026}) = 0<br \/>\nread(3, &#8220;MAKEDEV\\nadmmidi0\\nadmmidi1\\nadmmid&#8221;\u2026, 16384) = 4000<br \/>\nread(3, &#8220;b\\nptywc\\nptywd\\nptywe\\nptywf\\nptyx0\\n&#8221;\u2026, 16384) = 4000<br \/>\nread(3, &#8220;s17\\nvcs18\\nvcs19\\nvcs2\\nvcs20\\nvcs21&#8243;\u2026, 16384) = 865<br \/>\nread(3, &#8220;&#8221;, 16384) = 0<br \/>\nfstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), \u2026}) = 0<br \/>\nwrite(1, &#8220;8865 \/dev\/scull0\\n&#8221;, 17) = 17<br \/>\nclose(3) = 0<br \/>\nexit_group(0) = ?<br \/>\n<strong>\u5982\u540c\u671f\u671b\u7684, read \u4e00\u6b21\u53ea\u80fd\u83b7\u53d6 4000 \u5b57\u8282\uff0c\u4f46\u662f\u6570\u636e\u603b\u91cf\u7b49\u540c\u4e8e\u524d\u4e2a\u4f8b\u5b50\u5199\u5165\u7684\u3002<\/strong>\u8fd9\u4e2a\u4f8b\u5b50\uff0c\u610f\u5916\u7684\u6536\u83b7\u662f\uff1a\u53ef\u4ee5\u80af\u5b9a\uff0cwc \u4e3a\u5feb\u901f\u8bfb\u8fdb\u884c\u4e86\u4f18\u5316\uff0c\u5b83\u56e0\u6b64\u7ed5\u8fc7\u4e86\u6807\u51c6\u5e93\uff08\u6ca1\u6709\u4f7f\u7528fscanf\uff09\uff0c\u800c\u662f\u76f4\u63a5\u4e00\u4e2a\u7cfb\u7edf\u8c03\u7528\u4ee5\u8bfb\u53d6\u66f4\u591a\u6570\u636e\u3002\u8fd9\u4e00\u70b9\uff0c\u53ef\u4ece\u8ddf\u8e2a\u5230\u7684\u8bfb\u7684\u884c\u91cc\u770b\u5230wc\u4e00\u6b21\u8bd5\u56fe\u8bfb\u53d616 KB\u7684\u6570\u636e\u800c\u786e\u8ba4\u3002<\/p>\n<p>\u56db\u3001\u5229\u7528\u5185\u6838\u5185\u7f6e\u7684hacking\u9009\u9879<\/p>\n<p>\u5185\u6838\u5f00\u53d1\u8005\u5728make menuconfig\u7684Kernel hacking\u63d0\u4f9b\u4e86\u4e00\u4e9b\u5185\u6838\u8c03\u8bd5\u9009\u9879\u3002\u8fd9\u4e9b\u9009\u9879\u6709\u52a9\u4e8e\u6211\u4eec\u8c03\u8bd5\u9a71\u52a8\u7a0b\u5e8f\uff0c\u56e0\u4e3a\u5f53\u6211\u4eec\u542f\u7528\u67d0\u4e9b\u8c03\u8bd5\u9009\u9879\u7684\u65f6\u5019\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4f1a\u5728\u53d1\u73b0\u9a71\u52a8\u8fd0\u884c\u6709\u95ee\u9898\u65f6\u7ed9\u51fa\u4e00\u4e9b \u9519\u8bef\u63d0\u793a\u4fe1\u606f\uff0c\u800c\u8fd9\u4e9b\u4fe1\u606f\u975e\u5e38\u6709\u52a9\u4e8e\u9a71\u52a8\u5f00\u53d1\u8005\u627e\u51fa\u9a71\u52a8\u4e2d\u7684\u95ee\u9898\u6240\u5728\u3002\u4e0b\u9762\u5c31\u4e3e\u51e0\u4e2a\u7b80\u5355\u4f8b\u5b50\u3002<\/p>\n<p>\u5148\u542f\u7528\u5982\u4e0b\u9009\u9879\uff1a<\/p>\n<ul>\n<li>General setup \u2014 Configure standard kernel features (for small systems) \u2014 Load all symbols for debugging\/ksymoops (NEW)<\/li>\n<li>Kernel hacking \u2014 Kernel debugging<\/li>\n<li>Device Drivers \u2014 Generic Driver Options \u2014 Driver Core verbose debug messages<\/li>\n<\/ul>\n<p>1\u3001Kernel debugging \u2014 Spinlock and rw-lock debugging: basic checks (NEW)\u53ef\u4ee5\u68c0\u67e5\u5230\u672a\u521d\u59cb\u5316\u7684\u81ea\u65cb\u9501<\/p>\n<p>2\u3001Kernel debugging \u2014 Mutex debugging: basic checks (NEW) \u53ef\u4ee5\u68c0\u67e5\u5230\u672a\u521d\u59cb\u5316\u7684\u4fe1\u53f7\u91cf<\/p>\n<p>717\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/init_MUTEX(&amp;scull_devices[i].sem);<\/p>\n<p>\u4f8b\u5982\uff0c\u5982\u679c\u6211\u4eec\u5fd8\u8bb0\u4e86\u521d\u59cb\u5316scull\u9a71\u52a8\u4e2d\u7684\u4fe1\u53f7\u91cf\uff08\u5c06main.c\u7684\u7b2c717\u884c\u6ce8\u91ca\u6389\uff09\uff0c\u5219\u5728open\u8bbe\u5907scull\u65f6\u53ea\u4f1a\u4ea7\u751fOOP\uff0c\u800c\u6ca1\u6709 \u5176\u5b83\u4fe1\u606f\u63d0\u793a\u6211\u4eec\u6709\u4fe1\u53f7\u91cf\u672a\u521d\u59cb\u5316\uff0c\u56e0\u6b64\u6b64\u65f6\u6211\u4eec\u5f88\u96be\u5b9a\u4f4d\u95ee\u9898\u3002\u76f8\u53cd\uff0c\u5982\u679c\u542f\u7528\u4e86\u4e0a\u8ff0\u9009\u9879\uff0c\u64cd\u4f5c\u7cfb\u7edf\u5219\u4f1a\u4ea7\u751f\u76f8\u5173\u63d0\u793a\u4fe1\u606f\uff0c\u4f7f\u6211\u4eec\u77e5\u9053\u6709\u672a\u521d\u59cb\u5316\u7684\u4fe1\u53f7\u91cf \u6216\u8005\u81ea\u65cb\u9501\u3002\u4ece\u800c\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u53bb\u9a71\u52a8\u4ee3\u7801\u4e2d\u521d\u59cb\u5316\u4fe1\u53f7\u91cf\u548c\u81ea\u65cb\u9501\u7684\u5730\u65b9\u4fee\u6b63\u7a0b\u5e8f\u3002<\/p>\n<p>\u8fd9\u4e2a\u6d4b\u8bd5\uff0c\u6211\u4eec\u7684\u610f\u5916\u6536\u83b7\u662f\uff1a\u4fe1\u53f7\u91cf\u7684\u5b9e\u73b0\uff0c\u5176\u5e95\u5c42\u4ecd\u7136\u662f\u81ea\u65cb\u9501\u3002\u8fd9\u4e0e\u6211\u4eec\u4e4b\u524d\u7684\u5927\u80c6\u63a8\u6d4b\u4e00\u81f4\u3002<\/p>\n<p>process 751 enter scull_open<br \/>\n<strong>BUG: spinlock bad magic on CPU#0, sh\/751<br \/>\nlock: c38ac1e4, .magic: 00000000, .owner: &lt;none&gt;\/-1, .owner_cpu: 0<br \/>\n<\/strong>[&lt;c002fe70&gt;] (dump_stack+0\u00d70\/0\u00d714) from [&lt;c0130b5c&gt;] (spin_bug+0\u00d790\/0xa4)<br \/>\n[&lt;c0130acc&gt;] (spin_bug+0\u00d70\/0xa4) from [&lt;c0130b98&gt;] (_raw_spin_lock+0\u00d728\/0\u00d7160)<br \/>\nr5:40000013 r4:c38ac1e4<br \/>\n[&lt;c0130b70&gt;] (_raw_spin_lock+0\u00d70\/0\u00d7160) from [&lt;c025276c&gt;] (_spin_lock_irqsave+0x2c\/0\u00d734)<br \/>\n<strong>[&lt;c0252740&gt;] (_spin_lock_irqsave+0\u00d70\/0\u00d734) from [&lt;c0053d28&gt;] (add_wait_queue_exclusive+0\u00d724\/0\u00d750)<br \/>\nr5:c38ac1e4 r4:c38a1e1c<br \/>\n[&lt;c0053d04&gt;] (add_wait_queue_exclusive+0\u00d70\/0\u00d750) from [&lt;c024fcf0&gt;] (__down_interruptible+0x5c\/0x16c)<br \/>\nr5:c38a0000 r4:c38ac1dc<br \/>\n[&lt;c024fc94&gt;] (__down_interruptible+0\u00d70\/0x16c) from [&lt;c024fb4c&gt;] (__down_interruptible_failed+0xc\/0\u00d720)<br \/>\n<\/strong>[&lt;bf000530&gt;] (scull_open+0\u00d70\/0xd8 [scull]) from [&lt;c0088eb8&gt;] (chrdev_open+0x1b4\/0x1d8)<br \/>\nr6:c3ef0300 r5:c38ac1fc r4:bf0045a0<\/p>\n<p>3\u3001Kernel debugging \u2014 Spinlock debugging: sleep-inside-spinlock checking (NEW) \u53ef\u4ee5\u68c0\u67e5\u51fa\u9a71\u52a8\u5728\u83b7\u53d6\u81ea\u65cb\u9501\u540e\u53c8\u7761\u7720\u4ee5\u53ca\u6b7b\u9501\u7b49\u72b6\u51b5<\/p>\n<p>345\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ssleep(5);<\/p>\n<p>87 #define usespin<\/p>\n<p>\u4f8b\u5982\uff0c\u5982\u679c\u7b2c1\u4e2a\u8fdb\u7a0b\u5728\u83b7\u5f97\u81ea\u65cb\u9501\u7684\u60c5\u51b5\u4e0b\u7761\u7720\uff08\u53bb\u6389main.c\u7b2c345\u884c\u7684\u6ce8\u91ca\uff0c\u53bb\u6389scull.h\u7b2c87\u884c\u7684\u6ce8\u91ca\uff09\uff0c\u5f53\u7b2c2\u4e2a\u8fdb\u7a0b\u8bd5\u56fe\u83b7\u5f97\u81ea\u65cb\u9501\u65f6\u5c06\u6b7b\u9501\u7cfb\u7edf\u3002\u4f46\u5982\u679c\u542f\u7528\u4e86\u4e0a\u9762\u7684\u9009\u9879\uff0c\u5219\u5728\u6b7b\u9501\u524d\u64cd\u4f5c\u7cfb\u7edf\u53ef\u4ee5\u7ed9\u51fa\u63d0\u793a\u4fe1\u606f\u3002<\/p>\n<p>process 763 enter read<br \/>\nsemphore get, and begin sleep 5 second in process 763<br \/>\n<strong>BUG: scheduling while atomic: cat\/0\u00d700000001\/763<br \/>\n<\/strong>[&lt;c002fe70&gt;] (dump_stack+0\u00d70\/0\u00d714) from [&lt;c024fe64&gt;] (schedule+0\u00d764\/0\u00d7778)<br \/>\n[&lt;c024fe00&gt;] (schedule+0\u00d70\/0\u00d7778) from [&lt;c02510a8&gt;] (schedule_timeout+0x8c\/0xbc)<\/p>\n<p>process 764 enter read<br \/>\n<strong>BUG: spinlock cpu recursion on CPU#0, cat\/764<br \/>\nlock: c3ae7014, .magic: dead4ead, .owner: cat\/763, .owner_cpu: 0<br \/>\n<\/strong>[&lt;c002fe70&gt;] (dump_stack+0\u00d70\/0\u00d714) from [&lt;c0130b5c&gt;] (spin_bug+0\u00d790\/0xa4)<br \/>\n[&lt;c0130acc&gt;] (spin_bug+0\u00d70\/0xa4) from [&lt;c0130bcc&gt;] (_raw_spin_lock+0x5c\/0\u00d7160)<br \/>\nr5:beed2c70 r4:c3ae7014<br \/>\n[&lt;c0130b70&gt;] (_raw_spin_lock+0\u00d70\/0\u00d7160) from [&lt;c025273c&gt;] (_spin_lock+0\u00d720\/0\u00d724)<br \/>\n[&lt;c025271c&gt;] (_spin_lock+0\u00d70\/0\u00d724) from [&lt;bf000610&gt;] (scull_read+0\u00d764\/0\u00d7210 [scull])<br \/>\nr4:c3949520<br \/>\n[&lt;bf0005ac&gt;] (scull_read+0\u00d70\/0\u00d7210 [scull]) from [&lt;c0085eac&gt;] (vfs_read+0xc0\/0\u00d7140)<\/p>\n<p><strong>BUG: spinlock lockup on CPU#0, cat\/764, c3ae7014<br \/>\n<\/strong>[&lt;c002fe70&gt;] (dump_stack+0\u00d70\/0\u00d714) from [&lt;c0130c94&gt;] (_raw_spin_lock+0\u00d7124\/0\u00d7160)<br \/>\n[&lt;c0130b70&gt;] (_raw_spin_lock+0\u00d70\/0\u00d7160) from [&lt;c025273c&gt;] (_spin_lock+0\u00d720\/0\u00d724)<br \/>\n[&lt;c025271c&gt;] (_spin_lock+0\u00d70\/0\u00d724) from [&lt;bf000610&gt;] (scull_read+0\u00d764\/0\u00d7210 [scull])<br \/>\nr4:c3949520<br \/>\n[&lt;bf0005ac&gt;] (scull_read+0\u00d70\/0\u00d7210 [scull]) from [&lt;c0085eac&gt;] (vfs_read+0xc0\/0\u00d7140)<\/p>\n<p>4\u3001Magic SysRq key\u53ef\u4ee5\u5728\u5df2\u7ecf\u6b7b\u9501\u7684\u60c5\u51b5\u4e0b\uff0c\u6253\u5370\u4e00\u4e9b\u6709\u52a9\u4e8e\u5b9a\u4f4d\u95ee\u9898\u7684\u4fe1\u606f<\/p>\n<p>\u9b54\u952e sysrq\u5728\u5927\u90e8\u5206\u4f53\u7cfb\u4e0a\u90fd\u53ef\u7528\uff0c\u5b83\u662f\u7528PC \u952e\u76d8\u4e0a alt \u548c sysrq \u952e\u7ec4\u5408\u6765\u53d1\u51fa\u7684, \u6216\u8005\u5728\u522b\u7684\u5e73\u53f0\u4e0a\u4f7f\u7528\u5176\u4ed6\u7279\u6b8a\u952e(\u8be6\u89c1 documentation\/sysrq.txt), \u5728\u4e32\u53e3\u63a7\u5236\u53f0\u4e0a\u4e5f\u53ef\u7528\u3002\u4e00\u4e2a\u7b2c\u4e09\u952e, \u4e0e\u8fd92 \u4e2a\u4e00\u8d77\u6309\u4e0b, \u8fdb\u884c\u8bb8\u591a\u6709\u7528\u7684\u52a8\u4f5c\u4e2d\u7684\u4e00\u4e2a\uff1a<\/p>\n<ul>\n<li>r \u5173\u95ed\u952e\u76d8\u539f\u59cb\u6a21\u5f0f; \u7528\u5728\u4e00\u4e2a\u5d29\u6e83\u7684\u5e94\u7528\u7a0b\u5e8f( \u4f8b\u5982 X \u670d\u52a1\u5668 )\u53ef\u80fd\u5c06\u4f60\u7684\u952e\u76d8\u641e\u6210\u4e00\u4e2a\u5947\u602a\u7684\u72b6\u6001.<\/li>\n<li>k \u8c03\u7528&#8221;\u5b89\u5168\u6ce8\u610f\u952e&#8221;( SAK ) \u529f\u80fd. SAK \u6740\u6389\u5728\u5f53\u524d\u63a7\u5236\u53f0\u7684\u6240\u6709\u8fd0\u884c\u7684\u8fdb\u7a0b, \u7ed9\u4f60\u4e00\u4e2a\u5e72\u51c0\u7684\u7ec8\u7aef.<\/li>\n<li>s \u8fdb\u884c\u4e00\u4e2a\u5168\u90e8\u78c1\u76d8\u7684\u7d27\u6025\u540c\u6b65.<\/li>\n<li>u umount. \u8bd5\u56fe\u91cd\u65b0\u52a0\u8f7d\u6240\u6709\u78c1\u76d8\u5728\u53ea\u8bfb\u6a21\u5f0f. \u8fd9\u4e2a\u64cd\u4f5c, \u5e38\u5e38\u5728 s \u4e4b\u540e\u9a6c\u4e0a\u8c03\u7528, \u53ef\u4ee5\u8282\u7701\u5927\u91cf\u7684\u6587\u4ef6\u7cfb\u7edf\u68c0\u67e5\u65f6\u95f4, \u5728\u7cfb\u7edf\u5904\u4e8e\u4e25\u91cd\u9ebb\u70e6\u65f6.<\/li>\n<li>b boot. \u7acb\u523b\u91cd\u542f\u7cfb\u7edf. \u786e\u8ba4\u5148\u540c\u6b65\u548c\u91cd\u65b0\u52a0\u8f7d\u78c1\u76d8.<\/li>\n<li>p \u6253\u5370\u5904\u7406\u5668\u6d88\u606f.<\/li>\n<li>t \u6253\u5370\u5f53\u524d\u4efb\u52a1\u5217\u8868.<\/li>\n<li>m \u6253\u5370\u5185\u5b58\u4fe1\u606f.<\/li>\n<\/ul>\n<p>\u4f8b\u5982\uff0c\u5728\u7cfb\u7edf\u6b7b\u9501\u7684\u60c5\u51b5\u4e0b\uff0c\u671f\u671b\u80fd\u77e5\u9053\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u8be5\u9b54\u6cd5\u952e\u3002<\/p>\n<p>SysRq : Show Regs<\/p>\n<p>Pid: 764, comm:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cat<br \/>\nCPU: 0\u00a0\u00a0\u00a0 Not tainted\u00a0 (2.6.22.6 #6)<br \/>\nPC is at _raw_spin_lock+0xbc\/0\u00d7160<br \/>\nLR is at _raw_spin_lock+0xcc\/0\u00d7160<br \/>\npc : [&lt;c0130c2c&gt;]\u00a0\u00a0\u00a0 lr : [&lt;c0130c3c&gt;]\u00a0\u00a0\u00a0 psr: 60000013<br \/>\nsp : c3b11ecc\u00a0 ip : c3b11e08\u00a0 fp : c3b11efc<br \/>\nr10: c3b10000\u00a0 r9 : 00000000\u00a0 r8 : 055b131f<br \/>\nr7 : c3ae7014\u00a0 r6 : 00000000\u00a0 r5 : 05f1e000\u00a0 r4 : 00000000<br \/>\nr3 : 00000000\u00a0 r2 : c3b10000\u00a0 r1 : 00000001\u00a0 r0 : 00000001<br \/>\nFlags: nZCv\u00a0 IRQs on\u00a0 FIQs on\u00a0 Mode SVC_32\u00a0 Segment user<br \/>\nControl: c000717f\u00a0 Table: 33b48000\u00a0 DAC: 00000015<br \/>\n[&lt;c002cdb0&gt;] (show_regs+0\u00d70\/0x4c) from [&lt;c015ab00&gt;] (sysrq_handle_showregs+0\u00d720\/0\u00d728)<br \/>\nr4:c0310c34<br \/>\n[&lt;c015aae0&gt;] (sysrq_handle_showregs+0\u00d70\/0\u00d728) from [&lt;c015ad50&gt;] (__handle_sysrq+0xa0\/0\u00d7148)<br \/>\n[&lt;c015acb0&gt;] (__handle_sysrq+0\u00d70\/0\u00d7148) from [&lt;c015ae28&gt;] (handle_sysrq+0\u00d730\/0\u00d734)<br \/>\n[&lt;c015adf8&gt;] (handle_sysrq+0\u00d70\/0\u00d734) from [&lt;c016477c&gt;] (s3c24xx_serial_rx_chars+0x1b0\/0x2d4)<br \/>\nr5:00000000 r4:c03111e4<br \/>\n[&lt;c01645cc&gt;] (s3c24xx_serial_rx_chars+0\u00d70\/0x2d4) from [&lt;c0061474&gt;] (handle_IRQ_event+0\u00d744\/0\u00d780)<br \/>\n[&lt;c0061430&gt;] (handle_IRQ_event+0\u00d70\/0\u00d780) from [&lt;c00629a8&gt;] (handle_level_irq+0xd0\/0\u00d7134)<br \/>\nr7:c03073e8 r6:c3e52940 r5:00000046 r4:c03073bc<br \/>\n[&lt;c00628d8&gt;] (handle_level_irq+0\u00d70\/0\u00d7134) from [&lt;c0038118&gt;] (s3c_irq_demux_uart+0\u00d750\/0\u00d790)<br \/>\nr7:00000000 r6:00000046 r5:00000001 r4:c03073bc<br \/>\n[&lt;c00380c8&gt;] (s3c_irq_demux_uart+0\u00d70\/0\u00d790) from [&lt;c003816c&gt;] (s3c_irq_demux_uart0+0\u00d714\/0\u00d718)<br \/>\nr6:c0336650 r5:0000002c r4:c0306cd4<br \/>\n[&lt;c0038158&gt;] (s3c_irq_demux_uart0+0\u00d70\/0\u00d718) from [&lt;c002b044&gt;] (asm_do_IRQ+0\u00d744\/0x5c)<br \/>\n[&lt;c002b000&gt;] (asm_do_IRQ+0\u00d70\/0x5c) from [&lt;c002ba78&gt;] (__irq_svc+0\u00d738\/0xb0)<br \/>\nException stack(0xc3b11e84 to 0xc3b11ecc)<br \/>\n1e80:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 00000001 00000001 c3b10000 00000000 00000000 05f1e000 00000000<br \/>\n1ea0: c3ae7014 055b131f 00000000 c3b10000 c3b11efc c3b11e08 c3b11ecc c0130c3c<br \/>\n1ec0: c0130c2c 60000013 ffffffff<br \/>\nr7:00000002 r6:10000000 r5:f0000000 r4:ffffffff<br \/>\n[&lt;c0130b70&gt;] (_raw_spin_lock+0\u00d70\/0\u00d7160) from [&lt;c025273c&gt;] (_spin_lock+0\u00d720\/0\u00d724)<br \/>\n[&lt;c025271c&gt;] (_spin_lock+0\u00d70\/0\u00d724) from [&lt;bf000610&gt;] (scull_read+0\u00d764\/0\u00d7210 [scull])<br \/>\nr4:c3949520<br \/>\n[&lt;bf0005ac&gt;] (scull_read+0\u00d70\/0\u00d7210 [scull]) from [&lt;c0085eac&gt;] (vfs_read+0xc0\/0\u00d7140)<br \/>\n[&lt;c0085dec&gt;] (vfs_read+0\u00d70\/0\u00d7140) from [&lt;c00861d0&gt;] (sys_read+0x4c\/0\u00d774)<br \/>\nr7:00000000 r6:c3b11f78 r5:c3949520 r4:c3949540<br \/>\n[&lt;c0086184&gt;] (sys_read+0\u00d70\/0\u00d774) from [&lt;c002bf00&gt;] (ret_fast_syscall+0\u00d70\/0x2c)<br \/>\nr8:c002c0a4 r7:00000003 r6:00000003 r5:beed2c70 r4:00002000<\/p>\n<p>5\u3001Debug shared IRQ handlers\u53ef\u7528\u4e8e\u8c03\u8bd5\u5171\u4eab\u4e2d\u65ad<\/p>\n<p>\u4e94\u3001\u5229\u7528ioctl\u65b9\u6cd5<\/p>\n<p>\u7531\u4e8e\u9a71\u52a8\u4e2d\u7684ioctl\u51fd\u6570\u53ef\u4ee5\u5c06\u9a71\u52a8\u7684\u4e00\u4e9b\u4fe1\u606f\u8fd4\u56de\u7ed9\u7528\u6237\u7a0b\u5e8f\uff0c\u4e5f\u53ef\u4ee5\u8ba9\u7528\u6237\u7a0b\u5e8f\u901a\u8fc7ioctl\u7cfb\u7edf\u8c03\u7528\u8bbe\u7f6e\u4e00\u4e9b\u9a71\u52a8\u7684\u53c2\u6570\u3002\u6240\u4ee5\u5728\u9a71\u52a8\u7684\u5f00\u53d1\u8fc7 \u7a0b\u4e2d\uff0c\u53ef\u4ee5\u6269\u5c55\u4e00\u4e9bioctl\u7684\u547d\u4ee4\u7528\u4e8e\u4f20\u9012\u548c\u8bbe\u7f6e\u8c03\u8bd5\u9a71\u52a8\u65f6\u6240\u9700\u5404\u79cd\u4fe1\u606f\u548c\u53c2\u6570\uff0c\u4ee5\u8fbe\u5230\u8c03\u8bd5\u9a71\u52a8\u7684\u76ee\u7684\u3002\u5982\u4f55\u5728\u9a71\u52a8\u4e2d\u5b9e\u73b0ioctl\uff0c\u8bf7\u53c2\u89c1\u201c\u9a71\u52a8\u7a0b\u5e8f \u5bf9ioctl\u7684\u89c4\u8303\u5b9e\u73b0\u201d\u4e00\u6587<\/p>\n<p>\u516d\u3001\u5229\u7528\/proc \u6587\u4ef6\u7cfb\u7edf<\/p>\n<p>\/proc\u6587\u4ef6\u7cfb\u7edf\u7528\u4e8e\u5185\u6838\u5411\u7528\u6237\u7a7a\u95f4\u66b4\u9732\u4e00\u4e9b\u5185\u6838\u7684\u4fe1\u606f\u3002\u56e0\u6b64\u51fa\u4e8e\u8c03\u8bd5\u7684\u76ee\u7684\uff0c\u6211\u4eec\u53ef\u4ee5\u5728\u9a71\u52a8\u4ee3\u7801\u4e2d\u589e\u52a0\u5411\/proc\u6587\u4ef6\u7cfb\u7edf\u5bfc\u51fa\u6709\u52a9\u4e8e\u76d1\u89c6\u9a71\u52a8 \u7684\u4fe1\u606f\u7684\u4ee3\u7801\u3002\u8fd9\u6837\u4e00\u6765\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\/proc\u4e2d\u7684\u76f8\u5173\u4fe1\u606f\u6765\u76d1\u89c6\u548c\u8c03\u8bd5\u9a71\u52a8\u3002\u5982\u4f55\u5728\u9a71\u52a8\u4e2d\u5b9e\u73b0\u5411\/proc\u6587\u4ef6\u7cfb\u7edf\u5bfc\u51fa\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 \u300aLinux Device Driver\u300b\u76844.3\u8282\u3002<\/p>\n<p>\u4e03\u3001\u4f7f\u7528kgdb<\/p>\n<p>kgdb\u662f\u5728\u5185\u6838\u6e90\u7801\u4e2d\u6253\u7528\u4e8e\u8c03\u8bd5\u5185\u6838\u7684\u8865\u4e01\uff0c\u7136\u540e\u901a\u8fc7\u76f8\u5e94\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\uff0c\u5c31\u53ef\u4ee5\u50cfgdb\u5355\u6b65\u8c03\u8bd5\u5e94\u7528\u7a0b\u5e8f\u4e00\u6837\u6765\u8c03\u8bd5\u5185\u6838\uff08\u5f53\u7136\u5305\u62ec\u9a71\u52a8\uff09\u3002\u81f3\u4e8ekgdb\u5982\u4f55\u4f7f\u7528\uff0c\u5c31\u8bf7\u4f60google\u5427\uff0c\u5b9e\u5728\u4e0d\u884c\uff0c\u767e\u5ea6\u4e00\u4e0b\u4e5f\u53ef\u4ee5\u3002boy, wish you good luck!<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u9a71\u52a8\u7a0b\u5e8f\u5f00\u53d1\u7684\u4e00\u4e2a\u91cd\u5927\u96be\u70b9\u5c31\u662f\u4e0d\u6613\u8c03\u8bd5\u3002\u672c\u6587\u76ee\u7684\u5c31\u662f\u4ecb\u7ecd\u9a71\u52a8\u5f00\u53d1\u4e2d\u5e38\u7528\u7684\u51e0\u79cd\u76f4\u63a5\u548c\u95f4\u63a5\u7684\u8c03\u8bd5\u624b\u6bb5\uff0c\u5b83\u4eec\u662f\uff1a \u5229 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-1646","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/posts\/1646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.51cos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1646"}],"version-history":[{"count":1,"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/posts\/1646\/revisions"}],"predecessor-version":[{"id":1647,"href":"http:\/\/www.51cos.com\/index.php?rest_route=\/wp\/v2\/posts\/1646\/revisions\/1647"}],"wp:attachment":[{"href":"http:\/\/www.51cos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.51cos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1646"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.51cos.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}