编译内核后kernel panic，求助！

Question

改写了security下的Root_plug.c 然后向想将其编译入内核，以前编译成功过。这次想改进一下，改进之后编译内核时可以通过，但是reboot之后就会报错：

无标题.jpg (138.04 KB, 下载次数: 17)

下载附件

kernel panic

2011-06-13 17:11 上传

有没有哪位遇到过类似情况的？请教如何解决？

Answer 1

等答案!  改的啥!

Answer 2

回复 2# taojie2000

char* getfullpath(struct dentry *dentry)
{
        char *path=NULL, *start=NULL;
    char *fullpath=NULL;
    const struct path *ppath = NULL;
    struct fs_struct *fs = current->fs;
    fullpath = kmalloc(PATH_MAX,GFP_KERNEL);
    if(!fullpath) goto OUT;
    memset(fullpath,0,PATH_MAX);

    path = kmalloc(PATH_MAX,GFP_KERNEL);
    if(!path) {
        kfree(fullpath);
        goto OUT;
    }

    //get the dentry and vfsmnt
    read_lock(&fs->lock);
         ppath =&fs->pwd;
         read_unlock(&fs->lock);
         
    //get the path
    start = d_path(ppath,path,PATH_MAX);
    strcat(fullpath,start);
    kfree(path);

OUT:
    return fullpath;
}  
改之后
char* getfullpath(struct dentry *dentry)
{
        char *path=NULL, *start=NULL;
    char *fullpath=NULL;
    const struct path *ppath = NULL;
    const unsigned char *name=dentry->d_name.name;//新增
    struct fs_struct *fs = current->fs;
    char *name2=(char *)name;//新增
    fullpath = kmalloc(PATH_MAX,GFP_KERNEL);
    if(!fullpath) goto OUT;
    memset(fullpath,0,PATH_MAX);

    path = kmalloc(PATH_MAX,GFP_KERNEL);
    if(!path) {
        kfree(fullpath);
        goto OUT;
    }

    //get the dentry and vfsmnt
    read_lock(&fs->lock);
         ppath =&fs->pwd;
         read_unlock(&fs->lock);
         
    //get the path
    start = d_path(ppath,path,PATH_MAX);
    strcat(fullpath,start);

    strcat(fullpath,"/");//新增
    strcat(fullpath,name2);//新增
    kfree(path);

OUT:
    return fullpath;
}

这个函数的作用是获得当前DENTRY 的绝对路径，原来那个就没有用到参数dentry,而只用CURRENT提取。提取出来的是dentry所在的目录并不包含dentry对应的文件名，所以我就想从传递来的dentry结构里提取出名字后加在路径的最后，我在想是不是 name和name2都没有kmalloc引起的。

Answer 3

自己顶 希望大家都来看看

Answer 4

自己顶 不要沉

Answer 5

没有前因后果，不知道怎么帮你分析
从 OOPS 信息上看，问题出在 dongyu_delete 函数偏移 0x0e 的指令位置

Answer 6

本帖最后由 1jjk 于 2011-06-14 11:07 编辑

分析分析

Can you post here output of disassemble of getfullpath? You can get
that by running gdb on vmlinux and then doing 'disass getfullpath'.

Answer 7

回复 6# platinum

    以下是我这个root_plug的源码：

1. /*
2. * Root Plug sample LSM module
3. *
4. * Originally written for a Linux Journal.
5. *
6. * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
7. *
8. * Prevents any programs running with egid == 0 if a specific USB device
9. * is not present in the system.  Yes, it can be gotten around, but is a
10. * nice starting point for people to play with, and learn the LSM
11. * interface.
12. *
13. * If you want to turn this into something with a semblance of security,
14. * you need to hook the task_* functions also.
15. *
16. * See http://www.linuxjournal.com/article.php?sid=6279 for more information
17. * about this code.
18. *
19. *        This program is free software; you can redistribute it and/or
20. *        modify it under the terms of the GNU General Public License as
21. *        published by the Free Software Foundation, version 2 of the
22. *        License.
23. */
25. #include <linux/kernel.h>
26. #include <linux/init.h>
27. #include <linux/security.h>
28. #include <linux/moduleparam.h>
29. #include <asm/current.h>
30. #include <linux/fs_struct.h>
31. #include <linux/mount.h>
32. #include <linux/netdevice.h>
33. #include <linux/dcache.h>
37. /* should we print out debug messages */
38. static int debug = 0;
40. module_param(debug, bool, 0600);
42. #define MY_NAME "root_plug"
44. #define root_dbg(fmt, arg...)                                        \
45.         do {                                                        \
46.                 if (debug)                                        \
47.                         printk(KERN_DEBUG "%s: %s: " fmt ,        \
48.                                 MY_NAME , __func__ ,         \
49.                                 ## arg);                        \
50.         } while (0)
53. char* getfullpath(struct dentry *dentry)
54. {
55.         char *path=NULL, *start=NULL;
56.     char *fullpath=NULL;
57.     const struct path *ppath = NULL;
58.          const unsigned char *name=NULL;dentry->d_name.name;
59.     struct fs_struct *fs = current->fs;
60.          char *name2=NULL;
61.          name=dentry->d_name.name;
62.          name2=(char *)name;
63.     fullpath = kmalloc(PATH_MAX,GFP_KERNEL);
64.     if(!fullpath) goto OUT;
65.     memset(fullpath,0,PATH_MAX);
67.     path = kmalloc(PATH_MAX,GFP_KERNEL);
68.     if(!path) {
69.         kfree(fullpath);
70.         goto OUT;
71.     }
73.     //get the dentry and vfsmnt
74.     read_lock(&fs->lock);
75.          ppath =&fs->pwd;
76.          read_unlock(&fs->lock);
77.          
78.     //get the path
79.     start = d_path(ppath,path,PATH_MAX);
80.     strcat(fullpath,start);
82.     strcat(fullpath,"/");
83.     strcat(fullpath,name2);
84.     kfree(path);
86. OUT:
87.     return fullpath;
88. }
90. void putfullpath(char* fullpath)
91. {
92.   if(fullpath)
93.     kfree(fullpath);
94. }
98. static int dongyu_inode_create (struct inode *inode, struct dentry *dentry,
99.                                int mask)
100. {
101.         char* fullpath = NULL;
102.         fullpath = getfullpath(dentry);
103.    if(!fullpath){
104.     printk("Get fullpath error!\n");
105.     return 0;
106.         }
108.         printk(KERN_INFO"taskname:%s action:inode_create target:%s\n",current->comm,fullpath);
109.         putfullpath(fullpath);       
110.         return 0;
111. }
113. static int dongyu_inode_mkdir (struct inode *inode, struct dentry *dentry,
114.                               int mask)
115. {
116.    char* fullpath = NULL;
117.         fullpath = getfullpath(dentry);
118.    if(!fullpath){
119.     printk("Get fullpath error!\n");
120.     return 0;
121.         }
123.         printk(KERN_INFO"taskname:%s action:inode_mkdir target:%s\n",current->comm,fullpath);
124.         putfullpath(fullpath);       
125.         return 0;
126. }
128. static int dongyu_inode_rmdir (struct inode *inode, struct dentry *dentry)
129. {
130.         char* fullpath = NULL;
131.         fullpath = getfullpath(dentry);
132.    if(!fullpath){
133.     printk("Get fullpath error!\n");
134.     return 0;
135.         }
137.         printk(KERN_INFO"taskname:%s action:inode_removedir target:%s\n",current->comm,fullpath);
138.         putfullpath(fullpath);       
139.         return 0;
140. }
142. static int dongyu_inode_rename (struct inode *old_inode,
143.                                struct dentry *old_dentry,
144.                                struct inode *new_inode,
145.                                struct dentry *new_dentry)
146. {
147.         char* oldfullpath = NULL;
148.         char* newfullpath = NULL;
149.         oldfullpath = getfullpath(old_dentry);
150.         newfullpath = getfullpath(new_dentry);
151.    if(!oldfullpath||!newfullpath){
152.     printk("Get fullpath error!\n");
153.     return 0;
154.         }
156.         printk(KERN_INFO"taskname:%s action:inode_renamedir oldtarget:%s newtarget:%s\n",current->comm,oldfullpath,newfullpath);
157.         putfullpath(oldfullpath);       
158.         putfullpath(newfullpath);
159.         return 0;
160. }
162. static void dongyu_delete (struct inode *inode)
163. {
164.         struct dentry *dentry = d_find_alias(inode);       
165.         char* fullpath = NULL;
166.         fullpath = getfullpath(dentry);
167.    if(!fullpath){
168.     printk("Get fullpath error!\n");
169.     return ;
170.         }
172.         printk(KERN_INFO"taskname:%s action:inode_delete target:%s\n",current->comm,fullpath);
173.         putfullpath(fullpath);       
174.         return;
175. }
177. static int rootplug_bprm_check_security (struct linux_binprm *bprm)
178. {
180.         return 0;
181. }
183. static struct security_operations rootplug_security_ops = {
184.         /* Use the capability functions for some of the hooks */
185.         .ptrace_may_access =                cap_ptrace_may_access,
186.         .ptrace_traceme =                cap_ptrace_traceme,
187.         .capget =                        cap_capget,
188.         .capset =                        cap_capset,
189.         .capable =                        cap_capable,
191.         .bprm_set_creds =                cap_bprm_set_creds,
193.    .inode_create=                        dongyu_inode_create,
194.         .inode_mkdir=                        dongyu_inode_mkdir,
195.         .inode_rmdir=                        dongyu_inode_rmdir,
196.         .inode_rename=                        dongyu_inode_rename,
197.         .inode_delete=                        dongyu_delete,
199.         .task_fix_setuid =                cap_task_fix_setuid,
200.         .task_prctl =                        cap_task_prctl,
202.         .bprm_check_security =                rootplug_bprm_check_security,
203. };
205. static int __init rootplug_init (void)
206. {
207.         /* register ourselves with the security framework */
208.         if (register_security (&rootplug_security_ops)) {
209.                 printk (KERN_INFO
210.                         "Failure registering Root Plug module with the kernel\n");
211.                         return -EINVAL;
212.         }
213.         printk (KERN_INFO "Root Plug module initialized\n");
214.         return 0;
215. }
217. security_initcall (rootplug_init);

复制代码

Answer 8

本帖最后由 1jjk 于 2011-06-14 13:19 编辑

2. struct dentry *d_find_alias(struct inode *inode)
3. {
4.     struct dentry *de = NULL;
6.     if (!list_empty(&inode->i_dentry)) {
7.         spin_lock(&inode->i_lock);
8.         de = __d_find_alias(inode, 0);
9.         spin_unlock(&inode->i_lock);
10.     }   
11.     return de;
12. }

复制代码很明显，你没有check find的return,

不过最好还是把disassable后的打出来，分析一下

Answer 9

应该就是楼上说的原因，以前返回值说不定就是空的，只是没人用，所以不报错。