《Linux kernel panic》内核模块空指针导致系统crash
一、内核模块
基于Android模拟器Linux2.6.29内核,该内核模块的设备read方法中存在空指针。
Android2.3及Linux2.6.29内核模拟器版本编译与调试
test_driver.c
#include <linux/module.h>
#include <linux/types.h>
#include <linux/uaccess.h>
#include <linux/miscdevice.h>
#include <linux/fs.h>
#include <linux/init.h>
#include <linux/platform_device.h>
#include <linux/spinlock.h>
#include <linux/delay.h>
#define TEST_MAJOR 240
//static DEFINE_SPINLOCK(write_lock);
//static DEFINE_SPINLOCK(read_lock);
static spinlock_t write_lock;
static spinlock_t read_lock;
static DEFINE_MUTEX(write);
static DEFINE_MUTEX(read);
//动态设备节点
struct class *mymodule_class;
//结束
static int test_led_open(struct inode *inode, struct file *file)
{
printk("#########open######\n");
return 0;
}
static int test_led_close(struct inode *inode, struct file *file)
{
printk("#########release######\n");
return 0;
}
static int test_led_read(struct file *filp, char __user *buff, size_t count, loff_t *offp)
{
printk("############read##000000000####\n");
int *p = NULL;
int a = 6;
*p = a +5;
unsigned long flags;
spin_lock_irqsave(&read_lock,flags);//down(&read);
printk("#########read######\n");
msleep(10000);
spin_lock_irqsave(&write_lock,flags);//down(&write);
printk("#########read#11111#####\n");
msleep(10000);
spin_unlock_irqrestore(&read_lock,flags);//up(&read);
printk("#########read##22222####\n");
msleep(10000);
spin_unlock_irqrestore(&write_lock,flags); //up(&write);
printk("#########read##33333####\n");
return count;
}
static int test_led_write(struct file *filp, const char __user *buf, size_t count,loff_t *f_pos)
{
printk("########write#000000########\n");
unsigned long flags;
spin_lock_irqsave(&write_lock,flags); //down(&write);
printk("#########write######\n");
msleep(10000);
spin_lock_irqsave(&read_lock,flags);//down(&read);
printk("#########write#11111#####\n");
msleep(10000);
spin_unlock_irqrestore(&write_lock,flags);//up(&write);
printk("#########write##22222####\n");
msleep(10000);
spin_unlock_irqrestore(&read_lock,flags); //up(&read);
printk("#########write##33333####\n");
return count;
}
static struct file_operations led_fops = {
.owner = THIS_MODULE,
.open = test_led_open,
.release = test_led_close,
.read = test_led_read,
.write = test_led_write,
};
static int __init test_drv_init(void)
{
int rc;
printk("test_driver dev\n");
//注册设备
rc = register_chrdev(TEST_MAJOR,"test_dev",&led_fops);
if (rc <0){
printk ("register %s char dev error\n","led");
return -1;
}
//实现动态创建
mymodule_class = class_create(THIS_MODULE, "test_dev");
device_create(mymodule_class, NULL, MKDEV(TEST_MAJOR, 0), NULL, "tankai_dev");
//结束
printk ("ok!\n");
return 0;
out_chrdev:
unregister_chrdev(TEST_MAJOR, "mymodule");
out:
return -1;
}
static void __exit test_drv_exit(void)
{ //动态设备节点
device_destroy(mymodule_class, MKDEV(TEST_MAJOR, 0));
class_destroy(mymodule_class);
//结束
unregister_chrdev(TEST_MAJOR, "test_dev");
}
module_init(test_drv_init);
module_exit(test_drv_exit);
MODULE_AUTHOR("tank");
MODULE_LICENSE("GPL"); Makefile
obj-m := test_driver.o PWD := $(shell pwd) #KERNELDIR := /usr/src/linux-headers-3.0.0-26-generic/ KERNELDIR := /home/android2.3/android2.3_kernel/ default: $(MAKE) -C $(KERNELDIR) M=$(PWD) modules # cp -rf mini.ko ../module/ # cp -rf lddbus.ko ../module/ clean: rm *.mod.c *.o *.ko *.bak modules.* Module.*make后生成test_driver.ko,加载内核模块insmod test_driver.ko
二、用户态测试程序
testread.c
#include <fcntl.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
int main(){
int fd = open("/dev/tankai_dev",O_RDWR,0);
if(fd < 0) perror("testdriver");
printf("TK------->>>fd is %d\n",fd);
char buf[20];
int result = read(fd,&buf,3);
printf("TK------->>>readresult is %d,buf is %s\n",result,buf);
strcpy(buf,"123");
//result = write(fd,&buf,3);
printf("TK------->>>writeresult is %d,buf is %s\n",result,buf);
close(fd);
return 0;
}
Android.mk
LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) LOCAL_SRC_FILES:= \ testread.c LOCAL_SHARED_LIBRARIES := \ libutils LOCAL_MODULE:= testread LOCAL_MODULE_TAGS := optional include $(BUILD_EXECUTABLE)mm编译后生成testread,运行./testread
三、内核挂掉信息
#########open###### ############read##000000000#### Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = caa4c000 [00000000] *pgd=08c9d031, *pte=00000000, *ppte=00000000 Internal error: Oops: 817 [#1] PREEMPT Modules linked in: testdriver testdev testbus test_driver CPU: 0 Not tainted (2.6.29-gb0d93fb-dirty #93) PC is at test_led_read+0x20/0x114 [test_driver] LR is at vprintk+0x308/0x36c pc : [<bf000168>] lr : [<c003e244>] psr: 40000013 sp : caabff28 ip : caabfe88 fp : caabff44 r10: 00000000 r9 : 00000000 r8 : 00000000 r7 : caabff70 r6 : befecbd0 r5 : 00000003 r4 : 00000003 r3 : 00000000 r2 : 0000000b r1 : 00000000 r0 : 00000023 Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 00093177 Table: 0aa4c000 DAC: 00000015 LR: 0xc003e1c4: e1c4 e3520000 159f30b4 159340a4 1a000004 ea000006 e1d432b8 e3130010 1a000003 e1e4 e5944034 e3540000 1afffff9 ea00001d e3a04001 e59f3080 e3e02000 e5832048 e204 e3a00001 ebffd63a e1a0800d e3c83d7f e3c3303f e5933000 e3130002 0a000000 e224 eb0916a8 e3540000 0a000000 ebfffe06 e51b9070 e121f009 e3a00001 ebffd62c e244 e1a0c00d e3cc3d7f e3c3303f e5933000 e3130002 0a000000 eb09169a e1a00005 e264 e24bd028 e89daff0 e59f3010 e59f002c e5834010 eb0068c9 eaffffdd c032edd4 e284 c034c3c8 c032fdd8 c02871ac c034c47c 89705f41 36b4a597 3b9aca00 c02eb83c e2a4 c032edfc e1a0c00d e92dddf0 e24cb004 e24dd008 e59f32c0 e1a04000 e59330a4 SP: 0xcaabfea8: fea8 caabfee4 caabfeb8 c003789c c0033b04 00000000 caabff10 ffffffff caabff14 fec8 befecbd0 caabff70 caabff44 caabfee0 c0023a0c c0023204 00000023 00000000 fee8 0000000b 00000000 00000003 00000003 befecbd0 caabff70 00000000 00000000 ff08 00000000 caabff44 caabfe88 caabff28 c003e244 bf000168 40000013 ffffffff ff28 00000003 ca9d67e0 befecbd0 caabff70 caabff6c caabff48 c009e3c8 bf000154 ff48 00000000 00000000 ca9d67e0 befecbd0 00000003 00000003 caabffa4 caabff70 ff68 c009e51c c009e320 00000000 00000000 c0029470 00000000 ffffffff 000090f4 ff88 00000001 00000003 c0023fa4 caabe000 00000000 caabffa8 c0023e20 c009e4e4 IP: 0xcaabfe08: fe08 c0187660 00000817 c032df6c 00000000 caabfee0 00000000 40000113 00000000 fe28 caabfedc caabfe38 c0023230 c0029170 c0058608 c0033b04 00046bd4 c032edd4 fe48 caabfe84 caabfe58 c003dc24 c0033b04 00000000 00000001 00000023 c032edd4 fe68 bf0003b8 caabfe88 00000004 caabfe9c caabfefc caabfe88 c003e244 c0033b04 fe88 00000000 80000013 00000004 00000000 00000001 00000003 00000000 00000014 fea8 caabfee4 caabfeb8 c003789c c0033b04 00000000 caabff10 ffffffff caabff14 fec8 befecbd0 caabff70 caabff44 caabfee0 c0023a0c c0023204 00000023 00000000 fee8 0000000b 00000000 00000003 00000003 befecbd0 caabff70 00000000 00000000 FP: 0xcaabfec4: fec4 caabff14 befecbd0 caabff70 caabff44 caabfee0 c0023a0c c0023204 00000023 fee4 00000000 0000000b 00000000 00000003 00000003 befecbd0 caabff70 00000000 ff04 00000000 00000000 caabff44 caabfe88 caabff28 c003e244 bf000168 40000013 ff24 ffffffff 00000003 ca9d67e0 befecbd0 caabff70 caabff6c caabff48 c009e3c8 ff44 bf000154 00000000 00000000 ca9d67e0 befecbd0 00000003 00000003 caabffa4 ff64 caabff70 c009e51c c009e320 00000000 00000000 c0029470 00000000 ffffffff ff84 000090f4 00000001 00000003 c0023fa4 caabe000 00000000 caabffa8 c0023e20 ffa4 c009e4e4 000090f4 00000001 00000003 befecbd0 00000003 000085d3 000090f4 R7: 0xcaabfef0: fef0 00000003 00000003 befecbd0 caabff70 00000000 00000000 00000000 caabff44 ff10 caabfe88 caabff28 c003e244 bf000168 40000013 ffffffff 00000003 ca9d67e0 ff30 befecbd0 caabff70 caabff6c caabff48 c009e3c8 bf000154 00000000 00000000 ff50 ca9d67e0 befecbd0 00000003 00000003 caabffa4 caabff70 c009e51c c009e320 ff70 00000000 00000000 c0029470 00000000 ffffffff 000090f4 00000001 00000003 ff90 c0023fa4 caabe000 00000000 caabffa8 c0023e20 c009e4e4 000090f4 00000001 ffb0 00000003 befecbd0 00000003 000085d3 000090f4 00000001 00000003 00000003 ffd0 00000000 00000000 00000000 00000000 00009110 befecbc8 000085dd afd0b26c Process testread (pid: 419, stack limit = 0xcaabe268) Stack: (0xcaabff28 to 0xcaac0000) ff20: 00000003 ca9d67e0 befecbd0 caabff70 caabff6c caabff48 ff40: c009e3c8 bf000154 00000000 00000000 ca9d67e0 befecbd0 00000003 00000003 ff60: caabffa4 caabff70 c009e51c c009e320 00000000 00000000 c0029470 00000000 ff80: ffffffff 000090f4 00000001 00000003 c0023fa4 caabe000 00000000 caabffa8 ffa0: c0023e20 c009e4e4 000090f4 00000001 00000003 befecbd0 00000003 000085d3 ffc0: 000090f4 00000001 00000003 00000003 00000000 00000000 00000000 00000000 ffe0: 00009110 befecbc8 000085dd afd0b26c 00000010 00000003 00000000 00000000 Backtrace: [<bf000148>] (test_led_read+0x0/0x114 [test_driver]) from [<c009e3c8>] (vfs_read+0xb4/0x144) r7:caabff70 r6:befecbd0 r5:ca9d67e0 r4:00000003 [<c009e314>] (vfs_read+0x0/0x144) from [<c009e51c>] (sys_read+0x44/0x70) r7:00000003 r6:00000003 r5:befecbd0 r4:ca9d67e0 [<c009e4d8>] (sys_read+0x0/0x70) from [<c0023e20>] (ret_fast_syscall+0x0/0x2c) r9:caabe000 r8:c0023fa4 r6:00000003 r5:00000001 r4:000090f4 Code: e1a05002 eb4a0d09 e3a0200b e3a03000 (e5832000) Kernel panic - not syncing: Fatal exception