调试内核模块(内存损坏_
[英]debug kernel module (memory corruption_
问题描述
I'm debugging my kernel module, which appears to have a memory corruption, basically a piece of memory allocated by alloc_netdev() for 'net_device' instance has been corrupted. 
我正在调试我的内核模块,它似乎有内存损坏,基本上由alloc_netdev()为'net_device'实例分配的一块内存已经损坏。
1) I turned on CONFIG_DEBUG_KERNEL , CONFIG_DEBUG_SLAB , CONFIG_DEBUG_KMEMLEAK in my kernel's .config , however not sure what to expect from kmemleak . 1)我在我的内核的.config启用了CONFIG_DEBUG_KERNEL , CONFIG_DEBUG_SLAB , CONFIG_DEBUG_KMEMLEAK ,但是不确定kmemleak发生什么。 Is it supposed to print out a trace dump of suspected memory leaks whenever I read /sys/kernel/debug/kmemleak ? 是否应该在读取/sys/kernel/debug/kmemleak时打印出可疑内存泄漏的跟踪转储? Is there a way to reset the statistics/information accumulated by kmemleak ? 有没有办法重置kmemleak积累的统计数据/信息? An the most important -- could anyone help to decipher the output, eg : 最重要的是 - 任何人都可以帮助破译输出,例如:
unreferenced object 0xc625e000 (size 2048):
comm "swapper", pid 1, jiffies 4294937521
backtrace:
[<c00c89f0>] create_object+0x11c/0x200
[<c00c6764>] __kmalloc_track_caller+0x138/0x178
[<c01d78c0>] __alloc_skb+0x4c/0x100
[<c01d8490>] dev_alloc_skb+0x18/0x3c
[<c0198b48>] eth_rx_fill+0xd8/0x3fc
[<c019ac74>] mv_eth_start_internals+0x30/0xf8
[<c019c5fc>] mv_eth_start+0x70/0x244
[<c019c810>] mv_eth_open+0x40/0x64
[<c01e00f0>] dev_open+0xb4/0x118
[<c01df788>] dev_change_flags+0x90/0x168
[<c001a3e4>] ip_auto_config+0x1bc/0xecc
[<c00212f4>] do_one_initcall+0x5c/0x1bc
[<c00083d0>] kernel_init+0x8c/0x108
[<c0022f58>] kernel_thread_exit+0x0/0x8
[<ffffffff>] 0xffffffff
2) I was also wondering if I could apply some "read-only" attribute on this memory, this way I expect to have Oops generated when someone tries to modify the memory. 2)我也想知道我是否可以在这个内存上应用一些“只读”属性,这样我希望当有人试图修改内存时会产生Oops 。 Does it sound reasonable? 听起来合理吗?
Appreciate any advices, thanks. 感谢任何建议,谢谢。
Mark 标记
1 个解决方案
解决方案1
9 已采纳 2012-10-18 07:10:59
To catch incorrect memory accesses, KAsan or kmemcheck could probably be more useful. 要捕获不正确的内存访问, KAsan或kmemcheck可能更有用。 Note that Kmemcheck, however, is known to incur a significant which may sometimes be unacceptable, so it is up to you to decide. 但是,请注意,Kmemcheck会产生重大影响,有时可能是不可接受的,因此由您决定。 KASan should be much faster. KASan应该快得多。
1. Concerning kmemleak, its operation is described in detail in the kernel docs . 1.关于kmemleak,其操作在内核文档中有详细描述。
In short, it is more reliable to execute 简而言之,执行起来更可靠
echo scan > /sys/kernel/debug/kmemleak
as root to trigger memory analysis immediately before you read /sys/kernel/debug/kmemleak . 作为root用户在读取/sys/kernel/debug/kmemleak之前立即触发内存分析。 Sometimes, I found even more reliable to execute the above command twice before reading kmemleak's report. 有时,在阅读kmemleak的报告之前,我发现两次执行上述命令更加可靠。
To "reset" the data collected by kmemleak, you can execute 要“重置”kmemleak收集的数据,您可以执行
echo clear /sys/kernel/debug/kmemleak
The output you have posted means that kmemleak thinks that a memory area 2Kb in size at address 0xc625e000 has not been freed at the time the tool has last analyzed memory. 您发布的输出意味着kmemleak认为在工具上次分析内存时尚未释放地址为0xc625e000 2Kb内存区域。 The backtrace specifies where the memory was allocated. 回溯指定内存的分配位置。 "swapper" is the name of the process that has allocated that memory area. “swapper”是已分配该内存区域的进程的名称。
2. As far as setting memory read-only is concerned, this technique is indeed used in some places of the kernel, eg to protect the code of the kernel proper and the modules. 2.就设置内存只读而言,这种技术确实在内核的某些地方使用,例如保护内核的代码和模块。 I cannot give you exact instructions here but the implementation of set_page_attributes() function is a good place to start digging in. 我不能在这里给出确切的说明,但set_page_attributes()函数的实现是开始挖掘的好地方。
Note that kmemcheck I mentioned above uses a somewhat similar technique to track memory accesses: makes pages "look" like they do not exist so that each access to them causes a page fault, etc. The details are in the kernel docs , as usual. 请注意,我上面提到的kmemcheck使用了一种类似的技术来跟踪内存访问:使页面“看起来”就像它们不存在一样,因此每次访问它们都会导致页面错误等。详细信息在内核文档中 ,像往常一样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.