C语言 Linux内核块设备驱动程序:在module_init中调用add_disk时空指针取消引用

disbfnqx  于 2023-10-16  发布在  Linux
关注(0)|答案(1)|浏览(225)

我写了一个非常基本的块设备驱动程序,按照这里的步骤https://linux-kernel-labs.github.io/refs/heads/master/labs/block_device_drivers.htmlmodule_init函数my_block_init如下所示:

  1. static int create_block_device(struct my_block_dev *dev) {
  2.   int err;
  4.   dev->size = NR_SECTORS * KERNEL_SECTOR_SIZE;
  5.   dev->data = vmalloc(dev->size);
  6.   if (dev->data == NULL) {
  7.     printk(KERN_ERR "vmalloc: out of memory\n");
  8.     err = -ENOMEM;
  9.     goto out_vmalloc;
  10.   }
  12.   /* Initialize tag set. */
  13.   dev->tag_set.ops = &my_queue_ops;
  14.   dev->tag_set.nr_hw_queues = 1;
  15.   dev->tag_set.queue_depth = 128;
  16.   dev->tag_set.numa_node = NUMA_NO_NODE;
  17.   dev->tag_set.cmd_size = 0;
  18.   dev->tag_set.flags = BLK_MQ_F_SHOULD_MERGE;
  19.   err = blk_mq_alloc_tag_set(&dev->tag_set);
  20.   if (err) {
  21.     printk(KERN_ERR "blk_mq_alloc_tag_set: can't allocate tag set\n");
  22.     goto out_alloc_tag_set;
  23.   }
  25.   /* Allocate queue. */
  26.   dev->queue = blk_mq_init_queue(&dev->tag_set);
  27.   if (IS_ERR(dev->queue)) {
  28.     printk(KERN_ERR "blk_mq_init_queue: out of memory\n");
  29.     err = -ENOMEM;
  30.     goto out_blk_init;
  31.   }
  32.   blk_queue_logical_block_size(dev->queue, KERNEL_SECTOR_SIZE);
  33.   dev->queue->queuedata = dev;
  35.   /* initialize the gendisk structure */
  36.   dev->gd = blk_alloc_disk(NUMA_NO_NODE);
  37.   if (!dev->gd) {
  38.     printk(KERN_ERR "alloc_disk: failure\n");
  39.     err = -ENOMEM;
  40.     goto out_alloc_disk;
  41.   }
  42.   
  43.   dev->gd->major = MY_BLOCK_MAJOR;
  44.   dev->gd->minors = 1;
  45.   dev->gd->first_minor = 0;
  46.   dev->gd->fops = &my_block_ops;
  47.   dev->gd->queue = dev->queue;
  48.   dev->gd->private_data = dev;
  49.   snprintf(dev->gd->disk_name, DISK_NAME_LEN, "myblock");
  50.   set_capacity(dev->gd, NR_SECTORS);
  52.   if (add_disk(dev->gd)) {
  53.     err = -ENOMEM;
  54.     goto out_alloc_disk;
  55.   }
  57.   return 0;
  59. out_alloc_disk:
  60.   blk_put_queue(dev->queue);
  61. out_blk_init:
  62.   blk_mq_free_tag_set(&dev->tag_set);
  63. out_alloc_tag_set:
  64.   vfree(dev->data);
  65. out_vmalloc:
  66.   return err;
  67. }
  69. static int my_block_init(void) {
  70.   int status;
  72.   status = register_blkdev(MY_BLOCK_MAJOR, MY_BLKDEV_NAME);
  73.   if (status < 0) {
  74.     printk(KERN_ERR "unable to register mybdev block device\n");
  75.     return -EBUSY;
  76.   }
  77.   printk(KERN_INFO
  78.          "Block device with major(%d) and name(%s) successfully created\n",
  79.          MY_BLOCK_MAJOR, MY_BLKDEV_NAME);
  80.   status = create_block_device(&dev);
  81.   if (status < 0) {
  82.     printk(KERN_ERR "unable to create block device\n");
  83.     return -EBUSY;
  84.   }
  86.   return 0;
  87. }

在我对ko模块文件编译并执行insmod之后,insmod进程被杀死并退出。
然后我使用dmesg | tail -100检查日志,看起来在调用add_disk函数时有一个NULL指针解引用:

  1. [  108.621987] Block device with major(240) and name(mybdev) successfully created
  2. [  108.624629] BUG: kernel NULL pointer dereference, address: 0000000000000264
  3. [  108.624637] #PF: supervisor read access in kernel mode
  4. [  108.624639] #PF: error_code(0x0000) - not-present page
  5. [  108.624641] PGD 0 P4D 0 
  6. [  108.624643] Oops: 0000 [#1] PREEMPT SMP PTI
  7. [  108.624646] CPU: 0 PID: 2767 Comm: insmod Tainted: G           OE      6.2.0-33-generic #33~22.04.1-Ubuntu
  8. [  108.624648] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
  9. [  108.624651] RIP: 0010:kobject_get+0xe/0x90
  10. [  108.624658] Code: c2 a8 68 05 b9 eb d2 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 54 49 89 fc 48 85 ff 74 22 <f6> 47 3c 01 74 2f 49 8d 7c 24 38 b8 01 00 00 00 f0 41 0f c1 44 24
  11. [  108.624659] RSP: 0018:ffffbef08649fa68 EFLAGS: 00010206
  12. [  108.624661] RAX: ffffffffb8f920c4 RBX: 0000000000000228 RCX: 0000000000000000
  13. [  108.624662] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000228
  14. [  108.624663] RBP: ffffbef08649fa70 R08: 0000000000000000 R09: 0000000000000000
  15. [  108.624663] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000228
  16. [  108.624664] R13: 0000000000000000 R14: ffff967146f53400 R15: ffff967146f53410
  17. [  108.624665] FS:  00007f80b1aaa000(0000) GS:ffff967179e00000(0000) knlGS:0000000000000000
  18. [  108.624666] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  19. [  108.624667] CR2: 0000000000000264 CR3: 0000000056e9c003 CR4: 0000000000370ef0
  20. [  108.624670] Call Trace:
  21. [  108.624672]  <TASK>
  22. [  108.624676]  ? show_regs+0x72/0x90
  23. [  108.624681]  ? __die+0x25/0x80
  24. [  108.624682]  ? page_fault_oops+0x79/0x190
  25. [  108.624685]  ? mod_memcg_lruvec_state+0x2b/0x60
  26. [  108.624689]  ? mod_objcg_state+0x1ad/0x2e0
  27. [  108.624692]  ? do_user_addr_fault+0x30c/0x640
  28. [  108.624693]  ? exc_page_fault+0x81/0x1b0
  29. [  108.624698]  ? asm_exc_page_fault+0x27/0x30
  30. [  108.624702]  ? kobject_get+0xe/0x90
  31. [  108.624704]  kobject_add_internal+0x35/0x310
  32. [  108.624706]  kobject_add+0x7a/0xf0
  33. [  108.624709]  elv_register_queue+0x3a/0xa0
  34. [  108.624712]  blk_register_queue+0xf2/0x220
  35. [  108.624715]  device_add_disk+0x249/0x400
  36. [  108.624722]  ? __pfx_init_module+0x10/0x10 [mybdev]
  37. [  108.624726]  my_block_init+0x193/0xec0 [mybdev]
  38. [  108.624729]  do_one_initcall+0x46/0x240
  39. [  108.624733]  ? kmalloc_trace+0x2a/0xb0
  40. [  108.624736]  do_init_module+0x52/0x240
  41. [  108.624739]  load_module+0xb96/0xd60
  42. [  108.624741]  ? kernel_read_file+0x25c/0x2b0
  43. [  108.624746]  __do_sys_finit_module+0xcc/0x150
  44. [  108.624748]  ? __do_sys_finit_module+0xcc/0x150
  45. [  108.624750]  __x64_sys_finit_module+0x18/0x30
  46. [  108.624752]  do_syscall_64+0x59/0x90
  47. [  108.624755]  ? ksys_mmap_pgoff+0x123/0x270
  48. [  108.624759]  ? exit_to_user_mode_prepare+0x3b/0xd0
  49. [  108.624761]  ? syscall_exit_to_user_mode+0x38/0x60
  50. [  108.624762]  ? do_syscall_64+0x69/0x90
  51. [  108.624764]  ? syscall_exit_to_user_mode+0x38/0x60
  52. [  108.624766]  ? do_syscall_64+0x69/0x90
  53. [  108.624767]  ? do_syscall_64+0x69/0x90
  54. [  108.624769]  ? do_syscall_64+0x69/0x90
  55. [  108.624771]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
  56. [  108.624772] RIP: 0033:0x7f80b131ea3d

添加elv_register_queue内部发生的异常,源代码如下:

  1. int elv_register_queue(struct request_queue *q, bool uevent)
  2. {
  3.     struct elevator_queue *e = q->elevator;
  4.     int error;
  6.     lockdep_assert_held(&q->sysfs_lock);
  8.     error = kobject_add(&e->kobj, &q->disk->queue_kobj, "iosched");
  9.     if (!error) {
  10.         struct elv_fs_entry *attr = e->type->elevator_attrs;
  11.         if (attr) {
  12.             while (attr->attr.name) {
  13.                 if (sysfs_create_file(&e->kobj, &attr->attr))
  14.                     break;
  15.                 attr++;
  16.             }
  17.         }
  18.         if (uevent)
  19.             kobject_uevent(&e->kobj, KOBJ_ADD);
  21.         set_bit(ELEVATOR_FLAG_REGISTERED, &e->flags);
  22.     }
  23.     return error;
  24. }

在查找了几个源代码后,我无法找到未初始化的内容,并生成了异常。有没有人熟悉内核的这一部分,或者有没有更好的方法来解决这个问题?
核心版本:v6.2.0

c

1条答案

按热度按时间
l2osamch

l2osamch1#

我通过检查block/genhd.c的源代码解决了这个问题,发现对blk_alloc_disk的调用为提供的gendisk分配了一个request_queue,所以我删除了自己对request_queue的初始化,代码终于完成了。

  1. dev->gd = blk_alloc_disk(NUMA_NO_NODE);
  3.   dev->queue = dev->gd->queue; // use the queue allocated during blk_alloc_disk
赞(0)分享  回复(0)举报  2023-10-16
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com