LINUX KERNEL OOPS调试及实例分析(GDB OBJDUMP指令)

LINUX KERNEL OOPS调试及实例分析(GDB OBJDUMP指令)

异常内核模块

内核模块文件OOPS.C

1. #include <linux/kernel.h>
2.  
   #include <linux/module.h>
3.  
   #include <linux/init.h>
4.  
    
5.  
   static void create_oops(void)
6.  
   {
7.  
   *(int *)0 = 0;
8.  
   }
9.  
   static int __init my_oops_init(void)
10.  
    {
11.  
    printk("oops from the module\n");
12.  
    create_oops();
13.  
    return (0);
14.  
    }
15.  
    static void __exit my_oops_exit(void)
16.  
    {
17.  
    printk("Goodbye world\n");
18.  
    }
19.  
    module_init(my_oops_init);
20.  
    module_exit(my_oops_exit);
21.  
    MODULE_LICENSE("GPL");

编译内核模块MAKEFILE

1.  
   EXTRA_CFLAGS += -g
2.  
   obj-m += oops.o
3.  
    
4.  
   all:
5.  
   $(MAKE) -C /lib/modules/$(shell uname -r)/build M=$(PWD)
6.  
   clean:
7.  
   make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
8.  
   rm -f modules.order Module.symvers Module.markers

备注：

        Makefile中EXTRA_CFLAGS += -g需要增加

编译内核模拟OOPS

安装模块INSMOD OOPS.KO，出现KILLED，由于故障不严重，未导致系统死机重启

DMESG查看信息可以看到OOPS信息如下

1.  
   [ 933.023020] oops: loading out-of-tree module taints kernel.
2.  
   [ 933.023046] oops: module verification failed: signature and/or required key missing - tainting kernel
3.  
   [ 933.023611] oops from the module
4.  
   [ 933.023615] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
5.  
   [ 933.023621] IP: my_oops_init+0x15/0x1000 [oops]
6.  
   [ 933.023622] PGD 0 P4D 0
7.  
   [ 933.023624] Oops: 0002 [#1] SMP PTI
8.  
   [ 933.023626] Modules linked in: oops(OE+) vmw_vsock_vmci_transport vsock crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_ens1371 snd_ac97_codec gameport aesni_intel ac97_bus snd_pcm aes_x86_64 crypto_simd snd_seq_midi glue_helper snd_seq_midi_event joydev cryptd snd_rawmidi vmw_balloon input_leds serio_raw snd_seq snd_seq_device intel_rapl_perf shpchp snd_timer mac_hid snd i2c_piix4 soundcore vmw_vmci parport_pc ppdev lp parport autofs4 hid_generic usbhid hid psmouse vmwgfx ttm drm_kms_helper ahci libahci syscopyarea sysfillrect mptspi sysimgblt fb_sys_fops pcnet32 mii drm mptscsih mptbase scsi_transport_spi pata_acpi
9.  
   [ 933.023642] CPU: 1 PID: 4198 Comm: insmod Tainted: G OE 4.15.0-123-generic #126~16.04.1-Ubuntu
10.  
    [ 933.023643] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019
11.  
    [ 933.023645] RIP: 0010:my_oops_init+0x15/0x1000 [oops]
12.  
    [ 933.023646] RSP: 0018:ffffa90044b67c68 EFLAGS: 00010286
13.  
    [ 933.023647] RAX: 0000000000000014 RBX: ffffffffc0645000 RCX: 0000000000000006
14.  
    [ 933.023648] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff8ed839656490
15.  
    [ 933.023649] RBP: ffffa90044b67c68 R08: 0000000000021d54 R09: ffff8ed83fec8000
16.  
    [ 933.023650] R10: ffffe45282d98e40 R11: 000000000000062d R12: ffffffffc0648000
17.  
    [ 933.023651] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8ed7a4ce3b40
18.  
    [ 933.023652] FS: 00007fc14dfbe700(0000) GS:ffff8ed839640000(0000) knlGS:0000000000000000
19.  
    [ 933.023653] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
20.  
    [ 933.023654] CR2: 0000000000000000 CR3: 00000000a4d48001 CR4: 00000000003606e0
21.  
    [ 933.023674] Call Trace:
22.  
    [ 933.023680] do_one_initcall+0x55/0x1ac
23.  
    [ 933.023683] ? _cond_resched+0x1a/0x50
24.  
    [ 933.023686] ? kmem_cache_alloc_trace+0x165/0x1c0
25.  
    [ 933.023690] do_init_module+0x5f/0x223
26.  
    [ 933.023692] load_module+0x188c/0x1ea0
27.  
    [ 933.023696] ? ima_post_read_file+0x83/0xa0
28.  
    [ 933.023698] SYSC_finit_module+0xe5/0x120
29.  
    [ 933.023700] ? SYSC_finit_module+0xe5/0x120
30.  
    [ 933.023702] SyS_finit_module+0xe/0x10
31.  
    [ 933.023703] do_syscall_64+0x73/0x130
32.  
    [ 933.023706] entry_SYSCALL_64_after_hwframe+0x41/0xa6
33.  
    [ 933.023707] RIP: 0033:0x7fc14daec599
34.  
    [ 933.023708] RSP: 002b:00007ffc96df4ce8 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
35.  
    [ 933.023709] RAX: ffffffffffffffda RBX: 0000563624a281f0 RCX: 00007fc14daec599
36.  
    [ 933.023710] RDX: 0000000000000000 RSI: 0000563622b0426b RDI: 0000000000000003
37.  
    [ 933.023711] RBP: 0000563622b0426b R08: 0000000000000000 R09: 00007fc14ddb1ea0
38.  
    [ 933.023712] R10: 0000000000000003 R11: 0000000000000206 R12: 0000000000000000
39.  
    [ 933.023712] R13: 0000563624a27130 R14: 0000000000000000 R15: 0000000000000000
40.  
    [ 933.023714] Code: <c7> 04 25 00 00 00 00 00 00 00 00 31 c0 5d c3 00 00 00 00 00 00 00
41.  
    [ 933.023722] RIP: my_oops_init+0x15/0x1000 [oops] RSP: ffffa90044b67c68
42.  
    [ 933.023723] CR2: 0000000000000000
43.  
    [ 933.023725] ---[ end trace b763de4574e1f5e6 ]---

问题分析

OOPS信息分析

[  933.023624] Oops: 0002 [#1] SMP PTI

0002 ：是错误码

#1 ：Oops发生的次数 

This is the error code value in hex. Each bit has a significance of its own:

• bit 0 == 0 means no page found, 1 means a protection fault
• bit 1 == 0 means read, 1 means write
• bit 2 == 0 means kernel, 1 means user-mode
• [#1] — this value is the number of times the Oops occurred. Multiple Oops can be triggered as a cascading effect of the first one.

[  933.023642] CPU: 1 PID: 4198 Comm: insmod Tainted: G           OE    4.15.0-123-generic #126~16.04.1-Ubuntu

 这个表示Oops是发生在CPU1上，当运行进程4198 insmod的时候出现的问题 

关键信息如下，这里提示在操作函数my_oops_init的时候出现异常，偏移地址0x15

[  933.023621] IP: my_oops_init+0x15/0x1000 [oops]

 问题定位

从以上分析可以看出，最关键信息如下：

1.  
   [ 933.023621] IP: my_oops_init+0x15/0x1000 [oops]
2.  
   [ 933.023722] RIP: my_oops_init+0x15/0x1000 [oops] RSP: ffffa90044b67c68

由此可以看出内核执行到my_oops_init+0x15/0x1000这个地址的时候出现异常，我们只需要找到这个地址对应的代码即可

格式为 +偏移/长度
my_oops_init指示了实在my_oops_init中出现的异常
0x15表示出错的偏移位置
0x1000表示my_oops_init函数的大小 

方法一：GDB直接查看异常代码

由于是驱动出现的问题, 那么gdb直接调试驱动的 ko 文件, 如果是源内核出现的 OOPS, 那么只能用 gdb 对 vmlinux(内核根目录下) 文件进行调试 

1.  
   gdb oops.ko或者gdb oops.o
2.  
   l*(my_oops_init+0x15)
3.  
    
4.  
   格式：
5.  
   l*(函数名+偏移地址)或者（函数入口地址+偏移地址）

备注：

       ko文件一定要是和报错的是ko是同一个，如果编译到内核可以使用.o文件，如下所示

可以看到gdb提示是第7行代码异常，此方法也适合内核Oops，只需要将ko文件替换为vmlinux文件即可

方法二：GDB反汇编代码获取地址直接转化对应源码

对于驱动来说, 可以从/sys/module/对应驱动名称/sections/.init.text 查找到对应的地址信息

1.  
   cat /sys/module/oops/sections/.init.text
2.  
   0xffffffffc0648000
3.  
   gdb oops.ko
4.  
   #加符号文件添加到调试器
5.  
   add-symbol-file oops.o 0xffffffffc0648000
6.  
   #将my_oops_init函数反汇编得到虚拟地址信息
7.  
   disassemble my_oops_init
8.  
   #列出对应代码信息
9.  
   l*(函数名+偏移地址)

方法三：OBJDUMP反汇编

objdump -S oops.o

从报错log可以找到出错的机器码如下：

[  933.023714] Code: <c7> 04 25 00 00 00 00 00 00 00 00 31 c0 5d c3 00 00 00 00 00 00 00 

参考资料

https://cloud.tencent.com/developer/article/1463579

 https://kernel.blog.csdn.net/article/details/73715860

 

版权声明：本文为wgl307293845原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/wgl307293845/article/details/109767808

 

本公司成本价甩卖工控主板,欢迎大家选购：
PCIE总线转八串口卡，PCIE总线转IO卡，瑞芯微3568板卡，寒武纪CE3226摄像头板卡，龙芯3A4000工控板卡，龙芯3A5000工控板卡，海光3250工控板卡，飞腾FT-2000/4板卡

联系方式：
电话、微信：15918785568 罗生
Email:13279654@qq.com
公众号：开发之美