这是我所做的:
- 用户空间进程用于
malloc()在堆上分配内存并用特定模式的字符填充它,然后拼出malloc(). 进程 id 和内存块的地址被传递给一个内核模块,如下所示:
int init_module(void) { int res = 0; struct page *data_page; struct task_struct *task = NULL; struct vm_area_struct *next_vma; struct mm_struct *mm; task = pid_task(find_vpid(pid), PIDTYPE_PID); if (pid != -1) target_process_id = pid; if (!task) { printk("Could not find the task struct for process id %d\n", pid); return 0; } else { printk("Found the task <%s>\n", task->comm); } mm = task->mm; if (!mm) { printk("Could not find the mmap struct for process id %d\n", pid); return 0; } next_vma = find_vma(mm, addr); down_read(&task->mm->mmap_sem); res = get_user_pages(task, task->mm, addr, 1, 1, 1, &data_page, NULL); if (res != 1) { printk(KERN_INFO "get_user_pages error\n"); up_read(&task->mm->mmap_sem); return 0; } else { printk("Found vma struct and it starts at: %lu\n", next_vma->vm_start); } flush_cache_range(next_vma,next_vma->vm_start,next_vma->vm_end); flush_tlb_range(next_vma,next_vma->vm_start,next_vma->vm_end); up_read(&task->mm->mmap_sem); return 0;}
我在 Linux 内核
printk()中的函数中添加了语句来跟踪由(上面的变量定义之后的第 3 行代码)handle_mm_fault()引起的页面错误。target_process_id像这样的东西:if (unlikely(current->pid == target_process_id)) printk("Target process <%d> generated a page fault at address %lu\n", current->pid, address);
现在,我注意到最后一条printk()语句没有捕获任何内容。
该函数init_module是内核模块的初始化函数。使用 insmod 将其插入到正在运行的内核中...使用命令insmod module.ko pid=<processId> addr=<address>
知道可能出了什么问题吗?