2

我正在使用内核 3.16 并尝试使用 LZ4 压缩内存中的数据。我检查了内核源代码树,找到了压缩源文件 /lib/lz4.c,我使用了以下函数:

int lz4_compress(const unsigned char *src, size_t src_len,
            unsigned char *dst, size_t *dst_len, void *wrkmem)

但我收到以下错误:

 31.652635] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffc010d13a
[   31.652635] 
[   31.653595] CPU: 0 PID: 1856 Comm: insmod Tainted: P           OE 3.16.0-30-generic #40~14.04.1-Ubuntu
[   31.654408] Hardware name: Parallels Software International Inc. Parallels Virtual Platform/Parallels Virtual Platform, BIOS 11.1.3 (32521) 02/16/2016
[   31.655579]  ffff8800aa33e080 ffff8801483d1c90 ffffffff81762590 ffffffff81a75d20
[   31.656295]  ffff8801483d1d08 ffffffff8175aa62 ffff880000000010 ffff8801483d1d18
[   31.657011]  ffff8801483d1cb8 ffffffffc01230ae ffffffffc010d13a 00000000fb25afb4
[   31.657730] Call Trace:
[   31.657966]  [<ffffffff81762590>] dump_stack+0x45/0x56
[   31.658424]  [<ffffffff8175aa62>] panic+0xc8/0x1fc
[   31.658850]  [<ffffffffc01230ae>] ? lz4_compress+0xae/0x1000 [lz4_compress]
[   31.659463]  [<ffffffffc010d13a>] ? hello_init+0x13a/0x140 [test]
[   31.660008]  [<ffffffffc010d000>] ? 0xffffffffc010cfff
[   31.660468]  [<ffffffff8106db2b>] __stack_chk_fail+0x1b/0x20
[   31.660970]  [<ffffffffc010d13a>] hello_init+0x13a/0x140 [test]
[   31.661626] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   31.662512] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffc010d13a
[   31.662512]

我的源代码:

#include<linux/module.h>
#include<linux/slab.h>
#include<linux/kernel.h>
#include<linux/lz4.h>

static int hello_init(void){
    unsigned char buf[PAGE_SIZE];
    unsigned char data[PAGE_SIZE];
    int i;
    size_t comp_size;
    unsigned char *dst;
    dst=(unsigned char*)kmalloc(PAGE_SIZE, GFP_KERNEL);
    memset(dst,0,PAGE_SIZE);
    for(i=0;i<PAGE_SIZE;i++)
        data[i]=i;
    lz4_compress(data, PAGE_SIZE, dst, &comp_size, buf);
    return 0;
}

static void hello_exit(void){
    printk("clean up\n");
}

module_init(hello_init);
module_exit(hello_exit);

我试图找到一些关于 LZ4 如何在内核模块中工作的示例,但我一无所获。我不知道是否有人对在内核模块中进行压缩有一些经验。

谢谢!

4

1 回答 1

1

默认情况下,内核堆栈大小为 2 页。所以你启动了堆栈溢出。如果您需要使用 lz4 的示例 - 查看 zram,它具有 lz4 压缩后端。堆栈金丝雀是一种防止缓冲区溢出攻击的特殊机制(如果您有兴趣)

于 2016-03-17T05:28:52.670 回答