1

我正在尝试在 Linux 中编写加密驱动程序,但是当我加密字符串并使用copy_from_user()它将其复制到缓冲区中时不起作用,并且 k 值是字符串中的字符数

如果我改变temp它工作copy_from_user正常buf

ssize_t encdec_write_caesar(struct file *filp, const char *buf, size_t count, loff_t *f_pos)
{
    char *temp ;
    temp = kmalloc(memory_size * sizeof(char),GFP_USER);
    memset(temp, 0, memory_size);

    int i , k ;

    k = ((encdec_private_date *)(filp->private_data))->key;
    for(i = 0; i < count; i++)
    {
        temp[i] = (buf[i] + k) % 128;
    }

    k = copy_from_user ( caesar_Buf , temp , count);
    printk("write-> %d\n"  ,k);

    kfree(temp);
    return 0;
 }

这是代码的一部分

#include <linux/ctype.h>
#include <linux/config.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/proc_fs.h>
#include <linux/fcntl.h>
#include <asm/system.h>
#include <asm/uaccess.h>
#include <linux/string.h>

#include "encdec.h"

#define MODULE_NAME "encdec"

MODULE_LICENSE("GPL");
MODULE_AUTHOR("YOUR NAME");

int     encdec_open(struct inode *inode, struct file *filp);
int     encdec_release(struct inode *inode, struct file *filp);
int     encdec_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg);

ssize_t encdec_read_caesar( struct file *filp, char *buf, size_t count, loff_t *f_pos );
ssize_t encdec_write_caesar(struct file *filp, const char *buf, size_t count, loff_t *f_pos);



int memory_size = 0;

MODULE_PARM(memory_size, "i");

int major = 0;
char *caesar_Buf = NULL;


struct file_operations fops_caesar = {
    .open    =  encdec_open,
    .release =  encdec_release,
    .read    =  encdec_read_caesar,
    .write   =  encdec_write_caesar,
    .llseek  =  NULL,
    .ioctl   =  encdec_ioctl,
    .owner   =  THIS_MODULE
};


// Implemetation suggestion:
// -------------------------
// Use this structure as your file-object's private data structure
typedef struct {
    unsigned char key;
    int read_state;
} encdec_private_date;

int init_module(void)
{
    major = register_chrdev(major, MODULE_NAME, &fops_caesar);
    if(major < 0)
    {
        return major;
    }



    caesar_Buf = (char *)kmalloc(memory_size * sizeof(char),GFP_KERNEL);



    return 0;
}

4

1 回答 1

1

您应该使用copy_from_user而不是buf直接访问(在循环内,而不是在访问时temp(在内核空间内存中。)

copy_from_user旨在确保在用户上下文中的访问仅访问用户空间数据——即,有人不会在系统调用中传递指向内核内存的指针,并以某种方式从内核泄漏数据。

于 2019-05-15T14:43:23.223 回答