SLUB Debug

最新推荐文章于 2024-04-27 15:18:49 发布
最新推荐文章于 2024-04-27 15:18:49 发布
阅读量6.3k 收藏 7
点赞数 2
分类专栏: linux kernel Linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/CaspianSea/article/details/25844181
版权

1。 测试代码如下:

#include <linux/init.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/delay.h>
MODULE_LICENSE("GPL");

struct slab_obj {
	int aa;
	int bb;
	int cc;
};

typedef struct slab_obj *slab_obj_t;

slab_obj_t memblk = NULL;

struct kmem_cache *myslabobj;

static void mm_create(void)
{
	myslabobj =
	    kmem_cache_create("my_slab_obj", sizeof(struct slab_obj), 0,
			      SLAB_HWCACHE_ALIGN, NULL);
	memblk = kmem_cache_alloc(myslabobj, GFP_KERNEL);
	memblk->aa = 0xabcd;
	memblk->bb = 0x1234;
	memblk->cc = 0x6879;
}

static void mm_destroy(void)
{
	kfree(memblk);
	kmem_cache_destroy(myslabobj);
}

static int __init slub_debug_init(void)
{
	mm_create();
	return 0;
}

static void __exit slub_debug_exit(void)
{
	mm_destroy();
}

module_init(slub_debug_init);
module_exit(slub_debug_exit);

1. 测试内存泄露:

注释掉  mm_destroy()里的 Kfree()函数,然后测试

在   rmmod的时候,会有log 报告:

#rmmod  slub_debug
=============================================================================
BUG my_slab_obj (Tainted: G           O): Objects remaining in my_slab_obj on kmem_cache_close()
-----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: Slab 0xc06798e0 objects=128 used=1 fp=0xc7b47fe0 flags=0x0080
CPU: 3 PID: 599 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00c8768>] (slab_err+0x74/0x84)
[<c00c8768>] (slab_err+0x74/0x84) from [<c00ca78c>] (free_partial+0xf8/0x200)
[<c00ca78c>] (free_partial+0xf8/0x200) from [<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4)
[<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4) from [<c00acf78>] (kmem_cache_destroy+0x60/0xf0)
[<c00acf78>] (kmem_cache_destroy+0x60/0xf0) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
INFO: Object 0xc7b47000 @offset=0
kmem_cache_destroy my_slab_obj: Slab cache still has objects
CPU: 3 PID: 599 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00ad004>] (kmem_cache_destroy+0xec/0xf0)
[<c00ad004>] (kmem_cache_destroy+0xec/0xf0) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)

2. double free

在 mm_destroy()里,加上 kfree(memblk), 

static void mm_destroy(void)
{
	kfree(memblk);
	kfree(memblk);
	kmem_cache_destroy(myslabobj);
}

然后,卸载模块:

#rmmod slub_debug
=============================================================================
BUG my_slab_obj (Tainted: G    B      O): Object already free
-----------------------------------------------------------------------------

INFO: Slab 0xc0666660 objects=128 used=0 fp=0xc71b3000 flags=0x0081
INFO: Object 0xc71b3000 @offset=0 fp=0xc71b3fe0

Object c71b3000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5              kkkkkkkkkkk.
Redzone c71b300c: bb bb bb bb                                      ....
Padding c71b3014: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
CPU: 3 PID: 602 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c036d018>] (free_debug_processing+0x1c0/0x278)
[<c036d018>] (free_debug_processing+0x1c0/0x278) from [<c036d838>] (__slab_free+0x38/0x2d0)
[<c036d838>] (__slab_free+0x38/0x2d0) from [<bf00401c>] (slub_debug_exit+0x1c/0x28 [slub_debug])
[<bf00401c>] (slub_debug_exit+0x1c/0x28 [slub_debug]) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
FIX my_slab_obj: Object at 0xc71b3000 not freed

3. use after free:

修改代码如下:

static void mm_destroy(void)
{
	kfree(memblk);
	memblk->aa=0xabcd;
	memblk->bb=0x1234;
	memblk->cc=0x8789;
	kmem_cache_destroy(myslabobj);
}

卸载 模块的时候,log为: 

#rmmod  slub_debug
=============================================================================
BUG my_slab_obj (Tainted: G    B      O): Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xc71ed000-0xc71ed00a. First byte 0xcd instead of 0x6b
INFO: Slab 0xc0666da0 objects=128 used=0 fp=0xc71ed000 flags=0x0080
INFO: Object 0xc71ed000 @offset=0 fp=0xc71edfe0

Object c71ed000: cd ab 00 00 34 12 00 00 89 87 00 00              ....4.......
Redzone c71ed00c: bb bb bb bb                                      ....
Padding c71ed014: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
CPU: 2 PID: 614 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00c7d60>] (check_bytes_and_report+0xbc/0xd8)
[<c00c7d60>] (check_bytes_and_report+0xbc/0xd8) from [<c00c7f30>] (check_object+0x1b4/0x240)
[<c00c7f30>] (check_object+0x1b4/0x240) from [<c00c8cb0>] (__free_slab+0xf8/0x138)
[<c00c8cb0>] (__free_slab+0xf8/0x138) from [<c00ca718>] (free_partial+0x84/0x200)
[<c00ca718>] (free_partial+0x84/0x200) from [<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4)
[<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4) from [<c00acf78>] (kmem_cache_destroy+0x60/0xf0)
[<c00acf78>] (kmem_cache_destroy+0x60/0xf0) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
FIX my_slab_obj: Restoring 0xc71ed000-0xc71ed00a=0x6b

可以看到,第一次free的时候,内核填写的 特征字符  0x6b 已经被修改,后面又恢复过来了。


4.  memory overwritten

修改代码如下:

static void mm_create(void)
{
	myslabobj =
	    kmem_cache_create("my_slab_obj", sizeof(struct slab_obj), 0,
			      SLAB_HWCACHE_ALIGN, NULL);
	memblk = kmem_cache_alloc(myslabobj, GFP_KERNEL);
	memblk->aa = 0xabcd;
	memblk->bb = 0x1234;
	memblk->cc = 0x6879;
        slab_obj_t next_addr = memblk + 1;
        next_addr->cc = 0xdeadbeef;
}

卸载模块的时候,提示: 

#rmmod  slub_debug
=============================================================================
BUG my_slab_obj (Tainted: G    B      O): Object padding overwritten
-----------------------------------------------------------------------------

INFO: 0xc71ed014-0xc71ed017. First byte 0xef instead of 0x5a
INFO: Slab 0xc0666da0 objects=128 used=1 fp=0xc71edfe0 flags=0x0081
INFO: Object 0xc71ed000 @offset=0 fp=0xc71ed020

Object c71ed000: cd ab 00 00 34 12 00 00 79 68 00 00              ....4...yh..
Redzone c71ed00c: cc cc cc cc                                      ....
Padding c71ed014: ef be ad de 5a 5a 5a 5a 5a 5a 5a 5a              ....ZZZZZZZZ
CPU: 3 PID: 638 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00c7d60>] (check_bytes_and_report+0xbc/0xd8)
[<c00c7d60>] (check_bytes_and_report+0xbc/0xd8) from [<c00c7e20>] (check_object+0xa4/0x240)
[<c00c7e20>] (check_object+0xa4/0x240) from [<c036cf18>] (free_debug_processing+0xc0/0x278)
[<c036cf18>] (free_debug_processing+0xc0/0x278) from [<c036d838>] (__slab_free+0x38/0x2d0)
[<c036d838>] (__slab_free+0x38/0x2d0) from [<bf00c014>] (slub_debug_exit+0x14/0x20 [slub_debug])
[<bf00c014>] (slub_debug_exit+0x14/0x20 [slub_debug]) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
FIX my_slab_obj: Restoring 0xc71ed014-0xc71ed017=0x5a

5. redzone overwritten

修改代码如下:

static void mm_create(void)
{
	myslabobj =
	    kmem_cache_create("my_slab_obj", sizeof(struct slab_obj), 0,
			      SLAB_HWCACHE_ALIGN, NULL);
	memblk = kmem_cache_alloc(myslabobj, GFP_KERNEL);
	memblk->aa = 0xabcd;
	memblk->bb = 0x1234;
	memblk->cc = 0x6879;
	int *p = &memblk->cc;
        p++;
        *p = 0x12345678;
        //slab_obj_t next_addr = memblk + 1;
       // next_addr->cc = 0xdeadbeef;     
}
卸载模块时: 

#rmmod  slub_debug
=============================================================================
BUG my_slab_obj (Tainted: G    B      O): Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xc71bc00c-0xc71bc00f. First byte 0x78 instead of 0xcc
INFO: Slab 0xc0666780 objects=128 used=1 fp=0xc71bcfe0 flags=0x0081
INFO: Object 0xc71bc000 @offset=0 fp=0xc71bc020

Object c71bc000: cd ab 00 00 34 12 00 00 79 68 00 00              ....4...yh..
Redzone c71bc00c: 78 56 34 12                                      xV4.
Padding c71bc014: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
CPU: 0 PID: 656 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00c7d60>] (check_bytes_and_report+0xbc/0xd8)
[<c00c7d60>] (check_bytes_and_report+0xbc/0xd8) from [<c00c7ee8>] (check_object+0x16c/0x240)
[<c00c7ee8>] (check_object+0x16c/0x240) from [<c036cf18>] (free_debug_processing+0xc0/0x278)
[<c036cf18>] (free_debug_processing+0xc0/0x278) from [<c036d838>] (__slab_free+0x38/0x2d0)
[<c036d838>] (__slab_free+0x38/0x2d0) from [<bf010014>] (slub_debug_exit+0x14/0x20 [slub_debug])
[<bf010014>] (slub_debug_exit+0x14/0x20 [slub_debug]) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
FIX my_slab_obj: Restoring 0xc71bc00c-0xc71bc00f=0xcc

=============================================================================
BUG my_slab_obj (Tainted: G    B      O): Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xc71bc00c-0xc71bc00f. First byte 0xcc instead of 0xbb
INFO: Slab 0xc0666780 objects=128 used=0 fp=0xc71bc000 flags=0x0080
INFO: Object 0xc71bc000 @offset=0 fp=0xc71bcfe0

Object c71bc000: cd ab 00 00 34 12 00 00 79 68 00 00              ....4...yh..
Redzone c71bc00c: cc cc cc cc                                      ....
Padding c71bc014: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
CPU: 0 PID: 656 Comm: rmmod Tainted: G    B      O 3.10.28 #6
[<c0014ac0>] (unwind_backtrace+0x0/0xf4) from [<c00119d8>] (show_stack+0x10/0x14)
[<c00119d8>] (show_stack+0x10/0x14) from [<c00c7d60>] (check_bytes_and_report+0xbc/0xd8)
[<c00c7d60>] (check_bytes_and_report+0xbc/0xd8) from [<c00c7ee8>] (check_object+0x16c/0x240)
[<c00c7ee8>] (check_object+0x16c/0x240) from [<c00c8cb0>] (__free_slab+0xf8/0x138)
[<c00c8cb0>] (__free_slab+0xf8/0x138) from [<c00ca718>] (free_partial+0x84/0x200)
[<c00ca718>] (free_partial+0x84/0x200) from [<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4)
[<c00ca8d4>] (__kmem_cache_shutdown+0x40/0xd4) from [<c00acf78>] (kmem_cache_destroy+0x60/0xf0)
[<c00acf78>] (kmem_cache_destroy+0x60/0xf0) from [<c0066314>] (SyS_delete_module+0x124/0x210)
[<c0066314>] (SyS_delete_module+0x124/0x210) from [<c000df40>] (ret_fast_syscall+0x0/0x30)
FIX my_slab_obj: Restoring 0xc71bc00c-0xc71bc00f=0xbb

上面这些问题都是在  QEMU 下测试, 命令为:

 sudo ./qemu-1.7.0/arm-softmmu/qemu-system-arm   -M vexpress-a9 -kernel ./linux-3.10.28/arch/arm/boot/zImage -sd rootfs.img -hda vfat.img --append "root=/dev/mmcblk0 rw rootfs=ext3 rootdelay=3  physmap.enabled=0 console=ttyAMA0 console=tty0 slub_debug=PZ"   -net nic,vlan=0 -net tap,vlan=0 -nographic  -smp 4,sockets=1,cores=4

其中 

slub_debug=PZ
为  传递slub调试的参数。 P, Z等的意义如下: 

	F		Sanity checks on (enables SLAB_DEBUG_FREE. Sorry
			SLAB legacy issues)
	Z		Red zoning
	P		Poisoning (object and padding)
	U		User tracking (free and alloc)
	T		Trace (please only use on single slabs)
	A		Toggle failslab filter mark for the cache
	O		Switch debugging off for caches that would have
			caused higher minimum slab orders
	-		Switch all debugging off (useful if the kernel is
			configured with CONFIG_SLUB_DEBUG_ON)

参考资料:

1. Documentation/vm/slub.txt

2. http://lp007819.wordpress.com/2012/01/25/%E4%BD%BF%E7%94%A8slubslab%E7%9A%84%E8%B0%83%E8%AF%95%E5%8A%9F%E8%83%BD%E2%80%8F/

CaspianSea
关注
  • 2
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Linux 内存管理之 SLUB分配器(6):slub debug 实例测试
And乔的博客
01-10 1727
Linux 内存管理之 SLUB分配器(6):slub debug 实例测试 1. Object layout slub object layout 之前已经有专门的一小节进行介绍了,这里直接将其结果拿来: 2. 配置开关 默认情况下上述的layout中debug信息是没有打开的,毕竟会增加太多的内容,增加内存的压力,所以需要打开如下部分内容: Config: CONFIG_SLUB=y CONFIG_SLUB_DEBUG=y CONFIG_SLUB_DEBUG_ON=y CONFIG_SLUB_C
slabdbg:GDB插件,有助于利用Linux内核的SLUB分配器
03-09
平板电脑 GDB插件使开发针对SLUB分配器Linux内核漏洞更加容易。 它显示slab缓存的内容,并允许在分配/释放操作上设置断点。 安装 无需安装,只需键入source slabdbg.py就足以让您入门。 用法 Usage: slab list - Display simple information about all slab caches slab info <name> - Display extended information about a slab cache slab trace <name> - Start/stop tracing allocations for a slab cache slab break <name> - Start/stop breaking on allocation for a slab cache slab wa
linux kernel内存泄漏检测工具之slub debug
最新发布
yanghao23的专栏
04-27 1661
ko中的实现基本就是将slub.c,slab_common.c中的依赖的结构体,函数等重写一下,注册好上面的两个hook函数,一个替换掉kmalloc_caches, 一个存储slub分配的调用栈,剩下的就是处理好编译报错,将/sys/kernel/debug/slab/XXX/alloc_traces 的实现用在新增的ko中,增加调试节点,即可完成动态开启slubdebug的功能。如果版本存在SLUB内存泄漏, 抓取/proc/slabinfo或者使用slabinfo 工具来确认泄漏的slub 类型;
使用slub(slab)的调试功能‏
smile
11-16 3699
使用slub(slab)的调试功能‏ 发表评论作者 lp007819 on 2012年01月25日 在日常开发工作中最容易发生的错误十有八九都是出在线性空间的操作方面。(这里指的线性空间可以认为等同于虚拟地址或虚拟内存,但其他场合并不一 定适用) 主要的问题体现在: 1. 访问了未初始化的线性空间。 这类问题还是相对比较容易发现,因为内核立即会告警并打印堆栈。 2.
SLUB DEBUG 检测slab 内存泄漏
一叶知秋的博客
11-07 512
文章介绍如何定位linux 内核中slab 内存泄漏。
SLUB DEBUG原理
~~ LINUX ~~
04-23 537
1. 前言 在工作中,经常会遇到由于越界导致的各种奇怪的问题。为什么越界访问导致的问题很奇怪呢?在工作差不多半年的时间里我就遇到了很多越界访问导致的问题(不得不吐槽下IC厂商提供的driver,总是隐藏着bug)。比如说越界访问导致的死机问题,这种问题的出现一般需要长时间测试才能发现,而且发现的时候即使有panic log。你也没什么头绪。这是为什么呢?假设驱动A通过kmalloc()申请了一段...
slub debug
lzhf1122的博客
12-09 863
slub debug工具介绍
SLub算法分析
04-21
SLUB(Simple List-Based Unified Buffer)是Linux内核中用于内存管理的一种高效数据结构,它在SLAB(Simple Linear Allocator for Buffers)的基础上进行了优化,旨在提高内存分配和释放的性能。SLUB的设计目标是...
Linux Slub Allocator工作原理
12-29
Linux中Slub allocator工作原理介绍
linux slob slab slub allocator
12-15
Linux memory slob slab slub allocator. Three different memory allocators comprision.
论文研究-Linux内核Slub内存分配机制分析 .pdf
08-15
Linux内核Slub内存分配机制分析,李英鹏,,Slab内存分配机制是Linux内核采用的传统内存分配机制。随着系统的发展,它暴露出队列管理复杂,管理结构内存消耗大,回收机制比较复
buddy_slub:来自linux内核的buddy and slub算法
06-12
buddy and slub从Linux Kernel中提取出来的buddy/slub算法实现。buddy/slub是Linux内核中的内存管理算法。buddy防止内存的“外碎片”,即防止内存块越分越小,而不能满足大块内存分配的需求。slub防止内存的“内碎片...
Linux内存管理 (22)内存检测技术(slub_debug/kmemleak/kasan)
铁匠的七寸宫
10-29 1659
Linux常见的内存访问错误有: 越界访问(out of bounds) 访问已经释放的内存(use after free) 重复释放 内存泄露(memory leak) 栈溢出(stack overflow) 不同的工具有不同的侧重点,本章主要从slub_debug、kmemleak、kasan三个工具介绍。 kmemleak侧重于内存泄露问题发现。 slub_debug和kasan有一定的重复,部分slub_debug问题需要借助slabinfo去发现;kasan更快,所有问题独立上
[内核内存] linux内核态内存检测技术
菁的博客
05-19 1732
文章目录1 slub_debug**内核配置****slabinfo工具编译****系统加载内核启动参数 ****功能****实例****右越界访问:****slub_debug实现原理** linux常见的内存错误访问: 越界访问(out of bounds) 访问已经释放的内存(use after free) 重复释放 内存泄露(memory leak) 栈溢出(stack overflow) a. 对于内核内存泄露问题--->kmemleak工具 b. 对越界访问,重复释放,栈溢出和访问已
宋牧春: Linux内核slab内存的越界检查——SLUB_DEBUG
Linux阅码场
02-08 7532
本文简介:SLAB内存分配器-SLUBDEBUG功能,如何帮忙检测内存越界(out-of-bounds)和访问已经释放的内存(use-after-free)。本文目录:1. 前言2. SLUB DEBUG功能3. object layout4. SLUB DEBUG原理5. slabinfo作者简介:宋牧春,linux内核爱好者,2017年6月本科毕业于江苏大学。现就职于一家手机研发公司,任职B
Linux内存管理 (22)内存检测技术(slub_debug/kmemleak/kasan)【转】
weixin_34245749的博客
03-21 457
转自:https://www.cnblogs.com/arnoldlu/p/8568090.html 专题:Linux内存管理专题 关键词:slub_debug、kmemleak、kasan、oob、Redzone、Padding。 Linux常见的内存访问错误有: 越界访问(out of bounds) 访问已经释放的内存(use after free) 重复释放 ...
slub debug(linux4.16.1)
qq_42693685的博客
05-14 626
slub debug
SLUB DEBUG分析内存泄漏
ID2442512720的博客
06-16 1910
内存泄漏问题一般不能一蹴而就,首先是要在偌大的系统中,缩小发生异常的范围。当可以基于某个小范围着手定位具体的异常位置后,需要想方设法结合模块的功能业务,代码逻辑制定排查方法,一点点寻找。
CONFIG_SLUB_DEBUG
07-11
CONFIG_SLUB_DEBUG 是 Linux 内核的一个配置选项,用于启用或禁用 SLUB 分配器的调试功能。 SLUB(SLAB Allocator)是 Linux 内核中的一种内存分配器,用于动态分配和管理内核对象的内存。SLUB 分配器的调试功能...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值