使用 lkdtm 内核模块进行内核崩溃测试

最新推荐文章于 2024-04-30 17:02:38 发布

longyu_wlz

最新推荐文章于 2024-04-30 17:02:38 发布

阅读量653

点赞数

分类专栏： Linux 文章标签： linux lkdtm 内核崩溃 oops softlock

本文链接：https://blog.csdn.net/Longyu_wlz/article/details/125955389

版权

Linux 专栏收录该内容

142 篇文章 13 订阅

订阅专栏

内核源码位置

drivers/misc/lkdtm

测试环境

debian10 vmware 虚拟机

内核配置参数

CONFIG_LKDTM

使用方法

加载模块的时候指定参数触发异常
模块加载后通过 debugfs 文件操作来触发异常
示例命令如下：

    mount -t debugfs debugfs /sys/kernel/debug
    echo EXCEPTION > /sys/kernel/debug/provoke-crash/INT_HARDWARE_ENTRY

使用示例

加载 lkdtm 内核模块

执行 insmod lkdtm.ko 命令加载之。

写入 sys 文件，触发内核 crash

触发 EXEC_STACK 异常：

    root@debian:/sys/kernel/debug/provoke-crash# echo EXEC_STACK > INT_HARDWARE_ENTRY
    [  256.275861] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 9 rounds
    root@debian:/sys/kernel/debug/provoke-crash# [  256.278619] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 8 rounds
    [  256.284414] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 7 rounds
    [  256.415029] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 6 rounds
    ................................................................................................
    [  256.858127] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 1 rounds
    [  256.872340] lkdtm: Crash point INT_HARDWARE_ENTRY of type EXEC_STACK hit, trigger in 0 rounds
    [  256.874736] lkdtm: attempting ok execution at ffffffffc070b8a0
    [  256.876703] lkdtm: attempting bad execution at ffff899c7bc43e78
    [  256.878628] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
    [  256.880441] BUG: unable to handle kernel paging request at ffff899c7bc43e78
    [  256.882056] PGD 21202067 P4D 21202067 PUD 21206067 PMD 800000007bc000e3
    [  256.883743] Oops: 0011 [#1] SMP PTI
    [  256.884544] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G           OE     4.19.0-18-amd64 #1 Debian 4.19.208-1
    [  256.886766] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019
    [  256.889292] RIP: 0010:0xffff899c7bc43e78
    [  256.890481] Code: ff ff 10 00 00 00 00 00 00 00 46 00 01 00 00 00 00 00 70 3e c4 7b 9c 89 ff ff 18 00 00 00 00 00 00 00 a4 c5 70 c0 ff ff ff ff <0f> 1f 44 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53
    [  256.895082] RSP: 0018:ffff899c7bc43e70 EFLAGS: 00010046
    ..............................................................................
    [  256.915046] Call Trace:
    [  256.915801]  <IRQ>
    [  256.916433]  ? lkdtm_EXEC_STACK+0x26/0x40 [lkdtm]
    [  256.917657]  ? lkdtm_kprobe_handler+0xa4/0xc0 [lkdtm]
    [  256.919327]  ? kprobe_ftrace_handler+0x92/0xf0
    [  256.921424]  ? ftrace_ops_assist_func+0x7e/0x120
    [  256.922945]  ? rebalance_domains+0x274/0x2c0
    [  256.924618]  ? 0xffffffffc01700bf
    [  256.925600]  ? __sched_text_end+0x7/0x7
    [  256.926581]  ? common_interrupt+0xa/0xf
    [  256.927747]  ? do_IRQ+0x1/0xe0
    [  256.928757]  ? do_IRQ+0x5/0xe0
    [  256.929817]  ? common_interrupt+0xf/0xf
    [  256.931096]  </IRQ>
    .....................................................

触发 HARDLOCKUP 异常：

root@debian://sys/kernel/debug/provoke-crash# echo HARDLOCKUP > INT_HARDWARE_ENTRY
[   99.455223] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 9 rounds
root@debian://sys/kernel/debug/provoke-crash# [   99.458569] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 8 rounds
[   99.517818] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 7 rounds
[   99.702486] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 6 rounds
[   99.903978] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 5 rounds
................................................................................................
[  100.188117] lkdtm: Crash point INT_HARDWARE_ENTRY of type HARDLOCKUP hit, trigger in 0 rounds
[  125.364108] rcu: INFO: rcu_sched self-detected stall on CPU
[  125.366256] rcu:     2-....: (5249 ticks this GP) idle=70a/1/0x4000000000000002 softirq=6036/6036 fqs=2551
[  125.369938] rcu:      (t=5250 jiffies g=7421 q=123)
[  125.371442] NMI backtrace for cpu 2
[  125.372564] CPU: 2 PID: 300 Comm: kworker/2:2 Tainted: G           OE     4.19.0-18-amd64 #1 Debian 4.19.208-1
[  125.375570] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019
[  125.378761] Workqueue: events netstamp_clear
[  125.380100] Call Trace:
[  125.380931]  <IRQ>
[  125.381491]  dump_stack+0x66/0x81
[  125.382391]  nmi_cpu_backtrace.cold.4+0x13/0x50
[  125.383787]  ? lapic_can_unplug_cpu+0x80/0x80
[  125.385224]  nmi_trigger_cpumask_backtrace+0xf9/0x100
[  125.386747]  rcu_dump_cpu_stacks+0x9b/0xcb
[  125.387906]  rcu_check_callbacks.cold.81+0x1db/0x335
[  125.389275]  ? tick_sched_do_timer+0x60/0x60
[  125.390794]  update_process_times+0x28/0x60
[  125.392255]  tick_sched_handle+0x22/0x60
[  125.393266]  tick_sched_timer+0x37/0x70
[  125.394187]  __hrtimer_run_queues+0x100/0x280
[  125.395516]  hrtimer_interrupt+0x100/0x210
[  125.396531]  smp_apic_timer_interrupt+0x6a/0x140
[  125.397634]  apic_timer_interrupt+0xf/0x20
[  125.398643]  </IRQ>
..........................................................