Game of Threads POC【源码分析】

最新推荐文章于 2022-10-27 10:23:43 发布
最新推荐文章于 2022-10-27 10:23:43 发布
阅读量1.1k 收藏
点赞数
分类专栏: Intel SGX
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/clh14281055/article/details/109382041
版权

原版(https://github.com/FPSG-UIUC/hogwild_pytorch/tree/master/sgx-poc)的有些BUG。

也可以参考https://github.com/LihengChen9/Game_of_Threads

作者给内核加了些东西——4.4.0-101.124.patch

去掉针对【__do_page_fault】、【do_page_fault】、【trace_do_page_fault】的【NOKPROBE_SYMBOL】宏,允许针对这几个函数kprobe。(似乎没有必要,因为并不对这些函数kprobe)

在【handle_pte_fault】中插入作者编写的【notify_attack】函数,目的是kprobe【notify_attack】时,错误页已经被记录到寄存器【RDI】,可以直接从kprobe处理句柄的上下文环境参数中读取。也就是便于kprobe处理句柄能够知道错误页具体是哪个。

【EXPORT_SYMBOL】导出【fault_pte】、【notify_attack】这两个符号。(导出【fault_pte】似乎每必要?)

页错误的流程(Kernel4.4)是:页错误->IDT入口【page_fault】->【trace_do_page_fault】(如果CONFIG_TRACING开启)/【do_page_fault】(如果CONFIG_TRACING未开启)->【__do_page_fault】->【handle_mm_fault】->【__handle_mm_fault】->【handle_pte_fault】->【notify_attack】->kprobe handler

页错误的流程(Kernel5.4)是:页错误->IDT入口【page_fault】->【do_page_fault】->【__do_page_fault】->【do_user_addr_fault】->【handle_mm_fault】->【__handle_mm_fault】->【handle_pte_fault】->【notify_attack】->kprobe handler

初始化

设置SIGTERM信号句柄

使用【sigaction】来自定义SIGTERM的处理句柄。

后续会创建若干个模拟ASGD的线程,当除了Hijacked线程外其他线程都完成了操作【模拟ASDG中“计算模型更新和应用更新”】并退出后,Hijacked线程会在Nuke驱动中发送SIGTERM给它的用户态,让这个Hijacked线程也终止(通过设置Kill标志位为1,使得线程在Enclave中的循环迅速结束,并使得线程迅速结束)。

构建【sealed_buf】,也被作者称为Model

给【sealed_buf】指针在堆中分配内存,并且地址按照4KB对齐(使用【posix_memalign】)

读取CIFAR10数据

从CIFAR10数据集读取训练数据的Image和训练数据的Label,填充到【struct data】,每个Image大小是3K字节,但是【struct data.images】中为每个Image预留4K字节。

打开Nuke驱动的设备句柄

打开/dev/nuke_channel,设备被打开的计数++。使用【try_module_get】以防驱动使用期间被移除。

让Nuke驱动保存Image虚拟地址,并清除对应PTE的P位

对于感兴趣的(Label为0)的Image,将Image的内存起始地址(若干个Image是之前被连续分配到堆上的,【struct data.images】)传给Nuke驱动。【IOCTL请求码为APPEND_ADDR】

Nuke驱动存储地址信息到Nuke信息链表中,并清除虚拟地址对应的PTE的P位(PTE Flag中_PAGE_PRESENT(Bit 0)清零、_PAGE_PROTNONE(Bit 8)置位、【invlpg】清除虚拟地址的TLB项)。

#define _PAGE_BIT_GLOBAL	8	/* Global TLB entry PPro+ */
......
/* If _PAGE_BIT_PRESENT is clear, we use these: */
/* - if the user mapped it with PROT_NONE; pte_present gives true */
#define _PAGE_BIT_PROTNONE	_PAGE_BIT_GLOBAL

清P位便于后续触发页错误,进而进入到【notify_attack】(抢先于OS处理PTE错误的逻辑),这个函数使用kprobe调试。

初始化全局数据

从文件【Enclave.token】获取【sgx_launch_token_t】结构,如果获取失败,则清零再使用。(事实上,新版SGX中,Token参数已经被废弃了,Enclave创建过程中会动态生成)

将【sealed_buf】初始化,其中会涉及变长结构体。

加载及初始化Enclave

加载【libenclave.signed.so】这个Enclave镜像。

进入Enclave完成一些初始化操作,将【g_secret】设置为0。(【g_secret】充当神经网络中的模型,也就是有待训练更新的参数)

Nuke驱动存储【sealed_buf】的虚拟地址(到全局Nuke信息节点【sepcial】),并清除其P位

请求码【PASS_SPECIAL_ADDR】

计数器数组项均初始化为0。

到此APP、Enclave、Nuke驱动中的变量初始化完毕。

开始侧信道攻击

开启侧信道攻击

IOCTL请求码【START_MONITORING】,将Nuke驱动中的全局标志符【monitoring】置为1。

创建若干线程,模拟ASGD过程

创建多个线程。并且将Kill标志符数组项均初始化为0(代表当前不需要Kill),每一项对应一个线程,对应关系为【tid】->【kill_thread[tid % THREAD_NUM]】。

每个线程的入口函数是【thread_func】,后续会进入到Enclave中。

每个线程

触发Model(【sepcial】)的页错误,为后续ASGD中的Image页错误及相关暂停原语作准备。

随机抽取Mini-Batch。

遍历Image Batch中每个Image的Pixel,对Image标签为0的Iamge的数量进行记录。模拟读取数据集求梯度下降(Compute Update)的过程。我们之前对标签为0的Image清P位了,因此会触发Image的页错误。

每个线程将全局的【g_secret】加上(自己的Index值+1)后重新保存到全局的【g_secret】。模拟ASGD中本地更新提交到模型(Apply Update)的过程。

将【g_secret】密封起来,存到【sealed_buf】中。

以上为一次Mini-Batch的过程。每轮(Epoch)中会抽取Mini-Batch(50000/128)次,共执行100轮。模拟循环训练(Repeat)的过程。(如果Kill标志符号为1,那么就不再循环训练)

主线程等待各个线程结束训练

等待各个线程结束训练。

最终会有一个线程成为Hijacked线程,此时其他线程恢复正常,进行“训练”。

如果只剩一个线程没结束(那个线程就是Hijacked线程),那么让它执行最后一次Model页错误,目的是还原所有Image或Model的页Flag。

页错误用作暂停原语间接调度线程——kprobe post_handler

总结起来,这总的目的是首先筛选出2个线程略作暂停,剩下一个线程运行几次训练之后模拟被劫持了,一旦最后一个线程被劫持了,剩下两个线程就开始模拟ASGD训练,最终会退出,两个线程退出后,让之前被劫持的线程恢复执行最后一轮迭代,主要是将之前Image、Model的Flag恢复,然后通过send_sig终止这个之前被劫持的线程。

代码内容大致如下:

页错误用作暂停原语间接调度线程——kprobe post_handler

kprobe获取错误页。

如果监视标志符开启,那么进行监视。

Model页错误(初始化每个进入内核态的线程)

新建线程会率先触发这个,会完成初始化操作,当所有线程都初始化完毕,就会去选出2个Halted线程,一个Hijacked线程。

初始化内容如下:

将【counter[tid % 3]】这个计数器数组项加一(最终所有的新建线程会使这个计数器数组项均非零)。

Image页错误计数器清零。

将Model页P位恢复。

如果【last_iteration】为0(这个标志符号的下面会讲,这里的情况是最常见的逻辑),将所有Image虚拟地址清P位,为后续ASGD中Image页错误及相关暂停原语作准备。

如果【last_iteration】为1,那么除了Hijacked线程外,其他线程均退出了,表示整个攻击模拟的工作可以结束了。因此恢复Model和Image的P位。并发送SIGTERM终止当前线程(处理句柄会置位对应的Kill标志符)。

Image页错误

如果Image页错误,那么恢复Image的P位,清Model的P位,确保下次(还没有初始化的线程)触发Model页错误,确保线程都能够初始化完毕。

如果计数器数组三个项都被置位,那么就选出两个Halted线程先暂时阻塞,让最后一个线程成为Hijacked线程。然后这两个Halted线程就会恢复运行,直到训练结束并退出。最后Hijacked线程等到其他线程均退出时,通过send_sig退出。

页错误处理中又发生错误,fault-on-fault

/*
 * handler_fault is invoked in the case of a nested page fault while we were
 * executing the kprobes trampoline code (see post_handler).
 * Usually this means that we tried to access an address we shouldn't. In this
 * scenario we stop the attack gracefully. In normal operation fault-on-fault
 * should not be triggered.
 */

将错误页P位恢复,将监视标志符关闭,返回到kprobe句柄中。

成功的Dmesg信息,似乎也有问题

[  142.283625] Storing addr 00000000a4aa5278
[  142.283627] Storing addr 0000000080a62f77
[  142.283628] Storing addr 00000000a38652d6
[  142.283630] Storing addr 00000000b8060a3b
[  142.283631] Storing addr 0000000015a7949f
[  142.283632] Storing addr 000000008481ae26
[  142.283633] Storing addr 00000000c97d01ac
[  142.283634] Storing addr 000000009f6d469d
[  142.283635] Storing addr 000000006bf57679
[  142.283636] Storing addr 00000000a401bf63
[  142.283637] Storing addr 000000003ffbf747
[  142.283638] Storing addr 0000000030df17f1
[  142.283640] Storing addr 00000000b223ed6b
[  142.283641] Storing addr 00000000876111eb
[  142.283642] Storing addr 000000001d186ce3
[  142.283643] Storing addr 000000004c24083d
[  142.283644] Storing addr 00000000a63661a8
[  142.283645] Storing addr 00000000769a939d
[  142.283646] Storing addr 0000000029f10630
[  142.283647] Storing addr 000000006acad929
[  142.283648] Storing addr 000000005e8d1ba6
[  142.283650] Storing addr 00000000ea466332
[  142.283651] Storing addr 00000000ba9e48f5
[  142.283652] Storing addr 00000000b9fcc912
[  142.283653] Storing addr 000000005ae47844
[  142.283654] Storing addr 00000000ddecf4fb
[  142.283655] Storing addr 00000000663ef4c7
[  142.283656] Storing addr 00000000611d0c57
[  142.283657] Storing addr 000000000e9cdd39
[  142.283658] Storing addr 00000000723a10ec
[  142.283659] Storing addr 00000000dc573653
[  142.283660] Storing addr 000000002c0c37f6
[  142.283661] Storing addr 00000000622d2ef1
[  142.283662] Storing addr 000000004d147bec
[  142.283664] Storing addr 00000000345e9209
[  142.283665] Storing addr 00000000c11106cd
[  142.283666] Storing addr 000000000597a8c4
[  142.283667] Storing addr 00000000f618284d
[  142.283668] Storing addr 00000000a40f42d8
[  142.283669] Storing addr 0000000071c3f23a
[  142.283670] Storing addr 00000000b54d8ad0
[  142.283671] Storing addr 000000002e607a86
[  142.283672] Storing addr 00000000601cc0db
[  142.283673] Storing addr 00000000ac3292e3
[  142.283674] Storing addr 000000001453bb10
[  142.283675] Storing addr 0000000039f2ea02
[  142.283676] Storing addr 00000000104d9cee
[  142.283677] Storing addr 000000008e821070
[  142.283679] Storing addr 00000000c04b1ba6
[  142.283680] Storing addr 0000000049281de3
[  142.283681] Storing addr 000000006bdc06fd
[  142.283682] Storing addr 00000000fbbf6305
[  142.283683] Storing addr 000000009b6515ef
[  142.283684] Storing addr 00000000256c0872
[  142.283685] Storing addr 0000000094af552e
[  142.283686] Storing addr 00000000049d483e
[  142.283687] Storing addr 0000000028ff4369
[  142.283688] Storing addr 000000002f89c288
[  142.283689] Storing addr 000000003cfe718d
[  142.283691] Storing addr 000000004ac568bd
[  142.283692] Storing addr 000000004ca07ad1
[  142.283693] Storing addr 00000000fcad3212
[  142.283695] Storing addr 000000009b330cfe
[  142.283696] Storing addr 000000005739f935
[  142.283697] Storing addr 0000000073df0ac2
[  142.283698] Storing addr 00000000f4d3c92e
[  142.283699] Storing addr 000000008e0c4889
[  142.283700] Storing addr 000000004e358bd5
[  142.283701] Storing addr 0000000092aa7619
[  142.283702] Storing addr 00000000e85e9a0a
[  142.283703] Storing addr 0000000033d2e23b
[  142.283704] Storing addr 0000000095481ec5
[  142.283706] Storing addr 00000000b23bf43b
[  142.283707] Storing addr 00000000763a7595
[  142.283708] Storing addr 00000000e0e46655
[  142.283709] Storing addr 00000000a0475bee
[  142.283710] Storing addr 0000000061413655
[  142.283711] Storing addr 0000000003f0a6aa
[  142.283712] Storing addr 000000009df99c15
[  142.283713] Storing addr 000000001f81079b
[  142.283715] Storing addr 00000000a334729c
[  142.283716] Storing addr 000000004f5f4763
[  142.283717] Storing addr 000000003a03418c
[  142.283718] Storing addr 0000000057d3391c
[  142.283719] Storing addr 00000000c31158f5
[  142.283720] Storing addr 000000005ca24a14
[  142.283721] Storing addr 000000007f033cfc
[  142.283722] Storing addr 0000000080c05487
[  142.283724] Storing addr 00000000567df468
[  142.283725] Storing addr 00000000e9e1516c
[  142.283726] Storing addr 000000003e2a8da6
[  142.283727] Storing addr 00000000c04441c1
[  142.283728] Storing addr 00000000f799aca8
[  142.283730] Storing addr 0000000077f7f0ab
[  142.283731] Storing addr 0000000092c1752f
[  142.283732] Storing addr 000000007197cc7d
[  142.283733] Storing addr 000000004b39b84c
[  142.283734] Storing addr 000000009bb3ebdf
[  142.283735] Storing addr 00000000907c21b7
[  142.283736] Storing addr 00000000005c8cb0
[  142.283738] Storing addr 00000000b7af6bbd
[  142.283739] Storing addr 00000000ca3c78a4
[  142.283740] Storing addr 000000001f3d0e3e
[  142.283742] Storing addr 00000000074ff52d
[  142.283743] Storing addr 000000000a6ec05c
[  142.283744] Storing addr 000000008d11176e
[  142.283745] Storing addr 0000000049265d5b
[  142.283746] Storing addr 00000000c5a9b412
[  142.283747] Storing addr 000000001350105d
[  142.283749] Storing addr 00000000a64cec2d
[  142.283750] Storing addr 00000000f1900aab
[  142.283751] Storing addr 00000000f52eed50
[  142.283752] Storing addr 000000007564d657
[  142.283753] Storing addr 00000000d105b61f
[  142.283755] Storing addr 00000000d6ea497e
[  142.283756] Storing addr 00000000307e6797
[  142.283757] Storing addr 000000006ef39d6b
[  142.283758] Storing addr 00000000128b89bb
[  142.283759] Storing addr 0000000076fd4fd3
[  142.283760] Storing addr 00000000d043e584
[  142.283762] Storing addr 000000005194d5af
[  142.283763] Storing addr 000000004074404e
[  142.283764] Storing addr 000000004abfbed8
[  142.283765] Storing addr 00000000fd2dea66
[  142.283767] Storing addr 0000000093c1cc64
[  142.283768] Storing addr 00000000ef791875
[  142.283769] Storing addr 00000000e4fd8ed7
[  142.283770] Storing addr 00000000dc7e2d6c
[  142.283771] Storing addr 000000003e1c3292
[  142.283773] Storing addr 0000000051148178
[  142.283774] Storing addr 000000002fe414f2
[  142.283775] Storing addr 00000000bb330051
[  142.283776] Storing addr 00000000d3dae873
[  142.283777] Storing addr 00000000da9af6e8
[  142.283778] Storing addr 0000000081e0f746
[  142.283780] Storing addr 000000002022c333
[  142.283781] Storing addr 0000000015311949
[  142.283785] Storing addr 000000009e4c9825
[  142.283786] Storing addr 00000000f486d1eb
[  142.283787] Storing addr 0000000007d61881
[  142.283788] Storing addr 0000000033140a88
[  142.283790] Storing addr 00000000fb1b9b46
[  142.283791] Storing addr 000000003e7d6a17
[  142.283792] Storing addr 0000000025f7bb19
[  142.283793] Storing addr 00000000ce7b1f43
[  142.283794] Storing addr 000000000b19f057
[  142.283795] Storing addr 000000004e172df4
[  142.283797] Storing addr 0000000058cc6d25
[  142.283798] Storing addr 00000000c6b5e8f7
[  142.283799] Storing addr 00000000e9bd0f4b
[  142.283800] Storing addr 00000000f1dec147
[  142.283801] Storing addr 00000000350057de
[  142.283802] Storing addr 000000003c0806a2
[  142.283803] Storing addr 00000000cc9639b0
[  142.283805] Storing addr 0000000077a82baa
[  142.298075] Storing special addr 00000000c4b849cb
[  142.298079] On the lookout for page faults of the stored addresses
[  142.298259] Called hijacked pthread join
[  142.300111] Halting thread 2366
[  142.301738] Halting thread 2367
[  142.428212] Thread hijacked, putting it to sleep and waking up other threads now
[  142.428244] 2367 has been woken up!
[  142.428263] 2366 has been woken up!
[  142.437998] fault-on-fault
[  142.437999] fault-on-fault
[  142.438018] fault-on-fault
[  142.438018] fault-on-fault
[  143.116030] xhci_hcd 0000:3a:00.0: Refused to change power state, currently in D3
[  143.200031] xhci_hcd 0000:3a:00.0: Refused to change power state, currently in D3
[  143.200054] xhci_hcd 0000:3a:00.0: Controller not ready at resume -19
[  143.200055] xhci_hcd 0000:3a:00.0: PCI post-resume error -19!
[  143.200056] xhci_hcd 0000:3a:00.0: HC died; cleaning up
[  147.014170] xhci_hcd 0000:3a:00.0: remove, state 4
[  147.014173] usb usb4: USB disconnect, device number 1
[  147.014294] xhci_hcd 0000:3a:00.0: USB bus 4 deregistered
[  147.014297] xhci_hcd 0000:3a:00.0: remove, state 4
[  147.014298] usb usb3: USB disconnect, device number 1
[  147.014385] xhci_hcd 0000:3a:00.0: Host halt failed, -19
[  147.014388] xhci_hcd 0000:3a:00.0: Host not accessible, reset failed.
[  147.014450] xhci_hcd 0000:3a:00.0: USB bus 3 deregistered
[  147.016544] fault-on-fault
[  147.560968] pci_bus 0000:03: Allocating resources
[  147.560989] pcieport 0000:03:01.0: bridge window [io  0x1000-0x0fff] to [bus 05-39] add_size 1000
[  147.560990] pcieport 0000:03:02.0: bridge window [io  0x1000-0x0fff] to [bus 3a] add_size 1000
[  147.560992] pcieport 0000:03:02.0: bridge window [mem 0x00100000-0x000fffff 64bit pref] to [bus 3a] add_size 200000 add_align 100000
[  147.560994] pcieport 0000:02:00.0: bridge window [io  0x1000-0x0fff] to [bus 03-3a] add_size 3000
[  147.560997] pcieport 0000:02:00.0: BAR 13: no space for [io  size 0x3000]
[  147.560997] pcieport 0000:02:00.0: BAR 13: failed to assign [io  size 0x3000]
[  147.560998] pcieport 0000:02:00.0: BAR 13: no space for [io  size 0x3000]
[  147.560999] pcieport 0000:02:00.0: BAR 13: failed to assign [io  size 0x3000]
[  147.561001] pcieport 0000:03:02.0: BAR 15: no space for [mem size 0x00200000 64bit pref]
[  147.561002] pcieport 0000:03:02.0: BAR 15: failed to assign [mem size 0x00200000 64bit pref]
[  147.561002] pcieport 0000:03:01.0: BAR 13: no space for [io  size 0x1000]
[  147.561003] pcieport 0000:03:01.0: BAR 13: failed to assign [io  size 0x1000]
[  147.561004] pcieport 0000:03:02.0: BAR 13: no space for [io  size 0x1000]
[  147.561004] pcieport 0000:03:02.0: BAR 13: failed to assign [io  size 0x1000]
[  147.561006] pcieport 0000:03:02.0: BAR 15: no space for [mem size 0x00200000 64bit pref]
[  147.561006] pcieport 0000:03:02.0: BAR 15: failed to assign [mem size 0x00200000 64bit pref]
[  147.561007] pcieport 0000:03:02.0: BAR 13: no space for [io  size 0x1000]
[  147.561007] pcieport 0000:03:02.0: BAR 13: failed to assign [io  size 0x1000]
[  147.561008] pcieport 0000:03:01.0: BAR 13: no space for [io  size 0x1000]
[  147.561008] pcieport 0000:03:01.0: BAR 13: failed to assign [io  size 0x1000]
[  148.240797] pcieport 0000:03:00.0: Refused to change power state, currently in D3
[  150.201928] pcieport 0000:03:00.0: Refused to change power state, currently in D3
[  150.202073] pci_bus 0000:04: busn_res: [bus 04] is released
[  150.202106] pci_bus 0000:05: busn_res: [bus 05-39] is released
[  150.202131] pci_bus 0000:3a: busn_res: [bus 3a] is released
[  150.203653] pci_bus 0000:03: busn_res: [bus 03-3a] is released
[  150.208994] fault-on-fault
[  150.209163] fault-on-fault
[  150.209166] BUG: unable to handle page fault for address: ffff920b68a383d9
[  150.209168] #PF: supervisor read access in kernel mode
[  150.209169] #PF: error_code(0x0000) - not-present page
[  150.209170] PGD 180205067 P4D 180205067 PUD 0 
[  150.209172] Oops: 0000 [#1] SMP PTI
[  150.209173] CPU: 3 PID: 2384 Comm: systemd-udevd Tainted: G           OE     5.4.0 #1
[  150.209174] Hardware name: Dell Inc. Inspiron 7590/08717F, BIOS 1.7.0 06/30/2020
[  150.209177] RIP: 0010:__task_pid_nr_ns+0x7f/0x90
[  150.209178] Code: eb d6 65 48 8b 04 25 c0 6b 01 00 48 8b 88 28 09 00 00 48 85 c9 74 a2 8b 41 04 48 83 c0 05 48 c1 e0 04 48 83 bf 28 09 00 00 00 <48> 8b 54 01 08 75 92 31 c0 5d c3 8b 41 50 5d c3 90 0f 1f 44 00 00
[  150.209179] RSP: 0018:ffffae23c2117f18 EFLAGS: 00010286
[  150.209180] RAX: 0000000b00000050 RBX: 0000000000000000 RCX: ffff920068a38381
[  150.209180] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff920058ee2f80
[  150.209181] RBP: ffffae23c2117f18 R08: 0000000000000000 R09: 0000000000000000
[  150.209182] R10: 0000000000000000 R11: 0000000000000000 R12: ffffae23c2117f58
[  150.209182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.209183] FS:  00007fca185dc680(0000) GS:ffff92006d580000(0000) knlGS:0000000000000000
[  150.209184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.209184] CR2: ffff920b68a383d9 CR3: 00000004663f8004 CR4: 00000000001606e0
[  150.209185] Call Trace:
[  150.209188]  __ia32_sys_getpid+0x1e/0x30
[  150.209190]  do_syscall_64+0x57/0x190
[  150.209192]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  150.209193] RIP: 0033:0x7fca180c0937
[  150.209194] Code: e9 49 ff ff ff 44 89 f2 41 0f b7 4c 17 fe 66 89 4c 10 fe e9 36 ff ff ff e8 e6 f1 04 00 66 0f 1f 44 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[  150.209195] RSP: 002b:00007ffc2c11acd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[  150.209196] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fca180c0937
[  150.209196] RDX: 00000000ffffffff RSI: 00007fca183c6ca0 RDI: 0000000000000000
[  150.209197] RBP: 0000000000000000 R08: 0000000000000045 R09: 0000000000000018
[  150.209198] R10: 00005637645a5ec0 R11: 0000000000000246 R12: 0000000000000000
[  150.209198] R13: 000056376459d040 R14: 0000000000000000 R15: 0000563764585e90
[  150.209199] Modules linked in: nuke(OE) rfcomm thunderbolt ccm cmac bnep hid_multitouch snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iwlmvm snd_sof_pci snd_sof_intel_hda_common mac80211 snd_soc_hdac_hda snd_sof_intel_hda snd_sof_intel_byt crct10dif_pclmul snd_sof_intel_ipc crc32_pclmul snd_sof snd_sof_xtensa_dsp snd_hda_ext_core mei_hdcp ghash_clmulni_intel snd_soc_acpi_intel_match dell_laptop aesni_intel ledtrig_audio snd_soc_acpi intel_rapl_msr dell_smm_hwmon libarc4 snd_soc_core crypto_simd snd_compress ac97_bus cryptd glue_helper snd_pcm_dmaengine intel_cstate nouveau intel_rapl_perf nls_iso8859_1 i915 serio_raw snd_hda_intel snd_intel_nhlt snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq uvcvideo snd_seq_device videobuf2_vmalloc iwlwifi snd_timer videobuf2_memops videobuf2_v4l2 dell_wmi snd videobuf2_common alienware_wmi cfg80211 dell_smbios dcdbas
[  150.209216]  dell_wmi_descriptor wmi_bmof intel_wmi_thunderbolt soundcore videodev mxm_wmi btusb ttm btrtl btbcm btintel mc bluetooth drm_kms_helper input_leds intel_lpss_pci mei_me joydev intel_lpss idma64 mei drm virt_dma ecdh_generic ecc i2c_algo_bit fb_sys_fops cros_ec_ishtp syscopyarea cros_ec processor_thermal_device ucsi_acpi sysfillrect sysimgblt typec_ucsi intel_rapl_common intel_pch_thermal intel_soc_dts_iosf typec mac_hid int3403_thermal int340x_thermal_zone acpi_pad int3400_thermal intel_hid acpi_thermal_rel sparse_keymap sch_fq_codel isgx(OE) parport_pc ppdev lp parport ip_tables x_tables autofs4 usbhid hid_sensor_custom hid_sensor_hub hid_generic intel_ishtp_loader intel_ishtp_hid nvme ahci nvme_core libahci i2c_hid intel_ish_ipc intel_ishtp hid wmi video pinctrl_cannonlake pinctrl_intel
[  150.209234] CR2: ffff920b68a383d9
[  150.209235] ---[ end trace c737794a4b75f815 ]---
[  150.209236] RIP: 0010:__task_pid_nr_ns+0x7f/0x90
[  150.209237] Code: eb d6 65 48 8b 04 25 c0 6b 01 00 48 8b 88 28 09 00 00 48 85 c9 74 a2 8b 41 04 48 83 c0 05 48 c1 e0 04 48 83 bf 28 09 00 00 00 <48> 8b 54 01 08 75 92 31 c0 5d c3 8b 41 50 5d c3 90 0f 1f 44 00 00
[  150.209238] RSP: 0018:ffffae23c2117f18 EFLAGS: 00010286
[  150.209239] RAX: 0000000b00000050 RBX: 0000000000000000 RCX: ffff920068a38381
[  150.209239] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff920058ee2f80
[  150.209240] RBP: ffffae23c2117f18 R08: 0000000000000000 R09: 0000000000000000
[  150.209240] R10: 0000000000000000 R11: 0000000000000000 R12: ffffae23c2117f58
[  150.209241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.209242] FS:  00007fca185dc680(0000) GS:ffff92006d580000(0000) knlGS:0000000000000000
[  150.209242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.209243] CR2: ffff920b68a383d9 CR3: 00000004663f8004 CR4: 00000000001606e0
[  150.209355] fault-on-fault
[  150.209356] BUG: unable to handle page fault for address: ffff920b68a383d9
[  150.209357] #PF: supervisor read access in kernel mode
[  150.209357] #PF: error_code(0x0000) - not-present page
[  150.209358] PGD 180205067 P4D 180205067 PUD 0 
[  150.209359] Oops: 0000 [#2] SMP PTI
[  150.209360] CPU: 3 PID: 2384 Comm: systemd-udevd Tainted: G      D    OE     5.4.0 #1
[  150.209361] Hardware name: Dell Inc. Inspiron 7590/08717F, BIOS 1.7.0 06/30/2020
[  150.209362] RIP: 0010:task_active_pid_ns+0x21/0x30
[  150.209363] Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 97 28 09 00 00 55 48 89 e5 48 85 d2 74 12 8b 42 04 5d 48 83 c0 05 48 c1 e0 04 <48> 8b 44 02 08 c3 31 c0 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 48 85
[  150.209364] RSP: 0018:ffffae23c2117eb0 EFLAGS: 00010206
[  150.209364] RAX: 0000000b00000050 RBX: ffff920058ee2f80 RCX: 0000000000000f4b
[  150.209365] RDX: ffff920068a38381 RSI: 0000000000000001 RDI: ffff920058ee2f80
[  150.209366] RBP: ffffae23c2117ed0 R08: 0000000000000000 R09: ffffffffbc89ba00
[  150.209366] R10: ffffae23c2117db8 R11: 0000000000000001 R12: ffff92002c3d9100
[  150.209367] R13: ffff920058ee3a01 R14: ffff920058ee2f80 R15: ffff92002c3d9178
[  150.209368] FS:  0000000000000000(0000) GS:ffff92006d580000(0000) knlGS:0000000000000000
[  150.209368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.209369] CR2: ffff920b68a383d9 CR3: 000000017f80a002 CR4: 00000000001606e0
[  150.209369] Call Trace:
[  150.209371]  ? acct_process+0x1c/0x120
[  150.209373]  do_exit+0x7c1/0xba0
[  150.209374]  ? __task_pid_nr_ns+0x7f/0x90
[  150.209376]  rewind_stack_do_exit+0x17/0x20
[  150.209377] RIP: 0033:0x7fca180c0937
[  150.209378] fault-on-fault
[  150.209379] fault-on-fault
[  150.209380] Code: Bad RIP value.
[  150.209380] RSP: 002b:00007ffc2c11acd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[  150.209381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fca180c0937
[  150.209382] RDX: 00000000ffffffff RSI: 00007fca183c6ca0 RDI: 0000000000000000
[  150.209382] RBP: 0000000000000000 R08: 0000000000000045 R09: 0000000000000018
[  150.209383] R10: 00005637645a5ec0 R11: 0000000000000246 R12: 0000000000000000
[  150.209383] R13: 000056376459d040 R14: 0000000000000000 R15: 0000563764585e90
[  150.209384] Modules linked in: nuke(OE) rfcomm thunderbolt ccm cmac bnep hid_multitouch snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iwlmvm snd_sof_pci snd_sof_intel_hda_common mac80211 snd_soc_hdac_hda snd_sof_intel_hda snd_sof_intel_byt crct10dif_pclmul snd_sof_intel_ipc crc32_pclmul snd_sof snd_sof_xtensa_dsp snd_hda_ext_core mei_hdcp ghash_clmulni_intel snd_soc_acpi_intel_match dell_laptop aesni_intel ledtrig_audio snd_soc_acpi intel_rapl_msr dell_smm_hwmon libarc4 snd_soc_core crypto_simd snd_compress ac97_bus cryptd glue_helper snd_pcm_dmaengine intel_cstate nouveau intel_rapl_perf nls_iso8859_1 i915 serio_raw snd_hda_intel snd_intel_nhlt snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq uvcvideo snd_seq_device videobuf2_vmalloc iwlwifi snd_timer videobuf2_memops videobuf2_v4l2 dell_wmi snd videobuf2_common alienware_wmi cfg80211 dell_smbios dcdbas
[  150.209395]  dell_wmi_descriptor wmi_bmof intel_wmi_thunderbolt soundcore videodev mxm_wmi btusb ttm btrtl btbcm btintel mc bluetooth drm_kms_helper input_leds intel_lpss_pci mei_me joydev intel_lpss idma64 mei drm virt_dma ecdh_generic ecc i2c_algo_bit fb_sys_fops cros_ec_ishtp syscopyarea cros_ec processor_thermal_device ucsi_acpi sysfillrect sysimgblt typec_ucsi intel_rapl_common intel_pch_thermal intel_soc_dts_iosf typec mac_hid int3403_thermal int340x_thermal_zone acpi_pad int3400_thermal intel_hid acpi_thermal_rel sparse_keymap sch_fq_codel isgx(OE) parport_pc ppdev lp parport ip_tables x_tables autofs4 usbhid hid_sensor_custom hid_sensor_hub hid_generic intel_ishtp_loader intel_ishtp_hid nvme ahci nvme_core libahci i2c_hid intel_ish_ipc intel_ishtp hid wmi video pinctrl_cannonlake pinctrl_intel
[  150.209408] CR2: ffff920b68a383d9
[  150.209409] ---[ end trace c737794a4b75f816 ]---
[  150.209410] RIP: 0010:__task_pid_nr_ns+0x7f/0x90
[  150.209410] Code: eb d6 65 48 8b 04 25 c0 6b 01 00 48 8b 88 28 09 00 00 48 85 c9 74 a2 8b 41 04 48 83 c0 05 48 c1 e0 04 48 83 bf 28 09 00 00 00 <48> 8b 54 01 08 75 92 31 c0 5d c3 8b 41 50 5d c3 90 0f 1f 44 00 00
[  150.209411] RSP: 0018:ffffae23c2117f18 EFLAGS: 00010286
[  150.209412] RAX: 0000000b00000050 RBX: 0000000000000000 RCX: ffff920068a38381
[  150.209412] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff920058ee2f80
[  150.209413] RBP: ffffae23c2117f18 R08: 0000000000000000 R09: 0000000000000000
[  150.209413] R10: 0000000000000000 R11: 0000000000000000 R12: ffffae23c2117f58
[  150.209414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.209415] FS:  0000000000000000(0000) GS:ffff92006d580000(0000) knlGS:0000000000000000
[  150.209415] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.209416] CR2: 00007fca180c090d CR3: 000000017f80a002 CR4: 00000000001606e0
[  150.209417] Fixing recursive fault but reboot is needed!
[  165.184142] dell_wmi: Unknown WMI event type 0x12
[  194.454606] Called hijacked pthread join
[  194.454609] Called hijacked pthread join
[  194.454609] n-1 threads finished. Resuming last thread for one more iteration
[  194.454659] Now hijacked thread is resuming too!
[  194.454725] Last iteration done
[  194.454727] Sent SIGNAL with retval = 0
[  194.454813] Attack complete: I will forget everything you told me down here

 

小气球归来
关注
专栏目录
【sdx62】加载wifi驱动出现 Refused to change power state, currently in D3问题分析及解决方案
wgl307293845的博客
04-07 1840
问题log [ 68.590722] wlan: Loading driver v5.2.0.247A +TIMER_MANAGER +MEMORY_DEBUG; cld:; cmn:; dev:wlan [ 68.617968] msm_pcie_pm_control: PCIe: RC0: requested to resume when link is already powered on. [ 68.641154] cnss_pci 0000:03:00.0: Refused to
top命令源码分析
panwanning的博客
02-05 9447
阅读top命令源码 课设要求实现一个系统监控器,本来打算在mac上实现一个类似activity monitor的程序,但似乎mac系统并没有这么开源。还是linux系统下的/proc文件系统方便。 看了一部分top命令的实现(看了两三个小时头都大了。。。),稍微记录一下,便于未来翻阅。 top.c 首先查看main函数前面的配置部分函数,主要是窗口初始化和对命令对选项解析。 之前以为应该只需要一个...
rockchip启动的log
weixin_45591821的博客
10-27 4981
channel 0 CS = 0 MR0=0x18 MR4=0x1 MR5=0x1 MR8=0x8 MR12=0x72 MR14=0x72 MR18=0x0 MR19=0x0 MR24=0x8 MR25=0x0 CS = 1 MR0=0x18 MR4=0x1 MR5=0x1 MR8=0x8 MR12=0x72 MR14=0x72 MR18=0x0 MR19=0x0 MR24=0x8 MR25=0x0 channel 1 CS = 0 MR0=0x18
告警和日志信息监控
kongshuo的博客
05-27 309
查看大数据平台日志信息 查看大数据平台主机日志 [hadoop@master ~]$ cd /var/log [hadoop@master log]$ ll total 1180 drwxr-xr-x. 2 root root 4096 Mar 26 11:07 anaconda drwx------. 2 root root 23 Mar 26 11:09 audi...
T2080RDB-PC uboot 引导 Linux 内核启动
嵌入式系统项目分享
03-14 2915
T2080RDB-PC uboot 引导Linux 内核启动3162412793@qq.com技术交流QQ群: 691976956 U-Boot 2016.012.0+ga9b437f (May 15 2016- 01:38:26 +0800)CPU0:  T2080E, Version: 1.1,(0x85380011)Core:  e6500, Version: 2.0,(0x80400120...
Linux驱动开发之PCIe Host驱动
黑客三遍猪
08-11 6813
由于项目调试需要,需要移植新版本的驱动到旧版内核。 移植20180806到20171213 移植linux-xlnx-20180806内核pci文件夹、linux/include/pci.h到linux-xlnx-20171213内核,编译错误, net/core/rtnetlink.c:842:17: error: implicit declaration of function ‘dev...
Programming with POSIX Threads 英文版+ 中文版+源码
01-11
9. **源码**:提供的源码可能包含书中示例的实现,读者可以自行编译和运行,加深对理论的理解。 通过阅读《Programming with POSIX Threads》,开发者不仅可以学习到多线程编程的基础知识,还能获得解决实际并发...
Programming with POSIX Threads 源码
12-28
Programming with POSIX Threads源码,结合着书看,很好的。
ffmpeg学习七:avformat_find_stream_info函数源码分析
阳光玻璃杯
12-14 1万+
前面两篇文章分析avformat_open_input和avcodec_open2两个函数,我们所做的函数分析工作都是为了能够很好的理解前面一篇博客:ffmpeg学习四:写第一个程序-视频解码中所给的视频解码的程序。avformat_find_stream_info函数也是视频解码程序中必须要有的函数,因此这篇文章主要来分析这个函数。一、功能简介先看看avformat_find_stream_inf
工作问题案例:设备关机变重启
龙瑜的博客
01-02 638
问题描述 最近处理一现场反馈时,有遇到关机变重启的问题。现象是执行关机命令,但是却因为某种原因变为了重启,复现的概率非常大。 问题初步定位过程 最开始的怀疑方向在软件层面,做了如下尝试: 使用其它的关机命令 无效 使用关机命令的不同参数 无效 使用 sysrq 的关机命令 sysrq 关机可以执行如下命令,经过确认现场的设备内核配置未开启 sysrq-trigger 功能。 echo 1 > /proc/sys/kernel/sysrq; echo o > /proc/sysrq-trig
Archlinux安装配置以及遇到的问题
weixin_34144848的博客
01-07 1758
一、准备 1.下载镜像 到这里下载最新的iso镜像文件,使用poweriso或者dd刻录到U盘。可以用lsblk看一下U盘的设备名,把sdx改成对应的。刻录之前确保U盘没有挂载,要是Ubuntu插上会自动挂载,用umount /dev/sdx取消挂载就好。 # dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress oflag=...
signature=fd45b8c9a90eebce5d855f07302ab4ee,195039 – Samsung PM951 NVMe sudden controller death
weixin_42517137的博客
05-29 1509
Hans L2020-02-13 03:17:50 UTCI'm not sure if I have the exact same problem as OP, but I've been struggling with NVMe stability issues ever since I put together this Ryzen desktop computer around July ...
PCIE配置失败,提示 pci 0000:01:00.0: BAR 4: no space for [mem size 0x00200000]
热门推荐
tea1896的专栏
03-16 1万+
这个原因是因为分配给PCI的空间,小于分配给BAR的空间,导致空间不够。 需要在逻辑组件的PCIE-RC属性里边重新设置参数,使得PCI寻址范围大于BAR空间大小。
记一次由PCI BAR配置不正确引发的硬盘IO调度io_schedule阻塞的经历
李迟的专栏
05-08 2634
五一前,接到一个bug,大意是说设备接固态硬盘时跑新内核会出现卡死导致WDT复位,使用旧内核没问题。新内核是去年年底别人编译的,旧内核是3年前现在已离职2年的人编译的,现在安排我解决这个问题。但其时正在进行其他部门的紧急测试任务,于是请求节后解决。我最近的计划是学习以太网驱动,而五一没什么计划就去看了,本来想研究SCSI的,但先等查问题后再说吧。
临时存储
FAN的专栏
04-25 2778
[ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] Linux version 3.10.0-327.36.2.el7.x86_64
附加属性出现Failed to assign to property的问题
diechun5019的博客
11-13 1205
找了半天资料,最后发现把保护附加属性的类加上public就行了 转载于:https://www.cnblogs.com/yinyue200/p/6058095.html
Zynq-Linux移植学习-通过PCIE访问8750桥片EP节点MEM空间
qq_28446813的博客
09-09 1640
1、背景介绍 公司搭建pcie调试平台,想要通过pcie桥片使各个pcie设备通过pcie桥片实现mem空间互相访问。由于zynq7000系列只能例化出一个pcie核,所以采用的方式是:zynq例化出pcie 的RC IP核, 通过8750pcie桥片,访问ep pcie设备(这里我们用的是pcie转sata接口板)。 这里的fpga逻辑工程搭建xilinx官方有标准的流程。具体参考 Zynq PCI Express Root Complex design in Viv...
List the three common ways of mapping user threads to kernel threads.
最新发布
04-01
1. Many-to-one mapping: In this approach, multiple user-level threads are mapped onto a single kernel-level thread. The user-level thread management is handled entirely in user space, and the kernel has no knowledge of the user-level threads. This approach is simple to implement, but it suffers from poor performance and does not exploit the full potential of multi-core systems. 2. One-to-one mapping: In this approach, each user-level thread is mapped to a separate kernel-level thread. This approach provides better performance and scalability than the many-to-one approach, but it requires more system resources and incurs more overhead due to context switching. 3. Many-to-many mapping: This approach is a hybrid of the above two approaches. In this approach, multiple user-level threads are mapped onto an equal or smaller number of kernel-level threads. The user-level threads are managed in user space, and the kernel-level threads are managed in kernel space. This approach provides a balance between performance and resource utilization.
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值