这是我做的:
malloc()在堆上分配内存并使用特定的字符模式填充它,然后拼出malloc()返回的地址。将进程ID和内存块的地址传递给内核模块,如下所示:
int init_module(void) {
int res = 0;
struct page *data_page;
struct task_struct *task = NULL;
struct vm_area_struct *next_vma;
struct mm_struct *mm;
task = pid_task(find_vpid(pid), PIDTYPE_PID);
if (pid != -1)
target_process_id = pid;
if (!task) {
printk("Could not find the task struct for process id %d\n", pid);
return 0;
} else {
printk("Found the task <%s>\n", task->comm);
}
mm = task->mm;
if (!mm) {
printk("Could not find the mmap struct for process id %d\n", pid);
return 0;
}
next_vma = find_vma(mm, addr);
down_read(&task->mm->mmap_sem);
res = get_user_pages(task, task->mm, addr, 1, 1, 1, &data_page, NULL);
if (res != 1) {
printk(KERN_INFO "get_user_pages error\n");
up_read(&task->mm->mmap_sem);
return 0;
} else {
printk("Found vma struct and it starts at: %lu\n", next_vma->vm_start);
}
flush_cache_range(next_vma,next_vma->vm_start,next_vma->vm_end);
flush_tlb_range(next_vma,next_vma->vm_start,next_vma->vm_end);
up_read(&task->mm->mmap_sem);
return 0;
}
我将printk()语句添加到Linux内核中的handle_mm_fault()函数中,以跟踪由target_process_id(上面的变量定义之后的第3行代码)引起的页面错误。像这样:
if (unlikely(current->pid == target_process_id))
printk("Target process <%d> generated a page fault at address %lu\n", current->pid, address);
现在,我注意到最后一个printk()语句没有捕获任何内容。
函数init_module是内核模块的初始化函数。它使用insmod ...使用命令insmod module.ko pid=<processId> addr=<address>
知道可能出现什么问题吗?