netlink通信的问题

humengez

写了一个netlink的内核与用户空间通信的模块，编译没有问题，但是加载模块时出现了一些错误，内核模块部分的代码如下：

1. #include <linux/kernel.h>
   
2. #include <linux/module.h>
   
3. #include <linux/skbuff.h>
   
4. #include <linux/init.h>
   
5. #include <linux/ip.h>
   
6. #include <linux/types.h>
   
7. #include <linux/sched.h>
   
8. #include <net/sock.h>
   
9. #include <net/netlink.h>
   
10. #include <linux/kthread.h>
    
11. 
    
12. #define MAX_MSGSIZE 4096
    
13. 
    
14. MODULE_LICENSE("GPL");
    
15. MODULE_AUTHOR("Koorey King");
    
16. 
    
17. struct sock *nl_sk = NULL;
    
18. static struct task_struct *mythread = NULL;
    
19. 
    
20. void sendnlmsg(char *message)
    
21. {
    
22.     struct sk_buff *skb;
    
23.     struct nlmsghdr *nlh;
    
24.     //int len = NLMSG_SPACE(MAX_MSGSIZE);
    
25.     int slen = 0;
    
26. 
    
27.     if(!message || !nl_sk){
    
28.         return;
    
29.     }
    
30. 
    
31.     skb = nlmsg_new(MAX_MSGSIZE, GFP_KERNEL);
    
32.     if(!skb){
    
33.         printk(KERN_ERR "my_net_link: alloc_skb Error./n");
    
34.         return;
    
35.     }
    
36. 
    
37.     slen = strlen(message)+1;
    
38. 
    
39.     nlh = nlmsg_put(skb, 0, 0, 0, MAX_MSGSIZE, 0);
    
40. 
    
41.     NETLINK_CB(skb).portid = 0;
    
42.     NETLINK_CB(skb).dst_group = 5;
    
43. 
    
44.     message[slen] = '\0';
    
45.     memcpy(NLMSG_DATA(nlh), message, slen+1);
    
46. 
    
47.     netlink_broadcast(nl_sk, skb, 0,5, GFP_KERNEL);
    
48.     printk("send OK!\n");
    
49.     return;
    
50. }
    
51. 
    
52. static void recnldata (struct sock *sk, char *mydata)
    
53. {
    
54.     struct sk_buff *skb;
    
55.     struct nlmsghdr *nlh = NULL;
    
56. 
    
57.     while((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL)
    
58.     {
    
59.           nlh = (struct nlmsghdr *)skb->data;
    
60.           mydata = (char*)NLMSG_DATA(nlh);
    
61.           printk("%s: received netlink message payload: %s \n", __FUNCTION__, mydata);
    
62.           kfree_skb(skb);
    
63.     }
    
64.     printk("recvied finished!\n");
    
65. }
    
66. 
    
67. static int sending_thread(void *data)
    
68. {
    
69.      int i = 10;
    
70.      struct completion cmpl;
    
71.      while(i--){
    
72.             init_completion(&cmpl);
    
73.             wait_for_completion_timeout(&cmpl, 1 * HZ);
    
74.             sendnlmsg("I am from kernel!");
    
75.      }
    
76.      printk("sending thread exited!");
    
77.      return 0;
    
78. }
    
79. 
    
80. static int __init myinit_module(void)
    
81. {
    
82.     //struct netlink_kernel_cfg netlink_kerncfg = {
    
83.           // .input = recnldata,
    
84.     //};
    
85.     printk("my netlink in\n");
    
86.     nl_sk = netlink_kernel_create(&init_net,NETLINK_TEST,NULL);
    
87. 
    
88.     if(!nl_sk){
    
89.         printk(KERN_ERR "my_net_link: create netlink socket error.\n");
    
90.         return 1;
    
91.     }
    
92. 
    
93.     printk("my netlink: create netlink socket ok.\n");
    
94.     mythread = kthread_run(sending_thread,NULL,"thread_sender");
    
95.     return 0;
    
96. }
    
97. 
    
98. static void __exit mycleanup_module(void)
    
99. {
    
100.     if(nl_sk != NULL){
     
101.         sock_release(nl_sk->sk_socket);
     
102. }
     
103. printk("my netlink out!\n");
     
104. }
     
105. 
     
106. module_init(myinit_module);
     
107. module_exit(mycleanup_module);

复制代码

加载模块后dmesg信息如下：
[ 5927.075021] my netlink in
[ 5927.075031] my netlink: create netlink socket ok.
[ 5928.073283] BUG: unable to handle kernel paging request at f87740c4
[ 5928.073288] IP: [<f8773076>] sendnlmsg+0x76/0x110 [kernelspace]
[ 5928.073292] *pdpt = 0000000001a45001 *pde = 0000000036a74067 *pte = 800000007dc00161
[ 5928.073295] Oops: 0003 [#6] SMP
[ 5928.073297] Modules linked in: kernelspace(OF) coretemp crc32_pclmul(F) aesni_intel(F) aes_i586(F) xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) vmw_balloon(F) snd_ens1371 snd_ac97_codec microcode(F) ac97_bus gameport(F) psmouse(F) serio_raw(F) snd_pcm(F) snd_page_alloc(F) snd_seq_midi(F) snd_seq_midi_event(F) snd_rawmidi(F) snd_seq(F) snd_seq_device(F) snd_timer(F) ppdev(F) snd(F) bnep rfcomm btusb soundcore(F) vmwgfx bluetooth ttm drm binfmt_misc(F) vmw_vmci parport_pc(F) mac_hid i2c_piix4 shpchp lp(F) parport(F) hid_generic usbhid hid vmw_pvscsi(F) ahci(F) libahci(F) pcnet32(F) mii(F) floppy(F) vmxnet3(F) mptspi(F) mptscsih(F) mptbase(F) [last unloaded: kernelspace]
[ 5928.073322] CPU: 1 PID: 8406 Comm: thread_sender Tainted: GF     D    O 3.11.0-12-generic #19-Ubuntu
[ 5928.073324] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 5928.073325] task: f1330ce0 ti: f441a000 task.ti: f441a000
[ 5928.073327] EIP: 0060:[<f8773076>] EFLAGS: 00010282 CPU: 1
[ 5928.073328] EIP is at sendnlmsg+0x76/0x110 [kernelspace]
[ 5928.073329] EAX: ef9d2010 EBX: f1df9840 ECX: 00000012 EDX: f87740b2
[ 5928.073330] ESI: f87740b2 EDI: 00000011 EBP: f441bf4c ESP: f441bf30
[ 5928.073332]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 5928.073333] CR0: 80050033 CR2: f87740c4 CR3: 32106000 CR4: 001407f0
[ 5928.073338] Stack:
[ 5928.073338]  00000000 00001000 00000000 00000012 0000000a 00000000 f8773110 f441bf6c
[ 5928.073342]  f8773158 c1079b58 00000000 00000202 f441bf60 f441bf60 f472ddb0 f441bfac
[ 5928.073345]  c1070164 00000000 f441bf78 00000000 00000000 c1070000 f441bf88 f441bf88
[ 5928.073349] Call Trace:
[ 5928.073351]  [<f8773110>] ? sendnlmsg+0x110/0x110 [kernelspace]
[ 5928.073353]  [<f8773158>] sending_thread+0x48/0x61 [kernelspace]
[ 5928.073358]  [<c1079b58>] ? complete+0x48/0x50
[ 5928.073360]  [<c1070164>] kthread+0x94/0xa0
[ 5928.073362]  [<c1070000>] ? __kthread_parkme+0x60/0x70
[ 5928.073369]  [<c1632c37>] ret_from_kernel_thread+0x1b/0x28
[ 5928.073370]  [<c10700d0>] ? kthread_create_on_node+0xc0/0xc0
[ 5928.073372] Code: 51 a1 b8 c8 8b 53 54 85 d2 89 c7 8d 40 01 89 45 f0 b8 10 00 00 00 74 55 8b 4d f0 89 f2 c7 43 24 00 00 00 00 c7 43 28 05 00 00 00 <c6> 44 3e 01 00 83 c1 01 e8 0d 9d b8 c8 a1 80 51 77 f8 31 c9 89
[ 5928.073392] EIP: [<f8773076>] sendnlmsg+0x76/0x110 [kernelspace] SS:ESP 0068:f441bf30
[ 5928.073395] CR2: 00000000f87740c4
[ 5928.073396] ---[ end trace 5903863cf1e9ba73 ]---
希望大家帮我看下是哪里的错误，感激不尽

humjb_1983

没有反汇编，不能确认，大概看了下代码，如下代码应该有问题：
message[slen] = '\0';
这里的message应该是通过入参传入的字符串常量，该常量应该是存放在代码段中的，应该只有只读和执行权限，没有write权限，你这里直接赋值显然有问题。
另外，这里的数组也越界了：slen = strlen(message)+1;