软件白名单遇到d_path空指针问题？

ertou

1 修改内核代码

   想要实现的功能:应用层实现软件白名单，把文件绝对路径名添加到内核white_table_root（红黑树），其中包括elf可执行文件和动态库文件，

在执行下面这个函数时出现了NULL指针系统崩溃问题，问题提示是在 d_path这里，希望大侠帮忙解答一下，困扰小弟好久了，再次先谢过了。

int ima_file_mmap(struct file *file, unsigned long prot)
{
        struct table_type *tt;
        char *pathbuf;
        const char *filename;

        if( (file->f_path != NULL) && (1 == white_table) && (hooks_ima_appraise&0x10))
        {
                pathbuf = kzalloc(PAGE_SIZE,GFP_KERNEL);
                if(!pathbuf)
                        printk("pathbuf kzalloc is NULL error\n");

                filename = d_path(&file->f_path, pathbuf,PAGE_SIZE);

                //filename = ima_d_path(&file->f_path, &pathbuf);
                if(!IS_ERR_OR_NULL(filename))
                        printk("ima_file_mmap: so=%s\n",filename);
                else
                {
                        printk("mmap: ima_d_path filename is err or null\n");
                        return -1;
                }
                      if(strstr(filename,".so")
                {
                        tt = table_search(&white_table_root,filename);

                        if(!tt)
                        {
                              printk("ima_file_mmap: white_table_list doesn't allow dynamic library file %s to be loaded.\n",filename);
                              return -EACCES;
                        }
                        else
                              printk("ima_file_mmap : white_table_list allow dynamic library file %s to be loaded.\n",filename);
                }

                kfree(pathbuf);
        }

        if (file && (prot & PROT_EXEC))
                return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK);

}


2 系统crash如下：

[  810.973388] ima_file_mmap: so=/var/log/messages
[  811.283768] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[  811.283778] IP: [<ffffffff811c589b>] d_path+0x1b/0x170
[  811.283787] PGD 0
[  811.283789] Oops: 0000 [#1] SMP
[  811.283793] Modules linked in: dm_crypt loop bnep bluetooth rfkill fuse ip6t_rpfilter ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg snd_hda_codec_analog snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep iTCO_wdt iTCO_vendor_support snd_seq snd_seq_device ppdev dcdbas snd_pcm snd_page_alloc snd_timer snd serio_raw coretemp pcspkr shpchp nfsd soundcore lpc_ich mfd_core i2c_i801 parport_pc parport mperf auth_rpcgss nfs_acl lockd sunrpc uinput xfs libcrc32c sd_mod
[  811.283834]  sr_mod cdrom crc_t10dif crct10dif_common ata_generic pata_acpi i2c_algo_bit drm_kms_helper ttm drm ata_piix libata tg3 ptp i2c_core pps_core dm_mirror dm_region_hash dm_log dm_mod
[  811.283847] CPU: 0 PID: 714 Comm: crond Not tainted 3.10.0new-evm+ #16
[  811.283850] Hardware name: Dell Inc. OptiPlex 360                 /0T656F, BIOS A00 08/12/2008
[  811.283851] task: ffff880034c8c440 ti: ffff88003364e000 task.ti: ffff88003364e000
[  811.283853] RIP: 0010:[<ffffffff811c589b>]  [<ffffffff811c589b>] d_path+0x1b/0x170
[  811.283856] RSP: 0018:ffff88003364fe18  EFLAGS: 00010296
[  811.283858] RAX: ffff8800341a8000 RBX: 0000000000000010 RCX: 0000000000000000
[  811.283860] RDX: 0000000000001000 RSI: ffff8800341a7000 RDI: 0000000000000010
[  811.283861] RBP: ffff88003364fe58 R08: 00000000000173e0 R09: ffff88007d003300
[  811.283863] R10: ffffffff812723cf R11: 0000000000000246 R12: 0000000000000003
[  811.283864] R13: 0000000000000022 R14: ffff8800341a7000 R15: ffff880035052580
[  811.283866] FS:  00007fba7e55b800(0000) GS:ffff88007f800000(0000) knlGS:0000000000000000
[  811.283868] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  811.283870] CR2: 0000000000000018 CR3: 000000007b4f5000 CR4: 00000000000007f0
[  811.283871] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  811.283873] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  811.283874] Stack:
[  811.283876]  ffffffff81194b9e ffff88007d003300 ffffffff812723cf 0000000000000000
[  811.283879]  0000000000000003 0000000000000000 0000000000000003 0000000000000022
[  811.283881]  ffff88003364fe88 ffffffff812723ec 0000000000000003 0000000000000000
[  811.283884] Call Trace:
[  811.283889]  [<ffffffff81194b9e>] ? kmem_cache_alloc_trace+0x1ce/0x1f0
[  811.283894]  [<ffffffff812723cf>] ? ima_file_mmap+0x6f/0x130
[  811.283896]  [<ffffffff812723ec>] ima_file_mmap+0x8c/0x130
[  811.283900]  [<ffffffff8125146d>] security_mmap_file+0x4d/0x90
[  811.283905]  [<ffffffff8115de74>] vm_mmap_pgoff+0x54/0xe0
[  811.283908]  [<ffffffff811717e6>] SyS_mmap_pgoff+0x116/0x270
[  811.283912]  [<ffffffff810173d2>] SyS_mmap+0x22/0x30
[  811.283915]  [<ffffffff815f1a59>] system_call_fastpath+0x16/0x1b
[  811.283917] Code: 00 00 00 e9 bd fd ff ff f3 90 e9 d4 fd ff ff 90 66 66 66 66 90 55 48 63 c2 48 01 f0 48 89 e5 41 55 41 54 53 48 89 fb 48 83 ec 28 <48> 8b 7f 08 48 89 44 24 08 89 54 24 04 65 48 8b 0c 25 28 00 00
[  811.283943] RIP  [<ffffffff811c589b>] d_path+0x1b/0x170
[  811.283946]  RSP <ffff88003364fe18>
[  811.283947] CR2: 0000000000000018
                                                                                                                  

nswcfd

f_path是内嵌在struct file里的结构，检查file->f_path为NULL没有意义。 <-- 编译的时候没有warning吗？

非法地址0x18貌似是f_path在file结构中的偏移，看起来file指针为NULL

willcream

回复 2# nswcfd
Hello,I have sent you an email, but no response until now.....