Skip to content

feat: debug kernel stack #1176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

feat: debug kernel stack #1176

wants to merge 8 commits into from

Conversation

Godones
Copy link
Contributor

@Godones Godones commented May 23, 2025

目标: 检测内核栈溢出bug
实现: 在分配内核栈时手动在内核高位地址空间分配一个映射区间,同时保留一块未映射区域

@github-actions github-actions bot added the enhancement New feature or request label May 23, 2025
@Godones
Copy link
Contributor Author

Godones commented May 23, 2025

@fslongjin 请帮我看看这段代码实现有什么错误吗?感觉没什么错误,但是无法运行

@chiichen
Copy link
Member

@fslongjin 请帮我看看这段代码实现有什么错误吗?感觉没什么错误,但是无法运行

具体是啥问题,贴一下报错?

@Godones
Copy link
Contributor Author

Godones commented May 23, 2025

image
运行到这里内核就结束了

@chiichen
Copy link
Member

image 运行到这里内核就结束了

是固定挂在这还是在启动阶段随机挂的

@Godones
Copy link
Contributor Author

Godones commented May 23, 2025

固定这个位置

@Godones
Copy link
Contributor Author

Godones commented May 23, 2025

具体位置是开启中断后,我打印了中断处理信息,发现发生了几次中断,然后就结束了

@fslongjin
Copy link
Member

具体位置是开启中断后,我打印了中断处理信息,发现发生了几次中断,然后就结束了

刚才看了一下,暂时没发现问题,我明天认真看看。

fslongjin
fslongjin reviewed Jun 4, 2025
View reviewed changes
@fslongjin
feat(arch/x86_64): 启用内核态写保护功能
4c0830a 
添加enable_kernel_wp函数来设置CR0的WP位,防止内核错误写入只读页面

Signed-off-by: longjin <[email protected]>
@fslongjin
Copy link
Member

我为x86加了kernel wp的保护,现在这个机制能检测到栈溢出了。但是还存在以下问题:

  1. 要分配多一倍的内存
  2. 栈溢出的时候,do_kern_addr_fault没实现。难以看到栈回溯。

@Godones
Copy link
Contributor Author

Godones commented Jun 9, 2025

我为x86加了kernel wp的保护,现在这个机制能检测到栈溢出了。但是还存在以下问题:

  1. 要分配多一倍的内存
  2. 栈溢出的时候,do_kern_addr_fault没实现。难以看到栈回溯。

内核栈的检测只是用来debug使用,在内核稳定后应该使用原有的实现,所以分配多一倍的内存并没有太多的副作用。
由于只有触发异常才能检测到栈溢出,很难从异常处理中进行堆栈回溯,这里只是暂时打印了触发该异常的函数

@fslongjin
Copy link
Member

我在想,异常处理程序里面不是有发生异常时的栈指针吗?那为啥不能traceback哈哈哈

@Godones
Copy link
Contributor Author

Godones commented Jun 9, 2025

使用unwind进行堆栈展开时,它的工作方式是从当前栈帧逐步向上展开的,它不能对异常处理函数进行展开

@fslongjin
refactor: 移除kstack_protect默认特性并优化内存管理
2d6ef84 
- 从default特性中移除kstack_protect
- 为X86_64MMBootstrapInfo添加kernel_rodata_start字段
- 调整内核页标志对rodata区域的判断逻辑

Signed-off-by: longjin <[email protected]>
fslongjin
fslongjin reviewed Jun 10, 2025
View reviewed changes
Copy link
Member

@fslongjin fslongjin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

现在没问题了,哈哈。麻烦添加个文档~3q!

fslongjin
fslongjin reviewed Jun 10, 2025
View reviewed changes
kernel/src/mm/mod.rs Outdated
Comment on lines 688 to 692
// map集合中并不会主动设置该位,需要手动设置
if vm_flags.contains(VmFlags::VM_WRITE) {
ret = ret.set_write(true)
}

Copy link
Member

@fslongjin fslongjin Jun 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里的设置不对。会导致动态链接程序第二次加载的时候报错:
image

我检查了一下protection map,这个map的值貌似没问题?
https://code.dragonos.org.cn/xref/linux-6.6.21/arch/x86/mm/pgprot.c#8

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

问题在 31bd5eb 解决了。不过我没有为la64和rv64实现,麻烦帮忙实现下~ 3q! @Godones

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fslongjin fslongjin fslongjin left review comments

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Godones @chiichen @fslongjin