内核二分缺陷_缺陷跟踪
1. 内核二分缺陷_缺陷跟踪
1.1 二分缺陷
# 利用git log 查看提交的历史记录root@mouse:~/linux# git log --oneline56e337f2cf13 (HEAD -> test, origin/master, origin/HEAD, master_base, master) Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"6665ca15746d Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost09688c0166e7 (tag: v5.17-rc8) Linux 5.17-rc8f0e18b03fcaf Merge tag 'x86_urgent_for_v5.17_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipaad611a868d1 Merge tag 'perf-tools-fixes-for-v5.17-2022-03-12' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux1518a4f636b3 Merge tag 'drm-fixes-2022-03-12' of git://anongit.freedesktop.org/drm/drm91c9923a473a perf parse: Fix event parser error for hybrid systems073a15c3512f perf bench: Fix NULL check against wrong variablea7a72631f624 perf parse-events: Fix NULL check against wrong variableec9d50ace399 tools headers cpufeatures: Sync with the kernel sources# git bisect start [终点] [起点]root@mouse:~/linux# git bisect start 56e337f2cf13 6c7cb60bff7aBisecting: 12 revisions left to test after this (roughly 4 steps)[91c9923a473a694eb1c5c01ab778a77114969707] perf parse: Fix event parser error for hybrid systems# 利用git log 再次查看 可以看见第一条变为91c9923a473aroot@mouse:~/linux# git log --oneline91c9923a473a (HEAD) perf parse: Fix event parser error for hybrid systems073a15c3512f perf bench: Fix NULL check against wrong variablea7a72631f624 perf parse-events: Fix NULL check against wrong variableec9d50ace399 tools headers cpufeatures: Sync with the kernel sources3ec94eeaff9a tools kvm headers arm64: Update KVM headers from the kernel sources68453767131a ARM: Spectre-BHB: provide empty stub for non-config77fe1ba90241 Merge tag 'riscv-for-linus-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux878409ecde7c Merge tag 'powerpc-5.17-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux6c7cb60bff7a (refs/bisect/good-6c7cb60bff7aec24b834343ff433125f469886a3) ARM: fix Thumb2 regression with Spectre BHB3977a3fb6770 Merge tag 'mmc-v5.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc93ce93587d36 Merge branch 'davidh' (fixes from David Howells)413a4a6b0b55 cachefiles: Fix volume coherency attribute173ce1ca47c4 afs: Fix potential thrashing in afs writeback4edc0760412b watch_queue: Make comment about setting ->defunct more accurate2ed147f015af watch_queue: Fix lack of barrier/sync/lock between post and read7ea1a0124b6d watch_queue: Free the alloc bitmap when the watch_queue is torn down3b4c0371928c watch_queue: Fix the alloc bitmap size to reflect notes allocateda66bd7575b5f watch_queue: Use the bitmap API when applicable96a4d8912b28 watch_queue: Fix to always request a pow-of-2 pipe ring sizec1853fbadcba watch_queue: Fix to release page in ->release()db8facfc9faf watch_queue, pipe: Free watchqueue state after clearing pipe ringc993ee0f9f81 watch_queue: Fix filter limit check# git bisect bad 该历史钱是不工作的root@mouse:~/linux# git bisect badBisecting: 5 revisions left to test after this (roughly 3 steps)[77fe1ba90241c2af6f14d53988bf0cd6b9586699] Merge tag 'riscv-for-linus-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux# 利用git log 再次查看 可以看见第一条变为77fe1ba90241 可以看出是往后面二分查找的root@mouse:~/linux# git log --oneline77fe1ba90241 (HEAD) Merge tag 'riscv-for-linus-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux878409ecde7c Merge tag 'powerpc-5.17-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux6c7cb60bff7a (refs/bisect/good-6c7cb60bff7aec24b834343ff433125f469886a3) ARM: fix Thumb2 regression with Spectre BHB3977a3fb6770 Merge tag 'mmc-v5.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc93ce93587d36 Merge branch 'davidh' (fixes from David Howells)413a4a6b0b55 cachefiles: Fix volume coherency attribute173ce1ca47c4 afs: Fix potential thrashing in afs writeback4edc0760412b watch_queue: Make comment about setting ->defunct more accurate2ed147f015af watch_queue: Fix lack of barrier/sync/lock between post and read7ea1a0124b6d watch_queue: Free the alloc bitmap when the watch_queue is torn down3b4c0371928c watch_queue: Fix the alloc bitmap size to reflect notes allocateda66bd7575b5f watch_queue: Use the bitmap API when applicable96a4d8912b28 watch_queue: Fix to always request a pow-of-2 pipe ring sizec1853fbadcba watch_queue: Fix to release page in ->release()db8facfc9faf watch_queue, pipe: Free watchqueue state after clearing pipe ringc993ee0f9f81 watch_queue: Fix filter limit check79b00034e9dc Merge tag 'drm-fixes-2022-03-11' of git://anongit.freedesktop.org/d# git bisect good 说明是正常的往前面找root@mouse:~/linux# git bisect goodBisecting: 2 revisions left to test after this (roughly 2 steps)[ec9d50ace39925f7fd0302bf0fad640e2c9826ea] tools headers cpufeatures: Sync with the kernel sources# 利用git log 再次查看 可以看见第一条变为 ec9d50ace399 这样就完成了二分缺陷的查找 root@mouse:~/linux# git log --onelineec9d50ace399 (HEAD) tools headers cpufeatures: Sync with the kernel sources3ec94eeaff9a tools kvm headers arm64: Update KVM headers from the kernel sources68453767131a ARM: Spectre-BHB: provide empty stub for non-config77fe1ba90241 (refs/bisect/good-77fe1ba90241c2af6f14d53988bf0cd6b9586699) Merge tag 'riscv-for-linus-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux878409ecde7c Merge tag 'powerpc-5.17-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux6c7cb60bff7a (refs/bisect/good-6c7cb60bff7aec24b834343ff433125f469886a3) ARM: fix Thumb2 regression with Spectre BHB3977a3fb6770 Merge tag 'mmc-v5.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc93ce93587d36 Merge branch 'davidh' (fixes from David Howells)413a4a6b0b55 cachefiles: Fix volume coherency attribute173ce1ca47c4 afs: Fix potential thrashing in afs writeback4edc0760412b watch_queue: Make comment about setting ->defunct more accurate2ed147f015af watch_queue: Fix lack of barrier/sync/lock between post and read7ea1a0124b6d watch_queue: Free the alloc bitmap when the watch_queue is torn down3b4c0371928c watch_queue: Fix the alloc bitmap size to reflect notes allocateda66bd7575b5f watch_queue: Use the bitmap API when applicable96a4d8912b28 watch_queue: Fix to always request a pow-of-2 pipe ring sizec1853fbadcba watch_queue: Fix to release page in ->release()db8facfc9faf watch_queue, pipe: Free watchqueue state after clearing pipe ringc993ee0f9f81 watch_queue: Fix filter limit check79b00034e9dc Merge tag 'drm-fixes-2022-03-11' of git://anongit.freedesktop.org/drm/drm1.2 缺陷跟踪
# dmesg 打印内核信息 root@mouse:~/linux# dmesg[ 0.000000] Linux version 5.4.0-92-generic (buildd@lgw01-amd64-016) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #103-Ubuntu SMP Fri Nov 26 16:13:00 UTC 2021 (Ubuntu 5.4.0-92.103-generic 5.4.157)[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-92-generic root=UUID=3d5af7aa-dd5c-4ed3-b38a-e74236d4d773 ro vga=792 console=tty0 console=ttyS0,115200n8 net.ifnames=0 noibrs nvme_core.io_timeout=4294967295 nvme_core.admin_timeout=4294967295 quiet# 根据终端故障 利用gdb调试 假设终端输出故障 EIP is at vt_ioctl+0xda8/0x1482root@mouse:~/x86linux/hx86/linux-5.8.6# gdb vmlinuxGNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2Copyright (C) 2020 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Type "show copying" and "show warranty" for details.This GDB was configured as "x86_64-linux-gnu".Type "show configuration" for configuration details.For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>.Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.For help, type "help".Type "apropos word" to search for commands related to "word"...Reading symbols from vmlinux...(gdb) l *vt_ioctl+0xda80xffffffff814f36d8 is in vt_ioctl (drivers/tty/vt/vt_ioctl.c:401).396 * If the time is zero, turn off sound ourselves.397 */398ticks = msecs_to_jiffies((arg >> 16) & 0xffff);399count = ticks ? (arg & 0xffff) : 0;400if (count)401 count = PIT_TICK_RATE / count;402kd_mksound(count, ticks);403break;404 }405# 可以查看.o文件内容root@mouse:~/x86linux/hx86/linux-5.8.6# gdb drivers/tty/vt/vt_ioctl.oGNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2Copyright (C) 2020 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Type "show copying" and "show warranty" for details.This GDB was configured as "x86_64-linux-gnu".Type "show configuration" for configuration details.For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>.Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.For help, type "help".Type "apropos word" to search for commands related to "word"...Reading symbols from drivers/tty/vt/vt_ioctl.o...(gdb) l *vt_ioctl+0xda80x1338 is in vt_ioctl (drivers/tty/vt/vt_ioctl.c:401).396 * If the time is zero, turn off sound ourselves.397 */398ticks = msecs_to_jiffies((arg >> 16) & 0xffff);399count = ticks ? (arg & 0xffff) : 0;400if (count)401 count = PIT_TICK_RATE / count;402kd_mksound(count, ticks);403break;404 }405# 也可以查看ko文件内容root@mouse:~/x86linux/hx86/linux-5.8.6# gdb ./net/ipv4/netfilter/iptable_nat.koGNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2Copyright (C) 2020 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Type "show copying" and "show warranty" for details.This GDB was configured as "x86_64-linux-gnu".Type "show configuration" for configuration details.For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>.Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.For help, type "help".Type "apropos word" to search for commands related to "word"...Reading symbols from ./net/ipv4/netfilter/iptable_nat.ko...(gdb) bDisplay all 200 possibilities? (y or n)(gdb) l1#include 2#define INCLUDE_VERMAGIC3#include 4#include 5#include 67BUILD_SALT;89MODULE_INFO(vermagic, VERMAGIC_STRING);10 MODULE_INFO(name, KBUILD_MODNAME);(gdb)# 对.ko文件执行反汇编objdump -r -S -l --disassemble net/dccp/ipv4.oroot@mouse:~/x86linux/hx86/linux-5.8.6# objdump -r -S -l --disassemble ./net/ipv4/netfilter/nf_log_arp.ko./net/ipv4/netfilter/nf_log_arp.ko: file format elf64-x86-64Disassembly of section .text:0000000000000000 <nf_log_arp_net_exit>:nf_log_arp_net_exit():/root/x86linux/hx86/linux-5.8.6/net/ipv4/netfilter/nf_log_arp.c:116 return nf_log_set(net, NFPROTO_ARP, &nf_arp_logger);}static void __net_exit nf_log_arp_net_exit(struct net *net)-r, --relocDisplay the relocation entries in the file-S, --source Intermix source code with disassembly-d, --disassemble Display assembler contents of executable sections-l, --line-numbers Include line numbers and filenames in output# 上报故障 报告给用于开发相关代码的邮件列表(linux-mediaML)root@mouse:~/x86linux/hx86/linux-5.8.6# ./scripts/get_maintainer.pl -f net/ipv4/netfilter/nf_log_arp.cPablo Neira Ayuso <pablo@netfilter.org> (maintainer:NETFILTER)Jozsef Kadlecsik <kadlec@netfilter.org> (maintainer:NETFILTER)Florian Westphal <fw@strlen.de> (maintainer:NETFILTER)"David S. Miller" <davem@davemloft.net> (maintainer:NETWORKING [IPv4/IPv6])Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> (maintainer:NETWORKING [IPv4/IPv6])Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> (maintainer:NETWORKING [IPv4/IPv6])Jakub Kicinski <kuba@kernel.org> (maintainer:NETWORKING [GENERAL])netfilter-devel@vger.kernel.org (open list:NETFILTER)coreteam@netfilter.org (open list:NETFILTER)netdev@vger.kernel.org (open list:NETWORKING [IPv4/IPv6])linux-kernel@vger.kernel.org (open list)
调试.o文件、ko文件以及反汇编,针对某个故障进行分析。
更多详细得解读可以参考 2.1 技术参考
2. 总结
- 利用git bisect进行源码缺陷定位
- 利用gdb、objdump 修复源码
- 利用./scripts/get_maintainer.pl -f [修复文件] 获取邮件列表并上报缺陷
进入linux大门可以看哈这个视屏:https://ke.qq.com/course/417774?flowToken=1042383
学习还是得靠自己。❤️
2.1 技术参考
参考链接1:http://www.ruanyifeng.com/blog/2018/12/git-bisect.html
参考链接2:https://www.kernel.org/doc/html/latest/translations/zh_CN/admin-guide/bug-hunting.html