内核模块调用vfs_stat访问/lib/ld-2.11.3.so,崩溃 。内核版本2.6.32.5
vfs_path_stat("/lib/ld-2.11.3.so",&stat);
{
mm_segment_t oldfs;
int error;
oldfs = get_fs();
set_fs(KERNEL_DS);
error = vfs_stat(filename, stat);
set_fs(oldfs);
return error;
}
错误码:
``
[33213.761878] ------------[ cut here ]------------
[33213.761880] kernel BUG at /root/build/linux-2.6/debian/build/source_amd64_linx/kernel/auditsc.c:1835!
[33213.761882] invalid opcode: 0000 [#1] SMP
[33213.761884] last sysfs file: /sys/devices/pci0000:00/0000:00:11.0/0000:02:00.0/usb2/2-1/bConfigurationValue
[33213.761886] CPU 2
[33213.761887] Modules linked in:cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_powersave binfmt_misc ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi bonding dm_multipath scsi_dh ipv6 loop snd_ens1371 gameport snd_seq_midi snd_seq_midi_event snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq snd_timer snd_seq_device evdev psmouse snd pcspkr serio_raw soundcore snd_page_alloc i2c_piix4 i2c_core processor ac container button shpchp pci_hotplug ext4 mbcache jbd2 crc16 dm_mod usbhid hid sg sr_mod sd_mod crc_t10dif cdrom ata_piix uhci_hcd ata_generic ahci ehci_hcd mptspi mptscsih mptbase scsi_transport_spi usbcore nls_base pcnet32 mii libata thermal scsi_mod thermal_sys [last unloaded: linx_sec]
[33213.761919] Pid: 13650, comm: 1.sh Tainted: P 2.6.32-5-linx-amd64 #1 VMware Virtual Platform
[33213.761921] RIP: 0010:[<ffffffff8109303a>] [<ffffffff8109303a>] __audit_getname+0x3e/0xeb
[33213.761927] RSP: 0018:ffff8801373cd7b8 EFLAGS: 00010202
[33213.761928] RAX: 0000000000000014 RBX: ffff88013687f800 RCX: 0000000000000fef
[33213.761930] RDX: 0000000000000011 RSI: ffff8801373cd948 RDI: ffff88013a0dc000
[33213.761931] RBP: ffff880134dac770 R08: 0000000000000011 R09: ffffffff8139372d
[33213.761932] R10: 000000d03a78af00 R11: 00000000000186a0 R12: ffff88013a0dc000
[33213.761934] R13: ffff880136814e38 R14: ffff88013a0dc000 R15: ffff880136814e38
[33213.761936] FS: 00007fc8a4077700(0000) GS:ffff880005240000(0000) knlGS:0000000000000000
[33213.761937] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[33213.761938] CR2: 00000000006e8bf0 CR3: 000000013a716000 CR4: 00000000000406e0
[33213.761969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[33213.761979] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[33213.761981] Process 1.sh (pid: 13650, threadinfo ffff8801373cc000, task ffff880134dac770)
[33213.761982] Stack:
[33213.761982] 00000000ffffffea 00000000ffffffdc 0000000000001000 ffffffff810ffb19
[33213.761985] <0> 00000000ffffffea ffff8801373cd948 0000000000000001 ffff8801373cd8d8
[33213.761987] <0> 00000000ffffff9c ffffffff811003fe 0000000000000000 ffff880134dacc08
[33213.761989] Call Trace:
[33213.761993] [<ffffffff810ffb19>] ? getname+0x19e/0x1a0
[33213.761996] [<ffffffff811003fe>] ? user_path_at+0x20/0x79
[33213.762000] [<ffffffff812e09fe>] ? printk+0x4e/0x58
[33213.762003] [<ffffffff81105566>] ? dput+0x2c/0x15e
[33213.762005] [<ffffffff810f8866>] ? vfs_fstatat+0x2c/0x57
[33213.762012] [<ffffffffa03a5da8>] ? vfs_path_stat+0x27/0x34 [httcsec]
[33213.762016] [<ffffffffa03dbf16>] ? sm_check_permission+0x1c1/0x3f5 [httcsm]
[33213.762019] [<ffffffff810b835d>] ? generic_file_aio_read+0x499/0x536
[33213.762020] [<ffffffff81104382>] ? __d_path+0x10d/0x16c
[33213.762023] [<ffffffff81109dd9>] ? mntput_no_expire+0x23/0xee
[33213.762025] [<ffffffff81104602>] ? d_path+0xc2/0xd2
[33213.762028] [<ffffffff810e92a1>] ? virt_to_head_page+0x9/0x2a
[33213.762032] [<ffffffffa03d9d34>] ? sm_file_mmap+0x74/0x191 [httcsm]
[33213.762034] [<ffffffff810e92a1>] ? virt_to_head_page+0x9/0x2a
[33213.762039] [<ffffffffa03a3aa3>] ? decision_file_mmap+0xbb/0x106 [httcsec]
[33213.762043] [<ffffffffa03a0c52>] ? lsm_httc_file_mmap+0x33/0x3f [httcsec]
[33213.762046] [<ffffffff810d5913>] ? do_mmap_pgoff+0x26d/0x2fd
[33213.762049] [<ffffffff8112cc13>] ? elf_map+0xb1/0x196
[33213.762052] [<ffffffff8112d911>] ? load_elf_binary+0xc19/0x1954
[33213.762055] [<ffffffff810e92a1>] ? virt_to_head_page+0x9/0x2a
[33213.762057] [<ffffffff810e92a1>] ? virt_to_head_page+0x9/0x2a
[33213.762060] [<ffffffff8112ccf8>] ? load_elf_binary+0x0/0x1954
[33213.762062] [<ffffffff810f972c>] ? search_binary_handler+0x9a/0x230
[33213.762064] [<ffffffff8112b728>] ? load_script+0x0/0x1ec
[33213.762067] [<ffffffff8112b8e9>] ? load_script+0x1c1/0x1ec
[33213.762069] [<ffffffff810e92a1>] ? virt_to_head_page+0x9/0x2a
[33213.762071] [<ffffffff810f972c>] ? search_binary_handler+0x9a/0x230
[33213.762073] [<ffffffff810faf54>] ? do_execve+0x1e4/0x2c3
[33213.762077] [<ffffffff8100f500>] ? sys_execve+0x35/0x4c
[33213.762079] [<ffffffff81010f9a>] ? stub_execve+0x6a/0xc0
[33213.762080] Code: f0 ff ff 48 8b 9d 00 06 00 00 0f 87 c3 00 00 00 48 85 ff 0f 84 ba 00 00 00 83 7b 04 00 0f 84 b0 00 00 00 8b 43 5c 83 f8 13 7e 04 <0f> 0b eb fe 48 98 48 6b c0 50 48 89 7c 03 60 48 63 43 5c 48 6b
[33213.762098] RIP [<ffffffff8109303a>] __audit_getname+0x3e/0xeb
[33213.762100] RSP <ffff8801373cd7b8>