'How to use "kallsyms_lookup_name" in latest kernel versions for building modules ? Hitting "kernel NULL pointer dereference"
I have the following kernel module which successfully builds. But when trying to load the module using insmod the system crashes.
Kernel version : 5.15.23
hello-1.c
#include <linux/module.h>
#include <linux/kernel.h>
#define KPROBE_LOOKUP 1
#include <linux/kprobes.h>
static struct kprobe kp = {
.symbol_name = "kallsyms_lookup_name"
};
unsigned long sk_data_ready_addr = 0;
MODULE_LICENSE("GPL");
int init_module(void)
{
typedef unsigned long (*kallsyms_lookup_name_t)(const char *name);
kallsyms_lookup_name_t kallsyms_lookup_name;
register_kprobe(&kp);
kallsyms_lookup_name = (kallsyms_lookup_name_t) kp.addr;
unregister_kprobe(&kp);
sk_data_ready_addr = kallsyms_lookup_name("sock_def_readable");
return 0;
}
void cleanup_module(void)
{
printk(KERN_INFO "Goodbye world 1.\n");
}
From Kernel logs -
[11047.586430] hello_1: loading out-of-tree module taints kernel.
[11047.587653] BUG: kernel NULL pointer dereference, address: 0000000000000000
[11047.588787] #PF: supervisor instruction fetch in kernel mode
[11047.589786] #PF: error_code(0x0010) - not-present page
[11047.590649] PGD 0 P4D 0
[11047.591150] Oops: 0010 [#1] PREEMPT SMP PTI
[11047.591882] CPU: 2 PID: 18441 Comm: insmod Tainted: G O 5.15.23-0psh1 #0psh1
[11047.593244] Hardware name: OpenStack Foundation OpenStack Nova, BIOS rel-1.10.2-0-g5f4c7b1-20181220_000000-szxrtosci10000 04/01/2014
[11047.595103] RIP: 0010:0x0
[11047.595626] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[11047.596712] RSP: 0018:ffffb0f3c1abfdf0 EFLAGS: 00010246
[11047.597590] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[11047.598717] RDX: 0000000000d40682 RSI: 0000000000000000 RDI: ffffffffc0824054
[11047.599842] RBP: ffffffffc0823000 R08: 0000000000000000 R09: ffffd93a85838f08
[11047.600987] R10: ffff8cbd3269e938 R11: 0000000000000002 R12: ffff8cbcc176ff40
[11047.602102] R13: 00005609a921b3d9 R14: 0000000000000003 R15: 0000000000000000
[11047.603229] FS: 00007f6adc9df700(0000) GS:ffff8cbdf7d00000(0000) knlGS:0000000000000000
[11047.604561] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[11047.605501] CR2: ffffffffffffffd6 CR3: 000000015fc5c005 CR4: 00000000003706e0
[11047.606632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[11047.607768] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[11047.608903] Call Trace:
[11047.609393] <TASK>
[11047.609823] init_module+0xe/0x18 [hello_1]
[11047.610549] do_one_initcall+0x47/0x180
[11047.611229] ? kmem_cache_alloc+0x37/0x3b0
[11047.611935] do_init_module+0x52/0x230
[11047.612611] __do_sys_finit_module+0x8f/0xc0
[11047.613333] do_syscall_64+0x3b/0x90
[11047.613974] entry_SYSCALL_64_after_hwframe+0x44/0xae
[11047.614822] RIP: 0033:0x7f6adc5055b9
[11047.615471] Code: 01 00 48 81 c4 80 00 00 00 e9 11 ff ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 9f 08 2c 00 f7 d8 64 89 01 48
[11047.618339] RSP: 002b:00007ffe0763ad68 EFLAGS: 00000202 ORIG_RAX: 0000000000000139
[11047.619605] RAX: ffffffffffffffda RBX: 00005609aaae82b0 RCX: 00007f6adc5055b9
[11047.620740] RDX: 0000000000000000 RSI: 00005609a921b3d9 RDI: 0000000000000003
[11047.621884] RBP: 00005609a921b3d9 R08: 0000000000000000 R09: 00007f6adc7c8f20
[11047.623025] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000000000
[11047.624164] R13: 00005609aaae8130 R14: 0000000000000000 R15: 0000000000000000
[11047.625302] </TASK>
[11047.625750] Modules linked in: hello_1(O+) nf_conntrack_netlink nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 nfs lockd grace sunrpc fscache netfs ipt_REJECT nf_reject_ipv4 xt_NFLOG nfnetlink_log xt_limit xt_tcpudp xt_owner xt_conntrack iptable_filter ip_tables x_tables ip_set_hash_ip ip_set nfnetlink crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd virtio_console serio_raw qemu_fw_cfg evdev gre fou ip_tunnel udp_tunnel fuse autofs4 btrfs zstd_compress zlib_deflate raid6_pq ata_generic ata_piix psmouse libata crc32c_intel i2c_piix4 scsi_mod virtio_blk i2c_core floppy
[11047.633944] CR2: 0000000000000000
[11047.634548] ---[ end trace 2a6a58217483b7fd ]---
[11047.635317] RIP: 0010:0x0
[11047.635892] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[11047.637008] RSP: 0018:ffffb0f3c1abfdf0 EFLAGS: 00010246
[11047.637886] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[11047.639025] RDX: 0000000000d40682 RSI: 0000000000000000 RDI: ffffffffc0824054
[11047.640141] RBP: ffffffffc0823000 R08: 0000000000000000 R09: ffffd93a85838f08
[11047.641265] R10: ffff8cbd3269e938 R11: 0000000000000002 R12: ffff8cbcc176ff40
[11047.642396] R13: 00005609a921b3d9 R14: 0000000000000003 R15: 0000000000000000
[11047.643511] FS: 00007f6adc9df700(0000) GS:ffff8cbdf7d00000(0000) knlGS:0000000000000000
[11047.644832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[11047.645759] CR2: ffffffffffffffd6 CR3: 000000015fc5c005 CR4: 00000000003706e0
[11047.646879] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[11047.648008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[11047.649126] Kernel panic - not syncing: Fatal exception
[11047.650607] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|