测试环境Linux 2.6.39 CPU:at91sam9g45

1. NULL指针引用

测试C代码

#include <linux/kernel.h>
#include <linux/module.h>

static int __init hello_init(void)
{
		int *p = 0;

		*p = 1; 
		return 0;
}

static void __exit hello_exit(void)
{
		return;
}

module_init(hello_init);
module_exit(hello_exit);

MODULE_LICENSE("GPL");

在开发板子上运行insmod hello.ko得到的信息

/harvis # insmod hello.ko 
<span style="color:#ff0000;">Unable to handle kernel NULL pointer dereference at virtual address 00000000</span>
pgd = c6878000
[00000000] *pgd=76872831, *pte=00000000, *ppte=00000000
Internal error: Oops: 817 [#1] PREEMPT
last sysfs file: /sys/power/wake_unlock
Modules linked in: <span style="color:#ff0000;">hello(+)</span> rt3070sta proc_jiffies altus_tsadcc restore power_alarm power_sensor led_ctl dev_ctl tel_data_switch
CPU: 0    Not tainted  (2.6.39.4+ #62)
<span style="color:#ff0000;">PC is at hello_init+0x8/0x10 [hello]</span>
LR is at do_one_initcall+0x90/0x164
pc : [<bf0ff008>]    lr : [<c0030434>]    psr: 60000013
sp : c686bf58  ip : 00000000  fp : 00000000
r10: 00000000  r9 : c686a000  r8 : bf0ff000
r7 : 00021008  r6 : bebec8a4  r5 : bf0fc014  r4 : 00000000
r3 : 00000001  r2 : c686a000  r1 : 00000001  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: 76878000  DAC: 00000015

LR: 0xc00303b4:
03b4  e3cd2d7f e3c2203f e3530000 e1a08000 e592a004 0a000018 e592300c e1a01000
03d4  e59320dc e28d6008 e59f0108 eb006aa0 e1a00006 eb00eb51 e1cd40d8 e12fff38
03f4  e1a07000 e1a00006 eb00eb4c e1cd20d8 e0522004 e0c33005 e1a04522 e1844b03
0414  e1a05523 e1a01008 e1a02007 e59f00c8 e88d0030 eb006a8e ea000001 e12fff30
0434  e1a07000 e59f00a8 e3a03000 e3570000 13770013 e5c03010 0a000006 e590300c
0454  e3530000 0a000003 e2800010 e59f108c e1a02007 eb0637b4 e3cd4d7f e3c4403f
0474  e5943004 e153000a 0a000004 e59f0070 e59f1070 e3a02040 eb062dd7 e584a004
0494  e10f3000 e3130080 0a000006 e59f1058 e3a02040 e59f0048 eb062dcf e10f3000

SP: 0xc686bed8:
bed8  d0b33a70 c76c9de0 00000154 00000194 00000000 00000000 0000001f 00000020
bef8  ffffffff c686bf44 bebec8a4 00021008 bf0ff000 c00363ac 00000000 00000001
bf18  c686a000 00000001 00000000 bf0fc014 bebec8a4 00021008 bf0ff000 c686a000
bf38  00000000 00000000 00000000 c686bf58 c0030434 bf0ff008 60000013 ffffffff
bf58  00000000 00000001 00000000 bf0fc014 bebec8a4 00000000 bf0fc014 bebec8a4
bf78  00021008 c00369a8 00000000 c0077c40 c686a000 c00af744 00021008 00000000
bf98  bebecd04 0001b6d0 00000080 c0036800 00000000 bebecd04 00021008 00004b12
bfb8  bebec8a4 00000002 00000000 bebecd04 0001b6d0 00000080 00000000 00000000

R2: 0xc6869f80:
9f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
a000  00000000 00000002 00000000 c76f2c60 c0511914 00000000 00000017 c7fdd980
a020  c76f2c60 c7fdde00 c753ac40 c0511478 00000000 c686a000 c686bd5c c686bd38
a040  c03c7f40 00000000 00000000 00000000 00000000 00000000 00000000 00000000
a060  afd4d47c 00000000 00000000 00000000 00000000 00000000 00000000 00000000

R9: 0xc6869f80:
9f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
a000  00000000 00000002 00000000 c76f2c60 c0511914 00000000 00000017 c7fdd980
a020  c76f2c60 c7fdde00 c753ac40 c0511478 00000000 c686a000 c686bd5c c686bd38
a040  c03c7f40 00000000 00000000 00000000 00000000 00000000 00000000 00000000
a060  afd4d47c 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Process insmod (pid: 1071, stack limit = 0xc686a270)
<span style="color:#ff0000;">Stack: (0xc686bf58 to 0xc686c000)</span>
bf40:                                                       00000000 00000001
bf60: 00000000 bf0fc014 bebec8a4 00000000 bf0fc014 bebec8a4 00021008 c00369a8
bf80: 00000000 c0077c40 c686a000 c00af744 00021008 00000000 bebecd04 0001b6d0
bfa0: 00000080 c0036800 00000000 bebecd04 00021008 00004b12 bebec8a4 00000002
bfc0: 00000000 bebecd04 0001b6d0 00000080 00000000 00000000 00000000 00000000
bfe0: 0001b7b4 bebec880 0000bf8f afd0c42c 60000010 00021008 76dfd831 76dfdc31
[<bf0ff008>] (hello_init+0x8/0x10 [hello]) from [<c0030434>] (do_one_initcall+0x90/0x164)
[<c0030434>] (do_one_initcall+0x90/0x164) from [<c0077c40>] (sys_init_module+0x94/0x1b4)
[<c0077c40>] (sys_init_module+0x94/0x1b4) from [<c0036800>] (ret_fast_syscall+0x0/0x2c)
Code: bad PC value
---[ end trace</span> 9051101e47a084de ]---
Kernel panic - not syncing: Fatal exception
[<c003be64>] (unwind_backtrace+0x0/0xec) from [<c0049bec>] (panic+0x60/0x18c)
[<c0049bec>] (panic+0x60/0x18c) from [<c003a088>] (die+0x198/0x1dc)
[<c003a088>] (die+0x198/0x1dc) from [<c003d048>] (__do_kernel_fault+0x64/0x84)
[<c003d048>] (__do_kernel_fault+0x64/0x84) from [<c003d220>] (do_page_fault+0x1b8/0x1d0)
[<c003d220>] (do_page_fault+0x1b8/0x1d0) from [<c0030314>] (do_DataAbort+0x38/0x9c)
[<c0030314>] (do_DataAbort+0x38/0x9c) from [<c00363ac>] (__dabt_svc+0x4c/0x60)
Exception stack(0xc686bf10 to 0xc686bf58)
bf00:                                     00000000 00000001 c686a000 00000001
bf20: 00000000 bf0fc014 bebec8a4 00021008 bf0ff000 c686a000 00000000 00000000
bf40: 00000000 c686bf58 c0030434 bf0ff008 60000013 ffffffff
[<c00363ac>] (__dabt_svc+0x4c/0x60) from [<bf0ff008>] (hello_init+0x8/0x10 [hello])
[<bf0ff008>] (hello_init+0x8/0x10 [hello]) from [<c0030434>] (do_one_initcall+0x90/0x164)
[<c0030434>] (do_one_initcall+0x90/0x164) from [<c0077c40>] (sys_init_module+0x94/0x1b4)
[<c0077c40>] (sys_init_module+0x94/0x1b4) from [<c0036800>] (ret_fast_syscall+0x0/0x2c)


对应的汇编代码

[root@localhost Test]# arm-none-linux-gnueabi-objdump -S hello.o

hello.o:     file format elf32-littlearm

Disassembly of section .init.text:

00000000 <init_module>:
static int __init hello_init(void)
{
		int *p = 0;

		*p = 1; 
   0:	e3a00000 	mov	r0, #0	; 0x0
   4:	e3a03001 	mov	r3, #1	; 0x1
   <span style="color:#ff0000;">8:	e5803000 	str	r3, [r0]</span>
		return 0;
}
   c:	e12fff1e 	bx	lr
Disassembly of section .exit.text:

00000000 <cleanup_module>:

static void __exit hello_exit(void)
{
		return;
}
   0:	e12fff1e 	bx	lr

还可以使用gdb工具仅仅反汇编出问题的函数,这样更清晰些

[root@localhost driver]# <span style="color:#ff0000;">arm-none-linux-gnueabi-gdb hello.o</span>
GNU gdb (CodeSourcery Sourcery G++ Lite 2007q1-10) 6.6.50.20070320-cvs
Copyright (C) 2007 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-none-linux-gnueabi".
For bug reporting instructions, please see:
<URL:https://support.codesourcery.com/GNUToolchain/>.
..
(gdb)<span style="color:#ff0000;"> disassemble hello_init</span>
Dump of assembler code for function hello_init:
0x00000000 <hello_init+0>:	mov	r0, #0	; 0x0
0x00000004 <hello_init+4>:	mov	r3, #1	; 0x1
0x00000008 <hello_init+8>:	str	r3, [r0]
0x0000000c <hello_init+12>:	bx	lr
End of assembler dump.
(gdb) 

[1] 这里面hello_init+8正是导致Oops的地方,hello_init+后面的数字是10进制的,最左侧那列数字0x00000008是十六进制的。

[2] 根据Oops中提到的PC值“PC is at hello_init+0x8/0x10 [hello]”,可知问题出在模块hello中的函数hello_init里面,位置是0x08,对比反汇编代码“8: e5803000 str r3, [r0]”,

就是这儿出了问题。

[3] 通常认为,产生异常的地址是lr寄存器的值,从上面的异常信息"pc : [<bf0ff008>] lr : [<c0030434>] psr: 600000"可以看到[lr]的值是c0030434。

[4] 接下来,我们可以通过内核镜像文件反汇编来找到这个地址。内核编译完成后,会在内核代码根目录下生成vmlinux文件(不要使用arch/arm/boor/compressed/目录里面的vmlinux文件),我们可以通过以下命令来反汇编

arm-none-eabi-objdump -Dz -S vmlinux >linux.dump

[5] 值得注意的是,arm-none-eabi-objdump的参数-S表示尽可能的把原来的代码和反汇编出来的代码一起呈现出来,-S参数需要结合arm-linux-gcc编译参数-g,才能达到反汇编时同时输出原来的代码。所以,我在linux内核代码根目录的Makefile中增加-g编译参数:

KBUILD_CFLAGS   := -g -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
     -fno-strict-aliasing -fno-common \
     -Werror-implicit-function-declaration \
     -Wno-format-security \
     -fno-delete-null-pointer-checks

修改Makefile后,重新编译内核,在根目录中生成的vmlinux文件就会包含了原来的代码信息,因此,该文件的大小也比原来大一倍!

[6] 接下来可以用UltraEdit打开linux.dump文件,查找“c0030434”字符串。


参考:

http://www.cnblogs.com/wwang/archive/2010/11/14/1876735.html 

http://blog.csdn.net/eustoma/article/details/6449157

http://blog.csdn.net/hunhunzi/article/details/7052032


2. Kernel panic - not syncing: Fatal exception in interrupt

/harvis # ./test.sh input_sensor.ko 
Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = c7514000
[00000004] *pgd=77503831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT
last sysfs file: /sys/devices/platform/atmel_lcdfb.0/backlight/backlight/brightness
Modules linked in: input_sensor(+) rt3070sta proc_jiffies altus_tsadcc restore power_alarm power_sensor led_ctl dev_ctl tel_data_switch [last unloaded: kset_test]
CPU: 0    Tainted: G        W    (2.6.39.4+ #62)
PC is at sensor_timer_function+0x10/0x6c [input_sensor]
LR is at run_timer_softirq+0x188/0x260
pc : [<bf3931e4>]    lr : [<c0054eac>]    psr: 40000013
sp : c76c7f18  ip : 00000000  fp : c0536f2c
r10: c053732c  r9 : c053712c  r8 : c053752c
r7 : bf3931d4  r6 : c76c6000  r5 : bf3936f8  r4 : 00000000
r3 : 00000000  r2 : c76c6000  r1 : bf393700  r0 : 00000000
Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: 77514000  DAC: 00000015

LR: 0xc0054e2c:
4e2c  e5923010 e58d1010 e282000c e28d1010 e5831000 e58d3014 e582000c e5820010
4e4c  ea00002c e5917010 e5915014 e5841000 e5912004 e5913000 e5823000 e5832004
4e6c  e59f20fc e3a03000 e5812004 e5813000 e10f3000 e3c33080 e121f003 e3a00001
4e8c  ebffb8e7 e5963000 e3130002 0a000000 eb0dcc84 e1a00005 e5965004 e12fff37
4eac  e596c004 e155000c 0a00000d e59f10b4 e5513fb8 e3530000 1a000008 e1a03007
4ecc  e59f20a4 e59f00a4 e59f10a4 e88d1020 ebffd31a e59f208c e3a03001 e5423fb8
4eec  e5865004 e10f3000 e3833080 e121f003 e3a00001 ebffb8f9 e59d1010 e59d300c
4f0c  e1510003 1affffce e59f1050 e5942004 e5913000 e0623003 e3530000 aaffff9a

SP: 0xc76c7e98:
7e98  00000000 99dc2d80 00000a13 99dc2d80 99dc2d80 00000a13 99ce6e8c 00000a13
7eb8  ffffffff c76c7f04 c76c6000 bf3931d4 c053752c c00363ac 00000000 bf393700
7ed8  c76c6000 00000000 00000000 bf3936f8 c76c6000 bf3931d4 c053752c c053712c
7ef8  c053732c c0536f2c 00000000 c76c7f18 c0054eac bf3931e4 40000013 ffffffff
7f18  c0054d64 c0536720 00000102 c0054eac 0007a120 c0529ff0 c0513f20 c76c7f38
7f38  c76c7f38 c76c7f38 00000001 00000001 00000102 c76c6000 00000101 00000004
7f58  0000000a c0536580 00000000 c004f2d4 c0513f20 00000012 00000001 00000012
7f78  00000000 00000012 00000001 00000000 c76c6000 00100000 00000001 c004f69c

FP: 0xc0536eac:
6eac  c0536eac c0536eac c0536eb4 c0536eb4 c0536ebc c0536ebc c0536ec4 c0536ec4
6ecc  c0536ecc c0536ecc c0536ed4 c0536ed4 c0536edc c0536edc c0536ee4 c0536ee4
6eec  c0536eec c0536eec c0536ef4 c0536ef4 c0536efc c0536efc c0536f04 c0536f04
6f0c  c0536f0c c0536f0c c0536f14 c0536f14 c0536f1c c0536f1c c0536f24 c0536f24
6f2c  c0536f2c c0536f2c c0536f34 c0536f34 c0536f3c c0536f3c c0536f44 c0536f44
6f4c  c0536f4c c0536f4c c0536f54 c0536f54 c0536f5c c0536f5c c0536f64 c0536f64
6f6c  c7e9d06c c7e9d06c c0536f74 c0536f74 c0536f7c c0536f7c c0536f84 c0536f84
6f8c  c0536f8c c0536f8c c0536f94 c0536f94 c0536f9c c0536f9c c0536fa4 c0536fa4

R2: 0xc76c5f80:
5f80  c76c4000 00000000 00000001 c0066ee8 0000000a 00000000 00000001 0001cf58
5fa0  00000138 c0036800 0001cf58 00000138 412b4ec8 412b4ec8 00000001 00000000
5fc0  0001cf58 00000138 0001cf58 000000a2 80060d75 0001cf58 00100000 00000001
5fe0  800aab7c 412b4ec0 afd17aa1 afd0bdac 60000010 412b4ec8 00000000 00000000
6000  00000000 00000104 00000000 c74391c0 c0511914 00000000 00000017 00000000
6020  c74391c0 c74b7380 c7c190e0 c0511478 00000001 c76c6000 c76c7ef4 c76c7ed0
6040  c03c7f40 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6060  413bcf00 00000000 00000000 00000000 00000000 00000000 00000000 00000000

R6: 0xc76c5f80:
5f80  c76c4000 00000000 00000001 c0066ee8 0000000a 00000000 00000001 0001cf58
5fa0  00000138 c0036800 0001cf58 00000138 412b4ec8 412b4ec8 00000001 00000000
5fc0  0001cf58 00000138 0001cf58 000000a2 80060d75 0001cf58 00100000 00000001
5fe0  800aab7c 412b4ec0 afd17aa1 afd0bdac 60000010 412b4ec8 00000000 00000000
6000  00000000 00000104 00000000 c74391c0 c0511914 00000000 00000017 00000000
6020  c74391c0 c74b7380 c7c190e0 c0511478 00000001 c76c6000 c76c7ef4 c76c7ed0
6040  c03c7f40 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6060  413bcf00 00000000 00000000 00000000 00000000 00000000 00000000 00000000

R8: 0xc05374ac:
74ac  c05374ac c05374ac c05374b4 c05374b4 c05374bc c05374bc c05374c4 c05374c4
74cc  c05374cc c05374cc c05374d4 c05374d4 c05374dc c05374dc c05374e4 c05374e4
74ec  c05374ec c05374ec c05374f4 c05374f4 c05374fc c05374fc c0537504 c0537504
750c  c053750c c053750c c0537514 c0537514 c053751c c053751c c0537524 c0537524
752c  c053752c c053752c c0537534 c0537534 c053753c c053753c c0537544 c0537544
754c  c053754c c053754c c0537554 c0537554 c053755c c053755c c0537564 c0537564
756c  c053756c c053756c c0537574 c0537574 c053757c c053757c c0537584 c0537584
758c  c053758c c053758c c0537594 c0537594 c053759c c053759c c05375a4 c05375a4

R9: 0xc05370ac:
70ac  c05370ac c05370ac c05370b4 c05370b4 c05370bc c05370bc c05370c4 c05370c4
70cc  c05370cc c05370cc c05370d4 c05370d4 c05370dc c05370dc c05370e4 c05370e4
70ec  c05370ec c05370ec c05370f4 c05370f4 c05370fc c05370fc c7e4392c c7e4392c
710c  c7e1b4e8 c7e1b4e8 c0538894 c0518f24 c053711c c053711c c0537124 c0537124
712c  c053712c c053712c c0537134 c0537134 c053713c c053713c c0537144 c0537144
714c  c053714c c053714c c0537154 c0537154 c053715c c053715c c0537164 c0537164
716c  c053716c c053716c c0537174 c0537174 c053717c c053717c c0537184 c0537184
718c  c053718c c053718c c0537194 c0537194 c053719c c053719c c05371a4 c05371a4

R10: 0xc05372ac:
72ac  c05372ac c05372ac c05372b4 c05372b4 c05372bc c05372bc c75a4824 c75a4824
72cc  c05372cc c05372cc c05372d4 c05372d4 c05372dc c05372dc c05372e4 c05372e4
72ec  c05372ec c05372ec c05372f4 c05372f4 c05372fc c05372fc c0537304 c0537304
730c  c053730c c053730c c0537314 c0537314 c053731c c053731c c0537324 c0537324
732c  c053732c c053732c c0537334 c0537334 c053733c c053733c c0537344 c0537344
734c  c053734c c053734c c0537354 c0537354 c053735c c053735c c0537364 c0537364
736c  c053736c c053736c c0537374 c0537374 c053737c c053737c c0537384 c0537384
738c  c053738c c053738c c0537394 c0537394 c053739c c053739c c05373a4 c05373a4
Process eleserver (pid: 1057, stack limit = 0xc76c6270)
Stack: (0xc76c7f18 to 0xc76c8000)
7f00:                                                       c0054d64 c0536720
7f20: 00000102 c0054eac 0007a120 c0529ff0 c0513f20 c76c7f38 c76c7f38 c76c7f38
7f40: 00000001 00000001 00000102 c76c6000 00000101 00000004 0000000a c0536580
7f60: 00000000 c004f2d4 c0513f20 00000012 00000001 00000012 00000000 00000012
7f80: 00000001 00000000 c76c6000 00100000 00000001 c004f69c 00000012 c0030088
7fa0: 0001cf58 ffffffff fefff000 c003660c 00000000 413bcd00 000f423f 0001d057
7fc0: 00004000 0001cf58 0000000e 00000000 80062bc9 0001cf58 00100000 00000001
7fe0: 800aabcc 413bcd10 afd181bd 80062af2 60000030 ffffffff 76dfd831 76dfdc31
[<bf3931e4>] (sensor_timer_function+0x10/0x6c [input_sensor]) from [<c0054eac>] (run_timer_softirq+0x188/0x260)
[<c0054eac>] (run_timer_softirq+0x188/0x260) from [<c004f2d4>] (__do_softirq+0x84/0x118)
[<c004f2d4>] (__do_softirq+0x84/0x118) from [<c004f69c>] (irq_exit+0x48/0xa0)
[<c004f69c>] (irq_exit+0x48/0xa0) from [<c0030088>] (asm_do_IRQ+0x88/0xac)
[<c0030088>] (asm_do_IRQ+0x88/0xac) from [<c003660c>] (__irq_usr+0x4c/0xa0)
Exception stack(0xc76c7fb0 to 0xc76c7ff8)
7fa0:                                     00000000 413bcd00 000f423f 0001d057
7fc0: 00004000 0001cf58 0000000e 00000000 80062bc9 0001cf58 00100000 00000001
7fe0: 800aabcc 413bcd10 afd181bd 80062af2 60000030 ffffffff
Code: e92d4030 e59f5058 e24dd004 e5954004 (e5940004) 
---[ end trace bdaf1b1880dda56c ]---
Kernel panic - not syncing: Fatal exception in interrupt
[<c003be64>] (unwind_backtrace+0x0/0xec) from [<c0049bec>] (panic+0x60/0x18c)
[<c0049bec>] (panic+0x60/0x18c) from [<c003a088>] (die+0x198/0x1dc)
[<c003a088>] (die+0x198/0x1dc) from [<c003d048>] (__do_kernel_fault+0x64/0x84)
[<c003d048>] (__do_kernel_fault+0x64/0x84) from [<c003d220>] (do_page_fault+0x1b8/0x1d0)
[<c003d220>] (do_page_fault+0x1b8/0x1d0) from [<c0030314>] (do_DataAbort+0x38/0x9c)
[<c0030314>] (do_DataAbort+0x38/0x9c) from [<c00363ac>] (__dabt_svc+0x4c/0x60)
Exception stack(0xc76c7ed0 to 0xc76c7f18)
7ec0:                                     00000000 bf393700 c76c6000 00000000
7ee0: 00000000 bf3936f8 c76c6000 bf3931d4 c053752c c053712c c053732c c0536f2c
7f00: 00000000 c76c7f18 c0054eac bf3931e4 40000013 ffffffff
[<c00363ac>] (__dabt_svc+0x4c/0x60) from [<bf3931e4>] (sensor_timer_function+0x10/0x6c [input_sensor])
[<bf3931e4>] (sensor_timer_function+0x10/0x6c [input_sensor]) from [<c0054eac>] (run_timer_softirq+0x188/0x260)
[<c0054eac>] (run_timer_softirq+0x188/0x260) from [<c004f2d4>] (__do_softirq+0x84/0x118)
[<c004f2d4>] (__do_softirq+0x84/0x118) from [<c004f69c>] (irq_exit+0x48/0xa0)
[<c004f69c>] (irq_exit+0x48/0xa0) from [<c0030088>] (asm_do_IRQ+0x88/0xac)
[<c0030088>] (asm_do_IRQ+0x88/0xac) from [<c003660c>] (__irq_usr+0x4c/0xa0)
Exception stack(0xc76c7fb0 to 0xc76c7ff8)
7fa0:                                     00000000 413bcd00 000f423f 0001d057
7fc0: 00004000 0001cf58 0000000e 00000000 80062bc9 0001cf58 00100000 00000001
7fe0: 800aabcc 413bcd10 afd181bd 80062af2 60000030 ffffffff

[1] 问题出在定时器处理函数timer_list.function中,定时器处理函数的首次运行很有可能不是在发生一次中断后执行的,而是在我们设定的jiffies+HZ/100后就执行了.

[2] 如果timer_list.function使用的是全局变量,尤其是指针变量,一般都初始化为NULL,我是在中断里面变更全局指针的值,定时器处理函数的第一次运行就会碰到NULL导致Oops。

[3] 驱动里面的每一个指针的使用就需要谨慎对待。编写了一个简单的测试内核模块加载、卸载健壮性的shell脚本。

使用方法:./test.sh input_sensor.ko 1000

表示:加载、卸载内核模块input_sensor.ko 1000次。

/harvis # cat test.sh 
i=1
times=10
if [ -n "$2" ]
then
        times=$2
fi

while [ "$i" -le $times ]
do
        insmod $1
        echo "insmod $1"
        rmmod  $1
        echo ""rmmod  $1

        echo "$i"
        i=$((i+1))
#       sleep 1
done



Logo

更多推荐