Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Comment nullderef.c

  • Loading branch information...
commit 2243edc085de9c17e3be34f91f18ab006851aed9 1 parent a53edfc
Nelson Elhage authored

Showing 1 changed file with 39 additions and 0 deletions. Show diff stats Hide diff stats

  1. 39  nullderef.c
39  nullderef.c
@@ -19,12 +19,22 @@
19 19
 #include <linux/hardirq.h>
20 20
 #include <linux/debugfs.h>
21 21
 
  22
+/*
  23
+ * Define an 'ops' struct containing a single mostly-pointless
  24
+ * function. We just do this to try to make this code look vaguely
  25
+ * like something that the actual kernel might contain.
  26
+ */
22 27
 struct my_ops {
23 28
 	ssize_t (*do_it)(void);
24 29
 };
25 30
 
  31
+/* Define a pointer to our ops struct, "accidentally" initialized to NULL. */
26 32
 static struct my_ops *ops = NULL;
27 33
 
  34
+/*
  35
+ * Writing to the 'null_read' file just reads the value of the do_it
  36
+ * function pointer from the NULL ops pointer.
  37
+ */
28 38
 static ssize_t null_read_write(struct file *f, const char __user *buf,
29 39
 		size_t count, loff_t *off)
30 40
 {
@@ -33,14 +43,21 @@ static ssize_t null_read_write(struct file *f, const char __user *buf,
33 43
 	return count;
34 44
 }
35 45
 
  46
+/*
  47
+ * Writing to the 'null_read' file calls the do_it member of ops,
  48
+ * which results in reading a function pointer from NULL and then
  49
+ * calling it.
  50
+ */
36 51
 static ssize_t null_call_write(struct file *f, const char __user *buf,
37 52
 		size_t count, loff_t *off)
38 53
 {
39 54
 	return ops->do_it();
40 55
 }
41 56
 
  57
+/* Handles to the files we will create */
42 58
 static struct dentry *nullderef_root, *read_de, *call_de;
43 59
 
  60
+/* Structs telling the kernel how to handle writes to our files. */
44 61
 static const struct file_operations null_read_fops = {
45 62
 	.write = null_read_write,
46 63
 };
@@ -48,20 +65,35 @@ static const struct file_operations null_call_fops = {
48 65
 	.write = null_call_write,
49 66
 };
50 67
 
  68
+/*
  69
+ * To clean up our module, we just remove the two files and the
  70
+ * directory.
  71
+ */
51 72
 static void cleanup_debugfs(void) {
52 73
 	if (read_de) debugfs_remove(read_de);
53 74
 	if (call_de) debugfs_remove(call_de);
54 75
 	if (nullderef_root) debugfs_remove(nullderef_root);
55 76
 }
56 77
 
  78
+/*
  79
+ * This function is called at module load time, and creates the
  80
+ * directory in debugfs and the two files.
  81
+ */
57 82
 static int __init nullderef_init(void)
58 83
 {
  84
+	/* Create the directory our files will live in. */
59 85
 	nullderef_root = debugfs_create_dir("nullderef", NULL);
60 86
 	if (!nullderef_root) {
61 87
 		printk(KERN_ERR "nullderef: creating root dir failed\n");
62 88
 		return -ENODEV;
63 89
 	}
64 90
 
  91
+	/*
  92
+	 * Create the null_read and null_call files. Use the fops
  93
+	 * structs defined above so that the kernel knows how to
  94
+	 * handle writes to them, and set the permissions to be
  95
+	 * writable by anyone.
  96
+	 */
65 97
 	read_de = debugfs_create_file("null_read", 0222, nullderef_root,
66 98
 				      NULL, &null_read_fops);
67 99
 	call_de = debugfs_create_file("null_call", 0222, nullderef_root,
@@ -77,11 +109,18 @@ static int __init nullderef_init(void)
77 109
 	return -ENODEV;
78 110
 }
79 111
 
  112
+/*
  113
+ * This function is called on module unload, and cleans up our files.
  114
+ */
80 115
 static void __exit nullderef_exit(void)
81 116
 {
82 117
 	cleanup_debugfs();
83 118
 }
84 119
 
  120
+/*
  121
+ * These two lines register the functions above to be called on module
  122
+ * load/unload.
  123
+ */
85 124
 module_init(nullderef_init);
86 125
 module_exit(nullderef_exit);
87 126
 

0 notes on commit 2243edc

Wei Hu

This should be 'null_call'

Please sign in to comment.
Something went wrong with that request. Please try again.