Linux kernel & device driver programming

Cross-Referenced Linux and Device Driver Code

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ]
Version: [ 2.6.11.8 ] [ 2.6.25 ] [ 2.6.25.8 ] [ 2.6.31.13 ] Architecture: [ i386 ] 
  1 /*
  2  * faulty.c -- a module which generates an oops when read
  3  *
  4  * Copyright (C) 2001 Alessandro Rubini and Jonathan Corbet
  5  * Copyright (C) 2001 O'Reilly & Associates
  6  *
  7  * The source code in this file can be freely used, adapted,
  8  * and redistributed in source or binary form, so long as an
  9  * acknowledgment appears in derived source files.  The citation
 10  * should list that the code comes from the book "Linux Device
 11  * Drivers" by Alessandro Rubini and Jonathan Corbet, published
 12  * by O'Reilly & Associates.   No warranty is attached;
 13  * we cannot take responsibility for errors or fitness for use.
 14  *
 15  * $Id: faulty.c,v 1.3 2004/09/26 07:02:43 gregkh Exp $
 16  */
 17 
 18 
 19 #include <linux/config.h>
 20 #include <linux/module.h>
 21 #include <linux/init.h>
 22 
 23 #include <linux/kernel.h> /* printk() */
 24 #include <linux/fs.h>     /* everything... */
 25 #include <linux/types.h>  /* size_t */
 26 #include <asm/uaccess.h>
 27 
 28 MODULE_LICENSE("Dual BSD/GPL");
 29 
 30 
 31 int faulty_major = 0;
 32 
 33 ssize_t faulty_read(struct file *filp, char __user *buf,
 34                     size_t count, loff_t *pos)
 35 {
 36         int ret;
 37         char stack_buf[4];
 38 
 39         /* Let's try a buffer overflow  */
 40         memset(stack_buf, 0xff, 20);
 41         if (count > 4)
 42                 count = 4; /* copy 4 bytes to the user */
 43         ret = copy_to_user(buf, stack_buf, count);
 44         if (!ret)
 45                 return count;
 46         return ret;
 47 }
 48 
 49 ssize_t faulty_write (struct file *filp, const char __user *buf, size_t count,
 50                 loff_t *pos)
 51 {
 52         /* make a simple fault by dereferencing a NULL pointer */
 53         *(int *)0 = 0;
 54         return 0;
 55 }
 56 
 57 
 58 
 59 struct file_operations faulty_fops = {
 60         .read =  faulty_read,
 61         .write = faulty_write,
 62         .owner = THIS_MODULE
 63 };
 64 
 65 
 66 int faulty_init(void)
 67 {
 68         int result;
 69 
 70         /*
 71          * Register your major, and accept a dynamic number
 72          */
 73         result = register_chrdev(faulty_major, "faulty", &faulty_fops);
 74         if (result < 0)
 75                 return result;
 76         if (faulty_major == 0)
 77                 faulty_major = result; /* dynamic */
 78 
 79         return 0;
 80 }
 81 
 82 void faulty_cleanup(void)
 83 {
 84         unregister_chrdev(faulty_major, "faulty");
 85 }
 86 
 87 module_init(faulty_init);
 88 module_exit(faulty_cleanup);
 89 
 90
  This page was automatically generated by the LXR engine.