完成本文,使用了两个工具
1. strace
2. google code search
.
----
- swap分区有一个大小为PAGE_SIZE的页面,称为signature页,上面记录swap分区的基本信息。
static struct swap_header_v1 {
char bootbits[1024]; /* Space for disklabel etc. */
unsigned int version;
unsigned int last_page;
unsigned int nr_badpages;
unsigned int padding[125];
unsigned int badpages[1];
} *p; - check_blocks()会
对整个文件进行一次顺序读,在v1生成一个磁盘块“好块”和“坏块”的位图。在v2中,“好块”无需记录,只记录坏块。一个磁盘的坏块一般来说极少,为了
节省空间,因此记录方法不再是位图,改而用数组的方式。p->badpages[badpages] = page; // page为坏块号
这里需要注意的是,在
swap_header_v1的定义中,p->badpages数组大小为1,这里实际上产生了越界。但是,从C语言的知识我们知道,即使越界,只
要编译器没有检测出来,并且实际访问的“越界区”是我们可访问的区域,则不会有任何问题。上面这句代码是一种“可控的、有意识的越界”。可控的边界在哪里
呢?#define MAX_BADPAGES ((pagesize-1024-128*sizeof(int)-10)/sizeof(int)) // 637 bad pages over i386
结合swap_header_v1的定义,上面的公式不难理解
bootbits占1024字节,随后4个变量分别占4、4、4、4*125字节,SIGNATURE占10字节,剩余的都给badpages了。超过了
MAX_BADPAGES,则会引发越界访问。 - swap
分区格式有两个版本,姑且称为v0和v1,版本可以在命令行中指定,如果缺省,则mkswap根据swap分区设备/文件大小自动设定。write_signature((version == 0) ? "SWAP-SPACE" : "SWAPSPACE2");
- 通过上述步骤,signature页的内容都被初始化好
了,现在写回到块设备中去:offset = ((version == 0) ? 0 : 1024);
if (lseek(DEV, offset, SEEK_SET) != offset)
error_msg_and_die("unable to rewind swap-device");
if (write(DEV, (char *) signature_page + offset, pagesize - offset)
!= pagesize - offset)
error_msg_and_die("unable to write signature page");对于v0,signature页被写到设备头,对于
v1,signature页被写到偏移为1024字节处。
附mkswap源码
static void page_ok(int page)
{
if (version == 0)
bit_set(signature_page, page);
}
static void page_bad(int page)
{
if (version == 0)
bit_test_and_clear(signature_page, page);
else {
if (badpages == MAX_BADPAGES)
error_msg_and_die("too many bad pages");
p->badpages[badpages] = page;
}
badpages++;
}
static void check_blocks(void)
{
unsigned int current_page;
int do_seek = 1;
char *buffer;
buffer = xmalloc(pagesize);
current_page = 0;
while (current_page < PAGES) {
if (!check) {
page_ok(current_page++);
continue;
}
if (do_seek && lseek(DEV, current_page * pagesize, SEEK_SET) !=
current_page * pagesize)
error_msg_and_die("seek failed in check_blocks");
if ((do_seek = (pagesize != read(DEV, buffer, pagesize)))) {
page_bad(current_page++);
continue;
}
page_ok(current_page++);
}
if (badpages == 1)
printf("one bad page/n");
else if (badpages > 1)
printf("%d bad pages/n", badpages);
}
static long valid_offset(int fd, int offset)
{
char ch;
if (lseek(fd, offset, 0) < 0)
return 0;
if (read(fd, &ch, 1) < 1)
return 0;
return 1;
}
static int find_size(int fd)
{
unsigned int high, low;
low = 0;
for (high = 1; high > 0 && valid_offset(fd, high); high *= 2)
low = high;
while (low < high - 1) {
const int mid = (low + high) / 2;
if (valid_offset(fd, mid))
low = mid;
else
high = mid;
}
return (low + 1);
}
/* return size in pages, to avoid integer overflow */
static long get_size(const char *file)
{
int fd;
long size;
if ((fd = open(file, O_RDONLY)) < 0)
perror_msg_and_die("%s", file);
if (ioctl(fd, BLKGETSIZE, &size) >= 0) {
int sectors_per_page = pagesize / 512;
size /= sectors_per_page;
} else {
size = find_size(fd) / pagesize;
}
close(fd);
return size;
}
int mkswap_main(int argc, char **argv)
{
char *tmp;
struct stat statbuf;
int sz;
int maxpages;
int goodpages;
int offset;
int force = 0;
init_signature_page(); /* get pagesize */
while (argc-- > 1) {
argv++;
if (argv[0][0] != '-') {
if (device_name) {
int blocks_per_page = pagesize / 1024;
PAGES = strtol(argv[0], &tmp, 0) / blocks_per_page;
if (*tmp)
show_usage();
} else
device_name = argv[0];
} else {
switch (argv[0][1]) {
case 'c':
check = 1;
break;
case 'f':
force = 1;
break;
case 'v':
version = atoi(argv[0] + 2);
break;
default:
show_usage();
}
}
}
if (!device_name) {
error_msg("error: Nowhere to set up swap on?");
show_usage();
}
sz = get_size(device_name);
if (!PAGES) {
PAGES = sz;
} else if (PAGES > sz && !force) {
error_msg("error: size %ld is larger than device size %d",
PAGES * (pagesize / 1024), sz * (pagesize / 1024));
return EXIT_FAILURE;
}
if (version == -1) {
if (PAGES <= V0_MAX_PAGES)
version = 0;
else if (get_kernel_revision() < MAKE_VERSION(2, 1, 117))
version = 0;
else if (pagesize < 2048)
version = 0;
else
version = 1;
}
if (version != 0 && version != 1) {
error_msg("error: unknown version %d", version);
show_usage();
}
if (PAGES < 10) {
error_msg("error: swap area needs to be at least %ldkB",
(long) (10 * pagesize / 1024));
show_usage();
}
#if 0
maxpages = ((version == 0) ? V0_MAX_PAGES : V1_MAX_PAGES);
#else
if (!version)
maxpages = V0_MAX_PAGES;
else if (get_kernel_revision() >= MAKE_VERSION(2, 2, 1))
maxpages = V1_MAX_PAGES;
else {
maxpages = V1_OLD_MAX_PAGES;
if (maxpages > V1_MAX_PAGES)
maxpages = V1_MAX_PAGES;
}
#endif
if (PAGES > maxpages) {
PAGES = maxpages;
error_msg("warning: truncating swap area to %ldkB",
PAGES * pagesize / 1024);
}
DEV = open(device_name, O_RDWR);
if (DEV < 0 || fstat(DEV, &statbuf) < 0)
perror_msg_and_die("%s", device_name);
if (!S_ISBLK(statbuf.st_mode))
check = 0;
else if (statbuf.st_rdev == 0x0300 || statbuf.st_rdev == 0x0340)
error_msg_and_die("Will not try to make swapdevice on '%s'", device_name);
#ifdef __sparc__
if (!force && version == 0) {
/* Don't overwrite partition table unless forced */
unsigned char *buffer = (unsigned char *) signature_page;
unsigned short *q, sum;
if (read(DEV, buffer, 512) != 512)
error_msg_and_die("fatal: first page unreadable");
if (buffer[508] == 0xDA && buffer[509] == 0xBE) {
q = (unsigned short *) (buffer + 510);
for (sum = 0; q >= (unsigned short *) buffer;)
sum ^= *q--;
if (!sum) {
error_msg("Device '%s' contains a valid Sun disklabel./n"
"This probably means creating v0 swap would destroy your partition table/n"
"No swap created. If you really want to create swap v0 on that device, use/n"
"the -f option to force it.", device_name);
return EXIT_FAILURE;
}
}
}
#endif
if (version == 0 || check)
check_blocks();
if (version == 0 && !bit_test_and_clear(signature_page, 0))
error_msg_and_die("fatal: first page unreadable");
if (version == 1) {
p->version = version;
p->last_page = PAGES - 1;
p->nr_badpages = badpages;
}
goodpages = PAGES - badpages - 1;
if (goodpages <= 0)
error_msg_and_die("Unable to set up swap-space: unreadable");
printf("Setting up swapspace version %d, size = %ld bytes/n",
version, (long) (goodpages * pagesize));
write_signature((version == 0) ? "SWAP-SPACE" : "SWAPSPACE2");
offset = ((version == 0) ? 0 : 1024);
if (lseek(DEV, offset, SEEK_SET) != offset)
error_msg_and_die("unable to rewind swap-device");
if (write(DEV, (char *) signature_page + offset, pagesize - offset)
!= pagesize - offset)
error_msg_and_die("unable to write signature page");
/*
* A subsequent swapon() will fail if the signature
* is not actually on disk. (This is a kernel bug.)
*/
if (fsync(DEV))
error_msg_and_die("fsync failed");
return EXIT_SUCCESS;
}
----
----
----
----
----
----
----
----
----
----
----
Ray的生活博客: http://raywill.blog.sohu.com
----
----
----
----
----
----
----
----
----
----
----