[clug] Causing a kernel oops

[Damien Elmes]

Andrew Pollock <andrew-clug at andrew.net.au> writes:

> Hi,
>
> One of my colleagues was reading a security advisory about something that 
> caused a kernel oops, and asked what a kernel oops was.
>
> I seem to recall reading somewhere in the past (Bugtraq) about a test 
> kernel module you could insert into a kernel that would cause an oops. I 
> believe there's actually a system call or something to do it, but I don't 
> know the specifics, and I can't find a reference with Google (I drown in 
> bug reports no matter how I word my query).
>
> Does anyone more in the know with kernel internals than I either know how 
> to bang up a module that will cause a kernel oops, or know of the module 
> source I'm referring to?
>
> Just want to demonstrate an oops on my PC.

Put this in a file:

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>

int init_module(void)
{
  kfree(1);
  return 0;
}

Compile with:

gcc -D__KERNEL__ -Wall -Wstrict-prototypes -O2 -DMODULE -c hello.c

Insmod, and voila -

Unable to handle kernel paging request at virtual address 0053564f
 printing eip:
c013010c
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<c013010c>]    Tainted: PF
EFLAGS: 00010046
eax: c100001c   ebx: 00535643   ecx: 00000001   edx: 00000000
esi: 0203000c   edi: 00000000   ebp: cd96ff10   esp: cd96fedc
ds: 0018   es: 0018   ss: 0018
Process insmod.modutils (pid: 8113, stackpage=cd96f000)
Stack: 00000202 00000000 c012fa65 0203000c 00000001 ffffffea d094506d 00000001 
       ffffffff 000010c1 ffffffea 00000000 00000000 d0945000 c0118d48 d0945060 
       080739b8 00000090 00000000 080739c9 00145000 00000002 00000071 00000060 
Call Trace:    [<c012fa65>] [<d094506d>] [<c0118d48>] [<d0945060>] [<d0945060>]
  [<c010740f>]

Code: 8b 43 0c 29 c1 89 c8 f7 76 18 89 c1 8b 43 14 89 44 8b 18 8b 

Since I'm in X, I need to use dmesg to dump the output.

(ob. disclaimer about if your kernel explodes, etc ;-)

Cheers,
-- 
Damien Elmes