Accessing /dev/kmem on x86_64 (2.6.5)
From: Josef Moellers (josef.moellers_at_fujitsu-siemens.com)
Date: Fri, 14 Oct 2005 14:18:44 +0200
I've read some of the discussion about the security problems concerning
/dev/kmem. I need it but can't even read from it, let alone write to it.
I'd like to plant an invalid instruction (ud2, code 0xf 0xb) in some
part of kernel code (the nmi handler) and cause a crash dump to be
written (that rules out using /proc/kcore, as it is read-only!)
However, although I correctly lseek to an address obtained from
searching /proc/kallsyms (lseek does indeed return that address), read()
always returns 0 when I access an address in kernel virtual space!
To read it, I
(devmem is /dev/kmem, caddr is "high_memory" == 0xffffffff80523cb8)
fd = open(devmem, O_RDONLY);
lseek(mem, caddr, SEEK_SET);
read(mem, buffer, thisturn);
Am I missing something?
When I read an address in the process' address space (e.g. 0x400000), I
00400000: 7f 45 4c 46 |.ELF|
-- Josef Möllers (Pinguinpfleger bei FSC) If failure had no penalty success would not be a prize -- T. Pratchett