Date: Sun, 10 May 2009 13:32:57 +0100 From: Ray Kinsella <raykinsella78@gmail.com> To: freebsd-hackers@freebsd.org Subject: contigmalloc & access protection failure Message-ID: <584ec6bb0905100532n36ae97b1rc5e6e31c23bdb44b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all,
I am trying to create a kernel panic with a memory access volition,
the memory I am allocating is physically contiguous and is 2 pages in size,
I then try to use vm_map_protect to set the access flags of the 2nd
page to disables writes,
vm_map_protect returns successful but when I write to the page no
access volition occurs, what am I missing?
My attempt in source code to create the volition is below.
Also a question about the FreeBSD memory manager,
I am a bit confused, I read the source code of the vm_map_protect
function and I see it sets the protection on a vm_map_entry_t,
my expectation was protection would be set on vm_page_t, my
understanding was this:-
each vm_map_t contains 1 or more vm_map_entry_t
each vm_map_entry_t contains 1 vm_object_t
each vm_object_t contains 1 or more vm_page_t
so does this mean that because protection is getting set at vm_map_entry,
am I actually protecting more than one page of memory?
Thanks
Ray Kinsella
--------------------------------------------- cut here
---------------------------------------------
#include <sys/param.h>
#include <sys/module.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/types.h>
#include <sys/malloc.h>
#include <sys/pcpu.h>
#include <sys/proc.h>
#include <vm/vm.h>
#include <vm/vm_page.h>
#include <vm/vm_map.h>
#include <vm/vm_kern.h>
vm_offset_t palloc_wr;
vm_offset_t palloc_r;
void _alloc(void);
void _free(void);
void _alloc(void)
{
=A0=A0=A0 uint32_t retval =3D 0;
=A0=A0=A0=A0 =A0=A0=A0 palloc_wr =3D (vm_offset_t) contigmalloc(2 * PAGE_SI=
ZE,
=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 M_DEVBUF, 0, 0, (1L << 31),
=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 4096, 1024 * 1024);
=A0=A0=A0 printf("contigmalloc : 0x%.08x\n", palloc_wr);
=A0=A0=A0 palloc_r =3D palloc_wr + PAGE_SIZE;
=A0=A0=A0 //kernel_map
=A0=A0=A0 retval =3D vm_map_protect(&curthread->td_proc->p_vmspace->vm_map
=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 , palloc_r, palloc_r + PAGE_SIZE,
=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 VM_PROT_ALL, 0);
=A0=A0=A0 printf("vm_map_protect : %d\n", retval);
=A0=A0=A0 memset((void *)palloc_r,0xFF, PAGE_SIZE);
}
void _free(void)
{
=A0=A0=A0 contigfree((void *) palloc_wr, 2 * PAGE_SIZE, M_DEVBUF);
}
/* The function called at load/unload. */
static int event_handler(struct module *module, int event, void *arg) {
=A0=A0=A0=A0=A0=A0=A0 int e =3D 0; /* Error, 0 for normal return status */
=A0=A0=A0=A0=A0=A0=A0 switch (event) {
=A0=A0=A0=A0=A0=A0=A0 case MOD_LOAD:
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 _alloc();
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 break;
=A0=A0=A0=A0=A0=A0=A0 case MOD_UNLOAD:
=A0=A0=A0 =A0=A0=A0 _free();
=A0=A0=A0 =A0=A0=A0 break;
=A0=A0=A0=A0=A0=A0=A0 default:
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 e =3D EOPNOTSUPP; /* Error, O=
peration Not Supported */
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 break;
=A0=A0=A0=A0=A0=A0=A0 }
=A0=A0=A0=A0=A0=A0=A0 return(e);
}
/* The second argument of DECLARE_MODULE. */
static moduledata_t mod_conf =3D {
=A0=A0=A0 "mod",=A0=A0=A0 /* module name */
=A0=A0=A0=A0 event_handler,=A0 /* event handler */
=A0=A0=A0=A0 NULL=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 /* extra data */
};
DECLARE_MODULE(mod, mod_conf, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?584ec6bb0905100532n36ae97b1rc5e6e31c23bdb44b>