On the other hand, there's nothing to prevent the ambitious developer from writing their own /dev/crash driver that *does* have a write operation in it, is there? -- David Wright, Egenera, Inc. > -----Original Message----- > From: crash-utility-bounces@xxxxxxxxxx > [mailto:crash-utility-bounces@xxxxxxxxxx] On Behalf Of Dave Anderson > Sent: Thursday, March 06, 2008 9:37 AM > To: Discussion list for crash utility usage,maintenance and > development > Subject: Re: Unable to change the content of > memory usingcrash on a live system > > Dheeraj Sangamkar wrote: > > I use crash 4.0-3.9 on a live 2.6.9-55 kernel on i386/i686 as root. > > > > crash> ls -l /dev/crash > > crw------- 1 root root 10, 61 Mar 5 21:57 /dev/crash > > crash> ls -l /dev/mem > > crw-r----- 1 root kmem 1, 1 Mar 5 16:49 /dev/mem > > crash> q > > [root@linux17081 ~]# ls -l /dev/crash /dev/mem > > ls: /dev/crash: No such file or directory > > crw-r----- 1 root kmem 1, 1 Mar 5 16:49 /dev/mem > > [root@linux17081 ~]# id > > uid=0(root) gid=0(root) > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > > > > So, the /dev/crash file has write permission for me. The > > > > I am attempting to change the content of some memory. > > > > crash> struct request_queue 0xf7b933f8 > > struct request_queue { > > queue_head = { > > <SNIP> > > ... > > } > > > > crash> struct -o request_queue | grep in_flight > > [476] unsigned int in_flight; > > crash> eval 0xf7b933f8 + 476 > > hexadecimal: f7b935d4 > > decimal: 4156110292 (-138857004) > > octal: 36756232724 > > binary: 11110111101110010011010111010100 > > crash> rd f7b935d4 > > f7b935d4: fffffff1 .... > > crash> wr f7b935d4 0 > > wr: cannot write to /dev/crash! > > > > I get the error above even if I change the ownership of > /dev/kmem to > > root:root > > crash> ls -l /dev/mem > > crw-r----- 1 root root 1, 1 Mar 5 16:49 /dev/mem > > > > Am I doing something wrong? How do I change the content of > memory on a > > live system using crash? > > With Red Hat x86 and x86_64 kernels, you can't. > > I feel your pain... > > The crash utility traditionally has had the capability of writing > to /dev/mem, which can be a very useful, powerful (and dangerous) > tool for kernel debugging. > > But Red Hat deemed the /dev/mem interface as a security hole, > and restricted the x86 and x86_64 /dev/mem drivers to just > the first 256 pages (1MB) of physical memory, making it useless > for the crash utility. They allowed me to create the /dev/crash > driver to replace it -- but it is effectively read-only because > the driver has no write file operations handler: > > static struct file_operations crash_fops = { > owner: THIS_MODULE, > llseek: crash_llseek, > read: crash_read, > }; > > and so the kernel's vfs_write() returns EINVAL. > > Changing the permission of /dev/mem won't help because it > isn't used by the crash utility when /dev/crash exists. > > Sorry about that, > Dave > > > -- > Crash-utility mailing list > Crash-utility@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/crash-utility > -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
