RE: Unable to change the content of memory usingcrash on a live system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On the other hand, there's nothing to prevent the
ambitious developer from writing their own 
/dev/crash driver that *does* have a write operation
in it, is there?

  -- David Wright, Egenera, Inc. 

> -----Original Message-----
> From: crash-utility-bounces@xxxxxxxxxx 
> [mailto:crash-utility-bounces@xxxxxxxxxx] On Behalf Of Dave Anderson
> Sent: Thursday, March 06, 2008 9:37 AM
> To: Discussion list for crash utility usage,maintenance and 
> development
> Subject: Re:  Unable to change the content of 
> memory usingcrash on a live system
> 
> Dheeraj Sangamkar wrote:
> > I use crash 4.0-3.9 on a live 2.6.9-55 kernel on i386/i686 as root.
> > 
> > crash> ls -l /dev/crash
> > crw-------  1 root root 10, 61 Mar  5 21:57 /dev/crash
> > crash> ls -l /dev/mem
> > crw-r-----  1 root kmem 1, 1 Mar  5 16:49 /dev/mem
> > crash> q
> > [root@linux17081 ~]# ls -l /dev/crash /dev/mem
> > ls: /dev/crash: No such file or directory
> > crw-r-----  1 root kmem 1, 1 Mar  5 16:49 /dev/mem
> > [root@linux17081 ~]# id
> > uid=0(root) gid=0(root) 
> > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > 
> > So, the /dev/crash file has write permission for me. The
> > 
> > I am attempting to change the content of some memory.
> > 
> > crash> struct request_queue 0xf7b933f8
> > struct request_queue {
> >   queue_head = {
> > <SNIP>
> > ...
> > }
> > 
> > crash> struct -o request_queue | grep in_flight
> >   [476] unsigned int in_flight;
> > crash> eval 0xf7b933f8 + 476
> > hexadecimal: f7b935d4
> >     decimal: 4156110292  (-138857004)
> >       octal: 36756232724
> >      binary: 11110111101110010011010111010100
> > crash> rd f7b935d4
> > f7b935d4:  fffffff1                              ....
> > crash> wr f7b935d4 0
> > wr: cannot write to /dev/crash!
> > 
> > I get the error above even if I change the ownership of 
> /dev/kmem to 
> > root:root
> > crash> ls -l /dev/mem
> > crw-r-----  1 root root 1, 1 Mar  5 16:49 /dev/mem
> > 
> > Am I doing something wrong? How do I change the content of 
> memory on a 
> > live system using crash?
> 
> With Red Hat x86 and x86_64 kernels, you can't.
> 
> I feel your pain...
> 
> The crash utility traditionally has had the capability of writing
> to /dev/mem, which can be a very useful, powerful (and dangerous)
> tool for kernel debugging.
> 
> But Red Hat deemed the /dev/mem interface as a security hole,
> and restricted the x86 and x86_64 /dev/mem drivers to just
> the first 256 pages (1MB) of physical memory, making it useless
> for the crash utility.  They allowed me to create the /dev/crash
> driver to replace it -- but it is effectively read-only because
> the driver has no write file operations handler:
> 
>    static struct file_operations crash_fops = {
>            owner:          THIS_MODULE,
>            llseek:         crash_llseek,
>            read:           crash_read,
>    };
> 
> and so the kernel's vfs_write() returns EINVAL.
> 
> Changing the permission of /dev/mem won't help because it
> isn't used by the crash utility when /dev/crash exists.
> 
> Sorry about that,
>    Dave
> 
> 
> --
> Crash-utility mailing list
> Crash-utility@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/crash-utility
> 

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility

[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux