I'm trying to overwrite certain pieces in kernel memory (Linux 2.6.31, Ubuntu 9.10) in a virtual machine (using VirtualBox) via a kernel module. Whenever I'm doing this I get this error
[27154.303726] BUG: unable to handle kernel paging request at 0xc05769bc
My code:
unsigned char *p = (unsigned char *) c05769bc;
p[1] = (addr & 0x000000ff);
p[2] = (addr & 0x0000ff00) >> 8;
p[3] = (addr & 0x00ff0000) >> 16;
p[4] = (addr & 0xff000000) >> 24;
The address is right and so is my write code. I'm just using a pointer to write into kernel memory. I was wondering why I get this message as the memory page of that address is definitely in memory.
Does this behaviour has anything to do with the virtual machine? Or do recent kernel have some kind of protection built in? I hope someone can give me 开发者_JS百科some clue.
The problem seems related to Ubuntu, because the same code does not fail using Debian.
TIA!
Willem
ASLR maybe (Address Space Layout Randomisation) ?
It can be controlled by /proc/sys/kernel/randomize_va_space
(echoing 0 into it should turn it off).
Recent kernels make their text section read-only - what is supposed to be living at the address that you're trying to poke?
精彩评论