7

I am writing a kernel module that is to be called by process p1 to overwrite a data page that belongs to a target process p2.

First, inside the kernel module and while responding to a write event to proc file system issued by p1. I used the process id of the target process (p2) to search for the latter's task struct (p2_task).

To search for the particular page I used get_user_pages(), obviously calling it on (p2_task->mm). I then called kmap() on the page returned by the previous function. Once I got the pointer I used the typical memory functions (memset()) to write to that memory. Finally called kunmap().

However, once the process starts running again I can see that what I did had no effect on the target process p2.

I am not sure what I did wrong. Can anyone help?

I suspect that somehow you can not write to memory belongs to process p2 while responding to a request coming from p2. Since here we are in a different context.

Is this true, if not what else I can check. If it is the problem, is there anyways I can get around that?

feeling_lonely
  • 6,665
  • 4
  • 27
  • 53
  • 1
    My understanding that `kmap()` returns a virtual address (in low mem) for a physical page. That is if the physical page already has a kernel-space virtual address `kmap()` returns it. Otherwise, it remaps the same physical page to a kernel-space virtual address and then returns this new virtual address. So, no new physical page is needed. Also note, that the new virtual address is created within the kernel space not within p2. – feeling_lonely Feb 02 '13 at 10:52
  • everything is done from within the kernel space. – feeling_lonely Feb 04 '13 at 07:29
  • Sorry, I thought you wanted p1 to over-write p2. I see now, you only mention p1 to say it was called from a different user context. See http://makelinux.net/ldd3/chp-15-sect-3, which is doing what you have outlined above. The only difference I see is grab/release mmap_sem and call SetPageDirty(). – artless noise Feb 06 '13 at 14:30
  • How do you release allocated via `get_user_pages` pages after `kunmap`? – Ilya Matveychikov Apr 10 '13 at 21:26
  • I am facing the same issue. Were you able to find a solution to this problem? – S. Salman Jan 13 '17 at 09:16

2 Answers2

0

Maybe the page you are trying to write to is read only? On Intel architecture you can set write protect, see http://badishi.com/kernel-writing-to-read-only-memory/

zoska
  • 1,684
  • 11
  • 23
0

Sounds like a TLB issue to me, whereby p2 has the virtual address of the data cached in hardware. Has p2 previously read/written the page in it's address space before p1 changes the value?

Try invoking this in p1 after you change the value: flush_tlb_page(struct vm_area_struct * vma, unsigned long address)

Brian Kocoloski
  • 61
  • 4