Quantcast
Channel: Active questions tagged linux-kernel - Stack Overflow
Viewing all articles
Browse latest Browse all 12244

How to write to protected pages in the Linux kernel?

October 23, 2019, 5:53 pm
$
0
0

I am trying to add a syscall in a module. My rationale is:

  1. This is for a research project, so the exact implementation does not matter.
  2. Adding syscalls in the kernel-core takes a prohibitively long time to re-compile. I can suck up compiling once with an expanded syscall table, but not every time. Even with incremental compiling, linking and archiving the final binary takes a long time.
  3. Since the project is timing sensitive, using kprobes to intercept the syscall handler would slow down the syscall handler.

I am still open to other means of adding a syscall, but for the above reasons, I think that writing to the sys_call_table in a module is the cleanest way to do what I am trying to do.

I've gotten the address of the syscall table from the System.map, disabled kaslr, and I am trying to clear the page protections, but some write-protection is still holding me back.

// following https://web.iiit.ac.in/~arjun.nath/random_notes/modifying_sys_call.html

// clear cr0 write protection
write_cr0 (read_cr0 () & (~ 0x10000));

// clear page write protection
sys_call_table_page = virt_to_page(&sys_call_table[__NR_execves]);
set_pages_rw(sys_call_table_page, 1);

// do write
sys_call_table[__NR_execves] = sys_execves;

However, I'm still getting a permission error, but I don't know the mechanism by which it is enforced:

[   11.145647] ------------[ cut here ]------------
[   11.148893] CR0 WP bit went missing!?
[   11.151539] WARNING: CPU: 0 PID: 749 at arch/x86/kernel/cpu/common.c:386 native_write_cr0+0x3e/0x70
...
Here was a call trace pointing to the write of sys_call_table
...
[   11.332825] ---[ end trace c20c95651874c08b ]---
[   11.336056] CPA  protect  Rodata RO: 0xffff888002804000 - 0xffff888002804fff PFN 2804 req 8000000000000063 prevent 0000000000000002
[   11.343934] CPA  protect  Rodata RO: 0xffffffff82804000 - 0xffffffff82804fff PFN 2804 req 8000000000000163 prevent 0000000000000002
[   11.351720] BUG: unable to handle page fault for address: ffffffff828040e0
[   11.356418] #PF: supervisor write access in kernel mode
[   11.359908] #PF: error_code(0x0003) - permissions violation
[   11.363665] PGD 3010067 P4D 3010067 PUD 3011063 PMD 31e29063 PTE 8000000002804161
[   11.368701] Oops: 0003 [#1] SMP KASAN PTI

full dmesg

Any guesses on how to disable it?

Search
Viewing all articles
Browse latest Browse all 12244

Trending Articles

ZARIA CUMMINGS

February 20, 2017, 7:44 pm

Transformation of Sentence for HSC Students

October 1, 2019, 10:30 pm

Missing man, Sheppard Avenue East and Birchmount Road area, Nadim Patel, 30

April 25, 2017, 8:07 am

Wanted Gloucester man Jamal Tyne arrested and returned to prison

April 3, 2014, 8:01 am

MAJOR LEAGUE SOCCER (MLS) 2020 FONT (TTF & OTF)

February 13, 2020, 4:15 am

Moondru Mudichu 27-05-2016 – Polimer tv Serial

May 27, 2016, 9:18 am

Conman Liam Hawkins from Hayle defrauded elderly and vulnerable...

April 19, 2017, 4:32 am

[Album] 中森明菜 – Akina Box 1982-1991 (2020.12.09/Hi-Res FLAC/RAR)

February 14, 2021, 10:59 pm

Police arrest and charge wanted man Ryan Griffin

October 8, 2019, 11:51 pm

Telangana Ration Shop Key Register Download

July 31, 2016, 8:15 pm

Hugh Jackman & Sutton Foster Plan To Adopt Baby To Seal Relationship: REPORT

June 22, 2025, 8:27 am

Black Angus Grilled Artichokes

July 16, 2016, 4:37 pm

BREAKING NEWS: Early success in Chinn appeal bid

January 17, 2012, 6:07 am

Betrayer - 04 (2004)

October 24, 2014, 1:29 am

Download: Don X ft Mr Chunde & Juvic – Vaboyo (Prod By Drip)

March 6, 2019, 2:49 am

At the end of an episode of television show parking wars it says in memory of...

July 25, 2011, 7:33 pm

Jina la mtoto wa kike linaloanza na herufi "G"

August 14, 2017, 1:31 pm

TO: TIA PARMETER AND CORY GROU...

February 27, 2015, 5:30 pm

Mag – Curriculum 1ª parte

April 3, 2010, 4:53 pm

Lil Durk – Deep Thoughts [iTunes Plus M4A + M4V]

March 27, 2025, 2:16 pm
Search