[Crash-utility] [PATCH] Enable writing to kernel memory through "/dev/crash"

Dave Anderson anderson at redhat.com
Mon Jan 7 15:16:53 UTC 2019 


----- Original Message -----
> From: Serapheim Dimitropoulos <serapheim at delphix.com>
> 
> Enable writing to kernel memory thorugh the "/dev/crash" 
> driver.

Queued for crash-7.2.5:

  https://github.com/crash-utility/crash/commit/dfea9e3bd3796147f2938359ec28959f68e15d58

Thanks,
  Dave

  
> 
> Signed-off-by: Serapheim Dimitropoulos <serapheim at delphix.com>
> ---
>  memory_driver/crash.c | 41 ++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 40 insertions(+), 1 deletion(-)
> 
> diff --git a/memory_driver/crash.c b/memory_driver/crash.c
> index 2b1ea3d..b57b211 100644
> --- a/memory_driver/crash.c
> +++ b/memory_driver/crash.c
> @@ -3,6 +3,7 @@
>   *
>   *  Copyright (C) 2004, 2011, 2016  Dave Anderson <anderson at redhat.com>
>   *  Copyright (C) 2004, 2011, 2016  Red Hat, Inc.
> + *  Copyright (C) 2019 Serapheim Dimitropoulos <serapheim at delphix.com>
>   */
> 
>  /******************************************************************************
> @@ -137,7 +138,7 @@ static inline void unmap_virtual(struct page *page)
>  #endif
> 
> 
> -#define CRASH_VERSION   "1.3"
> +#define CRASH_VERSION   "1.4"
> 
>  /*
>   *  These are the file operation functions that allow crash utility
> @@ -159,6 +160,43 @@ crash_llseek(struct file * file, loff_t offset, int
> orig)
>         }
>  }
> 
> +static ssize_t
> +crash_write(struct file *file, const char *buf, size_t count, loff_t *poff)
> +{
> +       void *vaddr;
> +       struct page *page;
> +       u64 offset;
> +       ssize_t written;
> +       char *buffer = file->private_data;
> +
> +       offset = *poff;
> +       if (offset >> PAGE_SHIFT != (offset+count-1) >> PAGE_SHIFT)
> +               return -EINVAL;
> +
> +       vaddr = map_virtual(offset, &page);
> +       if (!vaddr)
> +               return -EFAULT;
> +
> +       /*
> +        * Use bounce buffer to bypass the CONFIG_HARDENED_USERCOPY
> +        * kernel text restriction.
> +        */
> +       if (copy_from_user(buffer, buf, count)) {
> +               unmap_virtual(page);
> +               return -EFAULT;
> +       }
> +
> +       if (probe_kernel_write(vaddr, buffer, count)) {
> +               unmap_virtual(page);
> +               return -EFAULT;
> +       }
> +       unmap_virtual(page);
> +
> +       written = count;
> +       *poff += written;
> +       return written;
> +}
> +
>  /*
>   *  Determine the page address for an address offset value,
>   *  get a virtual address for it, and copy it out.
> @@ -256,6 +294,7 @@ static struct file_operations crash_fops = {
>         .owner = THIS_MODULE,
>         .llseek = crash_llseek,
>         .read = crash_read,
> +       .write = crash_write,
>         .unlocked_ioctl = crash_ioctl,
>         .open = crash_open,
>         .release = crash_release,
> --
> 2.19.0
> 
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>

More information about the Crash-utility mailing list