Hi While trying to debug a kernel driver, I was using dtrace to try and write to kernel memory. I was trying to change the return result/parameter of a function call. No luck. I see that copyout can be used to write to userspace memory. I see that there are some ways to write to userspace registers. But nothing for writing to kernel memory. The documentation seems to have only one sentence that implies writes to kernel memory is not allowed. The new dtrace book does not say anything regarding this topic. So, the question I ask to the mailing list - is writing to kernel memory allowed in dtrace or not? If so, anybody got a sample ? thanks wr -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20110915/954f4a39/attachment.html>
Katsunori FUJIWARA
2011-Sep-15 16:37 UTC
[dtrace-discuss] destructive dtrace & kernel code
Hi, William # Sorry for un-related/un-linked reply posting, # because I joined the list after your post> So, the question I ask to the mailing list - > > is writing to kernel memory allowed in dtrace or not?As far as I know, DTrace script can not modify any data in kernel memory space. So, once I wrote the patch to allow DTrace script to do so. Please refer "unlimited.patch" at my bitbucket repository shown below, If you do not have any problems to replace library/kernel-module for DTrace on your target system by patched ones. https://bitbucket.org/foozy/unlimited-dtrace/src Sorry, there is only a document in Japanese for my patch, but I''ll write minimum document in English, if you are interested in it. -- ---------------------------------------------------------------------- FUJIWARA Katsunori(flying.foozy at gmail.com)
Hi William, DTrace contains no such facility. While such a feature might be useful for kernel debugging, we decided that it presented too grave a risk. The DTrace motto is first do no harm -- it must always be safe to use in production. While destructive actions do -- as their name states -- afford users an opportunity to modify the system, they do so in a constrained way. The ability to modify kernel memory would afford the user an unbounded opportunity for destruction, data corruption, and subtle mayhem. Adam On Thu, Sep 15, 2011 at 5:31 AM, William Reich <reich at ulticom.com> wrote:> Hi > > > > While trying to debug a kernel driver, > > ?I was using dtrace to try and write to kernel memory. > > I was trying to change the return result/parameter of a function call. > > No luck. > > > > I see that copyout can be used to write to userspace memory. > > I see that there are some ways to write to userspace registers. > > > > But nothing for writing to kernel memory. > > > > The documentation seems to have only one sentence that implies writes to > kernel memory is not allowed. > > The new dtrace book does not say anything regarding this topic. > > > > So, the question I ask to the mailing list ? > > is writing to kernel memory allowed in dtrace or not? > > > > If so, anybody got a sample ? > > > > thanks > > > > wr > > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org >-- Adam Leventhal, Delphix http://dtrace.org/blogs/ahl 275 Middlefield Road, Suite 50 Menlo Park, CA 94025 http://www.delphix.com
You can however use ''dtrace -w'' to establish complex condition filters, and then call breakpoint() - and proceed into mayhem via kmdb. -Chris NOTE: If you did not boot with kmdb enabled, you may need to run ''mdb -K'' and '':c'' before running ''dtrace -w''. -Chris> Hi William, > > DTrace contains no such facility. While such a feature might be useful > for kernel debugging, we decided that it presented too grave a risk. > The DTrace motto is first do no harm -- it must always be safe to use > in production. While destructive actions do -- as their name states -- > afford users an opportunity to modify the system, they do so in a > constrained way. The ability to modify kernel memory would afford the > user an unbounded opportunity for destruction, data corruption, and > subtle mayhem. > > Adam > > On Thu, Sep 15, 2011 at 5:31 AM, William Reich<reich at ulticom.com> wrote: > >> Hi >> >> >> >> While trying to debug a kernel driver, >> >> I was using dtrace to try and write to kernel memory. >> >> I was trying to change the return result/parameter of a function call. >> >> No luck. >> >> >> >> I see that copyout can be used to write to userspace memory. >> >> I see that there are some ways to write to userspace registers. >> >> >> >> But nothing for writing to kernel memory. >> >> >> >> The documentation seems to have only one sentence that implies writes to >> kernel memory is not allowed. >> >> The new dtrace book does not say anything regarding this topic. >> >> >> >> So, the question I ask to the mailing list ? >> >> is writing to kernel memory allowed in dtrace or not? >> >> >> >> If so, anybody got a sample ? >> >> >> >> thanks >> >> >> >> wr >> >> _______________________________________________ >> dtrace-discuss mailing list >> dtrace-discuss at opensolaris.org >> >> > > >