如何在不崩溃Linux内核的情况下访问mmaped/dev/mem? [英] How to access mmaped /dev/mem without crashing the Linux kernel?
问题描述
我有一个简单的程序,试图访问用户空间中的物理内存,内核在其中存储了第一个struct页面.在64位计算机上,该地址为:
I have a simple program that tries to access the physical memory in user space, where the kernel stores the 1st struct page. On a 64 bit machine this address is:
- 内核虚拟地址:ffffea0000000000
- 物理地址:0000620000000000
我正在尝试通过用户空间中的mmap访问此物理地址.但是以下代码使内核崩溃.
I am trying to access this physical address through mmap in user space. But the following code crashes the kernel.
int *addr;
if ((fd = open("/dev/mem", O_RDWR|O_SYNC)) < 0 ) {
printf("Error opening file. \n");
close(fd);
return (-1);
}
/* mmap. address of first struct page for 64 bit architectures
* is 0x0000620000000000.
*/
addr = (int *)mmap(0, num*STRUCT_PAGE_SIZE, PROT_READ, MAP_PRIVATE,
fd, 0x0000620000000000);
printf("addr: %p \n",addr);
printf("addr: %d \n",*addr); /* CRASH. */
推荐答案
我认为我已经找到了问题-与x86上的/dev/mem内存映射保护有关.
I think I've found the issue -- it's to do with /dev/mem memory mapping protection on the x86.
请参阅此LWN文章: "x86:通过配置选项引入/dev/mem限制" http://lwn.net/Articles/267427/
Pl refer to this LWN article: "x86: introduce /dev/mem restrictions with a config option" http://lwn.net/Articles/267427/
CONFIG_NONPROMISC_DEVMEM
CONFIG_NONPROMISC_DEVMEM
现在(我在最近的3.2.21内核上对此进行了测试),config选项似乎称为CONFIG_STRICT_DEVMEM.
Now (i tested this on a recent 3.2.21 kernel), the config option seems to be called CONFIG_STRICT_DEVMEM.
我更改了内核配置:
$ grep DEVMEM .config
# CONFIG_STRICT_DEVMEM is not set
$
当上述prg与 previous 内核一起运行时,并设置了CONFIG_STRICT_DEVMEM: dmesg显示:
When the above prg was run with the previous kernel, with CONFIG_STRICT_DEVMEM SET: dmesg shows:
[29537.565599] Program a.out tried to access /dev/mem between 1000000->1001000.
[29537.565663] a.out[13575]: segfault at ffffffff ip 080485bd sp bfb8d640 error 4 in a.out[8048000+1000]
这是由于内核保护.
当重建内核(使用CONFIG_STRICT_DEVMEM UNSET )并运行上述prg时:
When the kernel was rebuilt (with the CONFIG_STRICT_DEVMEM UNSET) and the above prg was run :
# ./a.out
mmap failed: Invalid argument
#
这是因为'offset'参数> 1 MB(在x86上无效)(当时为16MB).
This is because the 'offset' parameter is > 1 MB (invalid on x86) (it was 16MB).
使mmap偏移量在1 MB以内:
After making the mmap offset to be within 1 MB:
# ./a.out
addr: 0xb7758000
*addr: 138293760
#
有效! 有关详细信息,请参见上面的LWN文章.
It works! See the above LWN article for details.
在具有PAT支持(页面属性表)的x86架构上,内核仍然阻止DRAM区域的映射. 内核源代码是:
On x86 architectures with PAT support (Page Attribute Table), the kernel still prevents the mapping of DRAM regions. The reason for this as mentioned in the kernel source is:
This check is nedded to avoid cache aliasing when PAT is enabled
此检查将导致与上述错误类似的错误.例如:
This check will cause a similar error to the one mentioned above. For example:
Program a.out tried to access /dev/mem between [mem 68200000-68201000].
可以通过禁用PAT来消除此限制.可以通过在启动时向内核命令行添加"nopat"参数来禁用PAT.
This restriction can be removed by disabling PAT. PAT can be disabled by adding the "nopat" argument to the kernel command line at boot time.
这篇关于如何在不崩溃Linux内核的情况下访问mmaped/dev/mem?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!