destructive dtrace & kernel code

Discussion:

William Reich

2011-09-15 12:31:16 UTC

Hi

While trying to debug a kernel driver,

I was using dtrace to try and write to kernel memory.

I was trying to change the return result/parameter of a function call.

No luck.

I see that copyout can be used to write to userspace memory.

I see that there are some ways to write to userspace registers.

But nothing for writing to kernel memory.

The documentation seems to have only one sentence that implies writes to
kernel memory is not allowed.

The new dtrace book does not say anything regarding this topic.

So, the question I ask to the mailing list -

is writing to kernel memory allowed in dtrace or not?

If so, anybody got a sample ?

thanks

wr

Katsunori FUJIWARA

2011-09-15 16:37:12 UTC

Permalink

Hi, William

# Sorry for un-related/un-linked reply posting,
# because I joined the list after your post

Post by William Reich
So, the question I ask to the mailing list -
is writing to kernel memory allowed in dtrace or not?

As far as I know, DTrace script can not modify any data
in kernel memory space.

So, once I wrote the patch to allow DTrace script to do so.

Please refer "unlimited.patch" at my bitbucket repository shown below,
If you do not have any problems to replace library/kernel-module for DTrace
on your target system by patched ones.

https://bitbucket.org/foozy/unlimited-dtrace/src

Sorry, there is only a document in Japanese for my patch,
but I'll write minimum document in English, if you are interested in it.

--
----------------------------------------------------------------------
FUJIWARA Katsunori(flying.foozy-***@public.gmane.org)

Adam Leventhal

2011-09-15 16:53:46 UTC

Permalink

Hi William,

DTrace contains no such facility. While such a feature might be useful
for kernel debugging, we decided that it presented too grave a risk.
The DTrace motto is first do no harm -- it must always be safe to use
in production. While destructive actions do -- as their name states --
afford users an opportunity to modify the system, they do so in a
constrained way. The ability to modify kernel memory would afford the
user an unbounded opportunity for destruction, data corruption, and
subtle mayhem.

Adam

Post by William Reich
Hi
While trying to debug a kernel driver,
I was using dtrace to try and write to kernel memory.
I was trying to change the return result/parameter of a function call.
No luck.
I see that copyout can be used to write to userspace memory.
I see that there are some ways to write to userspace registers.
But nothing for writing to kernel memory.
The documentation seems to have only one sentence that implies writes to
kernel memory is not allowed.
The new dtrace book does not say anything regarding this topic.
So, the question I ask to the mailing list –
is writing to kernel memory allowed in dtrace or not?
If so, anybody got a sample ?
thanks
wr
_______________________________________________
dtrace-discuss mailing list

--
Adam Leventhal, Delphix
http://dtrace.org/blogs/ahl

275 Middlefield Road, Suite 50
Menlo Park, CA 94025
http://www.delphix.com

Chris Horne

2011-09-15 17:36:45 UTC

Permalink

You can however use 'dtrace -w' to establish complex condition
filters, and then call breakpoint() - and proceed into mayhem
via kmdb.

-Chris

NOTE: If you did not boot with kmdb enabled, you may need to
run 'mdb -K' and ':c' before running 'dtrace -w'.

-Chris

Post by Adam Leventhal
Hi William,
DTrace contains no such facility. While such a feature might be useful
for kernel debugging, we decided that it presented too grave a risk.
The DTrace motto is first do no harm -- it must always be safe to use
in production. While destructive actions do -- as their name states --
afford users an opportunity to modify the system, they do so in a
constrained way. The ability to modify kernel memory would afford the
user an unbounded opportunity for destruction, data corruption, and
subtle mayhem.
Adam