Hi,
On Mon, Feb 18, 2019 at 01:51:58PM +0100, Mark Kettenis wrote:
>
> I suspect the direct map has to work for things like GDB's "target
> kvm" to work. Otherwise inspecting the contents of some of the memory
> pools will fail.
sounds plausible.
> You seem to imply that you can crash the kernel by just reading some
> random memory address. That surprises me somewhat, even though I
> think I managed to do exactly that not too long ago. In principle the
> data is read using kcopy(9), which should recover and return an error
> if we get a fault. Makes me wonder if somehow the trap handling is
> subtly broken on amd64. Do you have more details on how you triggered
> the kernel crash?
I do this:
ha-gs61# dd if=/dev/kmem of=/dev/null bs=1M count=1 skip=1801439743574
kernel: protection fault trap, code=0
Stopped at copyout+0x53: repe movsq (%rsi),%es:(%rdi)
ddb{3}>
Note that the accessed address is 0x1a36e2d0e5600000 which is
non-conforming (or was it non-cannonical?) as it lies whithin the VA hole.
Take care,
HJ.
