Unable to write in kernel memory via Linux kernel module (Ubuntu)

Question

Hey

I'm trying to overwrite certain pieces in kernel memory (Linux 2.6.31, Ubuntu 9.10) in a virtual machine (using VirtualBox) via a kernel module. Whenever I'm doing this I get this error

[27154.303726] BUG: unable to handle kernel paging request at 0xc05769bc

My code:

unsigned char *p = (unsigned char *) c05769bc;
p[1] = (addr & 0x000000ff);
p[2] = (addr & 0x0000ff00) >> 8;
p[3] = (addr & 0x00ff0000) >> 16;
p[4] = (addr & 0xff000000) >> 24;

The address is right and so is my write code. I'm just using a pointer to write into kernel memory. I was wondering why I get this message as the memory page of that address is definitely in memory.

Does this behaviour has anything to do with the virtual machine? Or do recent kernel have some kind of protection built in? I hope someone can give me some clue.

The problem seems related to Ubuntu, because the same code does not fail using Debian.

TIA!

Willem

Answer 1

ASLR maybe (Address Space Layout Randomisation) ?

It can be controlled by /proc/sys/kernel/randomize_va_space (echoing 0 into it should turn it off).

Answer 2

Recent kernels make their text section read-only - what is supposed to be living at the address that you're trying to poke?