set_memory_* functions in Linux Kernel >=2.6.25

Question

Hi, I'm doing research about rootkits and I have received a lot of warnings like`

"BUG: unable to handle kernel paging request at [addr]"

when I tried to attach my own function to sys_call_table[__NR_read], for example.

In kernels <=2.6.25, function change_page_attr() helped with changing page attributes of a certain address. However, in new kernels >=2.6.28, this function is deprecated and is replaced with set_memory_* functions, related to PAT.

The Linux kernel documentation is not clear about PAT functions usage; I have used set_memory_wc() & set_memory_uc() to change the sys_call_table permissions but I continue receiving the same BUG. That functions I guess are replacing the old change_page_attr().

I saw one example in i915 module, and I have used functions in same way, but the BUG continues.

Any help about it? Am I handling in wrong way kernel addresses?

Answer 1

I have the same problem. Anyone solved this problem?

Answer 2

I've tested with 2.6.26 and 2.6.30 debian kernel specific.

for 2.6.26 set_memory_wc and restoring with set_memory_wb works.

2.6.30 doesn't work if there's CONFIG_DEBUG_RODATA in Kernel Hacking ( I think ). Haven't had the time to actually recompile, but I've tested with a custom kernel which doesn't have that.

in 2.6.30 set_memory_rw and set_memory_ro are exported as well.

Hope this helps.