Calling function from address

Calling function from address

[Micha M.]

Hi!


Is it possible to call a function that is somewere in the physical-address
space? So I'd like to jump to a certain physical address, execute the code
there and then return to my kernel module. 
I already tried to ioremap that address and cast the new address to a
funtion pointer and then call the function, but there where some page
faults.


Regards

#micha

-- 
/* To err is human; to really fuck things up requires the root password */

Calling function from address

[Jeff Haran]

> -----Original Message-----
> From: kernelnewbies-bounces at kernelnewbies.org [mailto:kernelnewbies-
> bounces at kernelnewbies.org] On Behalf Of Micha M.
> Sent: Tuesday, June 07, 2011 1:47 PM
> To: kernelnewbies at kernelnewbies.org
> Subject: Calling function from address
> 
> Hi!
> 
> 
> Is it possible to call a function that is somewere in the
physical-address
> space? So I'd like to jump to a certain physical address, execute the
code
> there and then return to my kernel module.
> I already tried to ioremap that address and cast the new address to a
> funtion pointer and then call the function, but there where some page
> faults.

Just guessing, but I suspect that ioremap() does not enable execute
permission in the virtual memory pages it allocates to the physical
address and that's why you are getting the page fault.

You might have to muck with the PTEs directly to enable execution.
 
> 
> Regards
> 
> #micha
> 
> --
> /* To err is human; to really fuck things up requires the root
password */
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Calling function from address

[Mulyadi Santosa]

On Wed, Jun 8, 2011 at 03:47, Micha M. <kernelnewbies@mail.i88.de> wrote:
> Hi!
>
>
> Is it possible to call a function that is somewere in the physical-address
> space? So I'd like to jump to a certain physical address, execute the code
> there and then return to my kernel module.
> I already tried to ioremap that address and cast the new address to a
> funtion pointer and then call the function, but there where some page
> faults.

Interesting, and after page fault....the code is still not executed?

what code(s) do you call? user mode? kernel mode?

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Calling function from address

[Micha M.]

On Wed, Jun 08, 2011 at 04:52:14PM +0700, Mulyadi Santosa wrote:
> On Wed, Jun 8, 2011 at 03:47, Micha M. <kernelnewbies@mail.i88.de> wrote:
> > Hi!
> >
> >
> > Is it possible to call a function that is somewere in the physical-address
> > space? So I'd like to jump to a certain physical address, execute the code
> > there and then return to my kernel module.
> > I already tried to ioremap that address and cast the new address to a
> > funtion pointer and then call the function, but there where some page
> > faults.
> 
> Interesting, and after page fault....the code is still not executed?
> 
> what code(s) do you call? user mode? kernel mode?

I don't think that the code was executed. There was a kernel Ooops direct
after the page fault and a register dump was printed. The code I what to
call is located in ROM and is mapped to the physical address space. 
Is it possible to configure the kernel to ignore certain address areas and
allow calls to that space?

And that code needs to be executed from that place, since it contains
pointer in the physical address space. (s oremapping won't work because
there are absolute jumps in that function I'd like to call)

The only solution I kan think of at the moment is to solve it somehow in
assembly. But I don't know how...


regards,

#micha

-- 
/* To err is human; to really fuck things up requires the root password */

Calling function from address

[emilie lefebvre]

This is my function :


static spinlock_t xgr_learn_lock = SPIN_LOCK_UNLOCKED;

static int piga_seq_cpt = 1;

/*
* Function called for each systemcall (Hook SELinux avc function)
*/
int piga_control(u32 ssid, ...., struct av_decision * avd) {

/*
* Here my hypercall work but block my vm with this error :

*                " BUG: scheduling while atomic ... "
*/

spin_lock_bh(&xgr_learn_lock);

  if ( in_atomic())

           kvm_hypercall2 ( 6, (unsigned long)2 ,(unsigned long)piga_seq_cpt);

  spin_unlock_bh(&xgr_learn_lock);   

    

 if (piga_on == 1) {

/*
* Here my hypercall make a kernel panic with this error:
*             " divide error: 0000 [#1] SMP"
*/
                spin_lock_bh(&xgr_learn_lock);

                set_current_state(TASK_UNINTERRUPTIBLE);

                kvm_hypercall2 ( 6, (unsigned long)2 ,(unsigned long)piga_seq_cpt);

                set_current_state(TASK_RUNNING);

                spin_lock_bh(&xgr_learn_lock);

}

}

> Date: Wed, 8 Jun 2011 12:50:57 +0200
> From: kernelnewbies at mail.i88.de
> To: kernelnewbies at kernelnewbies.org
> Subject: Re: Calling function from address
> CC: mulyadi.santosa at gmail.com
> 
> On Wed, Jun 08, 2011 at 04:52:14PM +0700, Mulyadi Santosa wrote:
> > On Wed, Jun 8, 2011 at 03:47, Micha M. <kernelnewbies@mail.i88.de> wrote:
> > > Hi!
> > >
> > >
> > > Is it possible to call a function that is somewere in the physical-address
> > > space? So I'd like to jump to a certain physical address, execute the code
> > > there and then return to my kernel module.
> > > I already tried to ioremap that address and cast the new address to a
> > > funtion pointer and then call the function, but there where some page
> > > faults.
> > 
> > Interesting, and after page fault....the code is still not executed?
> > 
> > what code(s) do you call? user mode? kernel mode?
> 
> I don't think that the code was executed. There was a kernel Ooops direct
> after the page fault and a register dump was printed. The code I what to
> call is located in ROM and is mapped to the physical address space. 
> Is it possible to configure the kernel to ignore certain address areas and
> allow calls to that space?
> 
> And that code needs to be executed from that place, since it contains
> pointer in the physical address space. (s oremapping won't work because
> there are absolute jumps in that function I'd like to call)
> 
> The only solution I kan think of at the moment is to solve it somehow in
> assembly. But I don't know how...
> 
> 
> regards,
> 
> #micha
> 
> -- 
> /* To err is human; to really fuck things up requires the root password */
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20110608/3a441ecd/attachment-0001.html 

Calling function from address

[Micha M.]

On Tue, Jun 07, 2011 at 10:47:16PM +0200, Micha M. wrote:
> Hi!
> 
> 
> Is it possible to call a function that is somewere in the physical-address
> space? So I'd like to jump to a certain physical address, execute the code
> there and then return to my kernel module. 
> I already tried to ioremap that address and cast the new address to a
> funtion pointer and then call the function, but there where some page
> faults.
> 
> 
> Regards
> 
> #micha


So maybe I have to explain some more. There is some code located in the
pysical address space and I need to call it from a kernel module. The
problem is, that the code must be run from that location it is stored (it
contains absolute jumps). So I'd like to be able to run that code in that
address space, or to "tell" the keeernel to ignore page faults/memory
protection on a certain address range, so that I can jump there run the
code and return to the caller (kernel module)

Regards

#micha

-- 
/* To err is human; to really fuck things up requires the root password */

Calling function from address

[Micha M.]

On Fri, Jun 10, 2011 at 07:30:46AM +0800, Gavin Guo wrote:
> > So maybe I have to explain some more. There is some code located in the
> > pysical address space and I need to call it from a kernel module. The
> > problem is, that the code must be run from that location it is stored (it
> > contains absolute jumps). So I'd like to be able to run that code in that
> > address space, or to "tell" the keeernel to ignore page faults/memory
> > protection on a certain address range, so that I can jump there run the
> > code and return to the caller (kernel module)
> 
> What is the architecture do you use? ex: x86, arm, mips,...

ARM.

> I know in some platform like andes, it is possible to turn off the
> virtual memory.
> Then you can jump to the physical address. After doing what you want, turning on
> virtual memory again. Finally, system return to the normal operation.
> However, the
> code is a little tricky. Before turning off the virtual memory, you
> must lock the
> code jumping to physical address in cache. Otherwise, behaviors, after
> turning off
> the cache, is unpredictable.
> 
> Gavin Guo


-- 
/* To err is human; to really fuck things up requires the root password */

Calling function from address

[Peter Teoh]

For ARM, MMU info can be found here:

http://infocenter.arm.com/help/topic/com.arm.doc.ddi0333h/Babbhigi.html

That is the theory behind MMU in ARM....but if u want the high level API, look
 under the arch/arm/mm directory lots of examples there.   Otherwise u
might try the following steps as proposed by "Marco Wang" - google for
it.   To quote:

phys_to_virt() only works with directly mapped physical address. I
don't think using phys_to_virt() is the best idea, anyway. Usually you
do this in several steps in a device driver:

1. Call request_mem_region() to request virtual memory region;
2. Call ioremap() to map physical address to virtual address;
3. Read/write mapped virtual address by using iowriteXX() /
ioreadXX(), etc. Here XX can be 8, 16, or 32 for example, represents
bit width.
4. Call iounmap() and release_mem_region() to release memory mapping;

Thanks,
Marco Wang

On Fri, Jun 10, 2011 at 3:46 PM, Micha M. <kernelnewbies@mail.i88.de> wrote:
> On Fri, Jun 10, 2011 at 07:30:46AM +0800, Gavin Guo wrote:
>> > So maybe I have to explain some more. There is some code located in the
>> > pysical address space and I need to call it from a kernel module. The
>> > problem is, that the code must be run from that location it is stored (it
>> > contains absolute jumps). So I'd like to be able to run that code in that
>> > address space, or to "tell" the keeernel to ignore page faults/memory
>> > protection on a certain address range, so that I can jump there run the
>> > code and return to the caller (kernel module)
>>
>> What is the architecture do you use? ex: x86, arm, mips,...
>
> ARM.
>
>> I know in some platform like andes, it is possible to turn off the
>> virtual memory.
>> Then you can jump to the physical address. After doing what you want, turning on
>> virtual memory again. Finally, system return to the normal operation.
>> However, the
>> code is a little tricky. Before turning off the virtual memory, you
>> must lock the
>> code jumping to physical address in cache. Otherwise, behaviors, after
>> turning off
>> the cache, is unpredictable.
>>
>> Gavin Guo
>


-- 
Regards,
Peter Teoh

Calling function from address

[Peter Teoh]

http://infocenter.arm.com/help/topic/com.arm.doc.dui0056d/ch07s05s01.html

this provide the additional info that cache store virtual addresses,
and since different processes may have same virtual address, but
different physical address, u have to beware!

On Sat, Jun 11, 2011 at 2:45 PM, Peter Teoh <htmldeveloper@gmail.com> wrote:
> For ARM, MMU info can be found here:
>
> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0333h/Babbhigi.html
>
> That is the theory behind MMU in ARM....but if u want the high level API, look
> ?under the arch/arm/mm directory lots of examples there. ? Otherwise u
> might try the following steps as proposed by "Marco Wang" - google for
> it. ? To quote:
>
> phys_to_virt() only works with directly mapped physical address. I
> don't think using phys_to_virt() is the best idea, anyway. Usually you
> do this in several steps in a device driver:
>
> 1. Call request_mem_region() to request virtual memory region;
> 2. Call ioremap() to map physical address to virtual address;
> 3. Read/write mapped virtual address by using iowriteXX() /
> ioreadXX(), etc. Here XX can be 8, 16, or 32 for example, represents
> bit width.
> 4. Call iounmap() and release_mem_region() to release memory mapping;
>
> Thanks,
> Marco Wang
>
> On Fri, Jun 10, 2011 at 3:46 PM, Micha M. <kernelnewbies@mail.i88.de> wrote:
>> On Fri, Jun 10, 2011 at 07:30:46AM +0800, Gavin Guo wrote:
>>> > So maybe I have to explain some more. There is some code located in the
>>> > pysical address space and I need to call it from a kernel module. The
>>> > problem is, that the code must be run from that location it is stored (it
>>> > contains absolute jumps). So I'd like to be able to run that code in that
>>> > address space, or to "tell" the keeernel to ignore page faults/memory
>>> > protection on a certain address range, so that I can jump there run the
>>> > code and return to the caller (kernel module)
>>>
>>> What is the architecture do you use? ex: x86, arm, mips,...
>>
>> ARM.
>>
>>> I know in some platform like andes, it is possible to turn off the
>>> virtual memory.
>>> Then you can jump to the physical address. After doing what you want, turning on
>>> virtual memory again. Finally, system return to the normal operation.
>>> However, the
>>> code is a little tricky. Before turning off the virtual memory, you
>>> must lock the
>>> code jumping to physical address in cache. Otherwise, behaviors, after
>>> turning off
>>> the cache, is unpredictable.
>>>
>>> Gavin Guo
>>
>
>
> --
> Regards,
> Peter Teoh
>



-- 
Regards,
Peter Teoh