From: Amit Kumar <free.amit.kumar@gmail.com>
To: Aruna Hewapathirane <aruna.hewapathirane@gmail.com>
Cc: kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: Virtual To Physical Address Translation
Date: Wed, 15 May 2019 15:09:57 +0530 [thread overview]
Message-ID: <CAPTh4Otob-wcHgd1wrissSUTtK_OVVPj-_msiRU3ZEkk5E_7GQ@mail.gmail.com> (raw)
In-Reply-To: <CAPTh4OuLN81s8esjRhhOkGFNMn5+8JPo_0AbOAdnOW_Oof9cRg@mail.gmail.com>
On Wed, May 15, 2019 at 3:03 PM Amit Kumar <free.amit.kumar@gmail.com> wrote:
>
> On Tue, May 14, 2019 at 5:52 PM Aruna Hewapathirane
> <aruna.hewapathirane@gmail.com> wrote:
> >
> > Hi,
> >
> > I am trying to wrap my head around the virtual to physical memory address translation. For example let's say I want to locate the sys_call_table.
> >
> > objdump and vmlinux shows me this:
> > aruna@debian:~/linux-5.1.1$ objdump -t vmlinux | grep -i sys_call_table
> > ffffffff81c001c0 g O .rodata 0000000000001120 sys_call_table
> > ffffffff81c01600 g O .rodata 0000000000000d60 ia32_sys_call_table
> >
> > and System.map shows me this:
> > aruna@debian:~/linux-5.1.1$ cat System.map | grep -i sys_call_table
> > ffffffff81c001c0 R sys_call_table
> > ffffffff81c01600 R ia32_sys_call_table
> >
> > So addresses match.
> >
> > And gdb shows me this:
> > aruna@debian:~/linux-5.1.1$ gdb vmlinux
> > GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
> > Reading symbols from vmlinux...done.
> >
> > (gdb) p sys_call_table
> > $1 = {0xffffffff812317a0 <__x64_sys_read>,
> > 0xffffffff812318b0 <__x64_sys_write>, 0xffffffff8122d980 <__x64_sys_open>,
> > 0xffffffff8122bc40 <__x64_sys_close>,
> > 0xffffffff81236220 <__x64_sys_newstat>,
> > 0xffffffff812363e0 <__x64_sys_newfstat>,
> > <snip>
> >
> > Now if you take the address given by objdump and System.map which is 0xffffffff81c001c0
> > and ask gdb to show you I get:
> >
> > (gdb) x 0xffffffff81c001c0
> > 0xffffffff81c001c0 <sys_call_table>: 0x812317a0
> >
> > My question is HOW is the address 0xffffffff81c001c0 translated to 0x812317a0 ?
> At the moment I am unable to provide you a pointer, but I have read
> somewhere that kernel uses random
> numbers to relocate addresses for the sake of cracking.
https://lwn.net/Articles/569635/
> I am reading up on page tables and page offsets just can't yet fully
> understand how it is done. A example that
> > breaks down the process step by step would really help.
> >
> > Thanks - Aruna
> >
> Regards,
> Amit Kumar
> >
> >
> >
> > _______________________________________________
> > Kernelnewbies mailing list
> > Kernelnewbies@kernelnewbies.org
> > https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
prev parent reply other threads:[~2019-05-15 9:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 12:20 Virtual To Physical Address Translation Aruna Hewapathirane
2019-05-15 9:33 ` Amit Kumar
2019-05-15 9:39 ` Amit Kumar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPTh4Otob-wcHgd1wrissSUTtK_OVVPj-_msiRU3ZEkk5E_7GQ@mail.gmail.com \
--to=free.amit.kumar@gmail.com \
--cc=aruna.hewapathirane@gmail.com \
--cc=kernelnewbies@kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).