• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Crashes when reading physical memory
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crashes when reading physical memory

  • Subject: Re: Crashes when reading physical memory
  • From: Michael Smith <email@hidden>
  • Date: Sat, 14 Mar 2009 11:48:02 -0700
Jim,

You are making the naïve and incorrect assumption that physical memory is linear from zero. This is not the case; for your tool to be useful you must obtain the actual physical memory map as exposed to the operating system and use that.

Attempting to read from physical addresses that don't decode to anything may result in an error interrupt, machine check or ECC error depending on the bus implementation. Attempting to read from memory- mapped peripherals may fail due to read behaviour constraints implemented by the peripheral, which in turn may result in fatal device interrupts or failure of the device. Attempting to read from memory protected by the chipset (e.g. the region allocated for SMM use) may give garbage results or result in a machine check depending on the implementation.

In a more general sense, it is not safe to read from something unless you know what that something is. For your tool, you must first answer that question.

 = Mike

On Mar 13, 2009, at 1:28 PM, Hajime Inoue wrote:

Thanks, M.M., Michael, Andreas, and Terry, for your thoughts.

It's clear that there are definite limitations in getting a physical memory
dump using the same resources being dumped. However, for some purposes
what's
available just by dumping memory to a file is "good enough".

So I used the function M.M. suggested and wrote a kext using the
ml_phys_read_*
functions. This works fine for ppc (I've tested on 10.3.9 and 10.5 with 0.5
and
1.5G of memory, respectively). But it fails after reading about 3.3 or 3.4
G
on my Intel 10.5 machine.

Does anyone know why this should be? One of my colleagues mentioned that he
saw
something about problems reading memory simultaneously being used for DMA.
Is
this a possibility?

Also, it appears that ml_io_map is also exported. However, I can't find an
equivalent ml_io_munmap. pmap_release isn't exported (giving a warning),
but
is found when the kext is loaded. Can I use pmap_release(kernel_map, ...)
with
the memory allocated by ml_io_map?

Thanks again,
-Jim

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Crashes when reading physical memory (From: Hajime Inoue <email@hidden>)






    

  • Prev by Date:
RE: Crashes when reading physical memory

    • 

  • Next by Date:
Re: Set process' working set size explictly

    • 

  • Previous by thread:
Re: Crashes when reading physical memory

    • 

  • Next by thread:
RE: Crashes when reading physical memory

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •