Physical address of kernel code

Question

this post says the kernel page is unswappable.

Then what I wonder is the physical address of kernel code is always calculatable from the virtual address when I disable KASLR (especially, in x86_64)?

Let's assume PHYSICAL_START in configuration is 0x1000000, and the start virtual address of <_text> section is 0xffffffff81000000.
I think the physical address of every kernel code is (vaddr - 0xffffffff81000000 + 0x1000000)

Is this always true? If not, is this true when I use defconf (except disabling KASLR)?

Updated: I'm modifying QEMU itself for the research purpose. I have to read a guest kernel code instruction. I only use a vmlinux image (meaning, I don't load additional modules).
I have the virtual address and I tried to read a memory using this virtual address. For somewhat reason, I failed to read a memory with the virtual address, but I succeeded to read a memory with a physical address (calculated by my hand).
So If I can calculate the physical address in the above way, I think this way could be a shortcut (even it isn't a good idea).
I know there are monitor and gdbserver and they work well. But I don't know they are the options.

Why do you ask? From what perspective (user process, or kernel code, e.g. module)? — Basile Starynkevitch, Sep 22 '17 at 02:14
Look for the `System RAM` / `Kernel code` start address in **/proc/iomem**. You'll need to have root privileges to get actual values. — sawdust, Sep 22 '17 at 02:43
You might also find [kernel newbies](https://kernelnewbies.org/) mailing list helpful. A bunch of the kernel folks hang there. — jww, Sep 22 '17 at 03:52

Physical address of kernel code

0 Answers0