Reputation: 3752
Linux - identify process owning a specific address in physical memory
Under Linux, how can I tell what specific process owns / is using a given address in physical memory?
I understand that this may require writing a kernel module to access some kernel data structure and return the results to a user - I need to know how it can be done, regardless of how complicated it is.
Upvotes: 6
Views: 3194
Answers (4)
Reputation: 14624
The pages in use by a process and their location in physical memory are not static pieces of information. However, the information you seek should be in the page tables. A change went into the kernel that might be almost exactly what you're looking for:
author Arjan van de Ven <[email protected]> 2008-04-17 15:40:45 (GMT)
committer Ingo Molnar <[email protected]> 2008-04-17 15:40:45 (GMT)
commit 926e5392ba8a388ae32ca0d2714cc2c73945c609 (patch)
tree 2718b50b8b66a3614f47d3246b080ee8511b299e
parent 2596e0fae094be9354b29ddb17e6326a18012e8c (diff)
x86: add code to dump the (kernel) page tables for visual inspection by kernel developers
This patch adds code to the kernel to have an (optional)
/proc/kernel_page_tables debug file that basically dumps the kernel
pagetables; this allows us kernel developers to verify that nothing
fishy is going on and that the various mappings are set up correctly.
This was quite useful in finding various change_page_attr() bugs, and
is very likely to be useful in the future as well.
Signed-off-by:Arjan van de Ven <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
The added functionality is enabled by a new config option (X86_PTDUMP).
Upvotes: 9
Reputation: 131550
You might be able to use pmap -d [pid] for this... unfortunately you'd have to run it on all processes to see which one returned a result for the given memory address. Certainly not as efficient as a kernel module (and you might not even get a result, if the memory is paged out while you're looking for it).
Upvotes: 0
Reputation: 58627
Well due to the way things are done under Linux, a process may own memory at one instance, and then will not anymore, due to paging.
http://en.wikipedia.org/wiki/Paging
Essentially this means that the computer switches out data it doesn't need at one moment so that the memory can be used for something else.
I'm not sure if this helped or not, but I'd advise you to look at page tables and directories, since you can use these to translate to physical addresses.
Upvotes: 0
Reputation: 60498
Might want to start here for a discusson of how process virtual memory is mapped to physical memory. That would give you a good place to start as far as figuring out where you would need to hook into the kernel to access the page table, etc. where that information is stored.
Upvotes: 2
Related Questions
- linux kernel - how to get physical address (memory management)?
- Finding mapped memory from inside a process
- How to get the physical address in macosx kernel for a virtual address for a particular process?
- How to get the physical address from the logical one in a Linux kernel module?
- How to acess the physical address in kernel space
- Determine address size of process within Linux kernel (x86_64)
- Find physical memory address from virtual memory address
- Information of process that has allocated a given Physical address?
- How do I find the ptep for a given address?
- How can I access memory at known physical address inside a kernel module?