Page 1 of 1

Can't access null page on mac OS 10.12

PostPosted: Mon Dec 26, 2016 9:37 am
by chengyang
I've got a kernel panic because of bad memory access on 0x0;

So I'm wonder if I can map the null page. So far, I've got that we can map the null page by the following complie options:

Code: Select all
clang xxx -o xxx -m32 -pagezero_size 0x0


I think it works on user space because I can allocate the address 0x0 successfully and i can use the following code to access 0x0 on user space:

Code: Select all
mach_vm_address_t addr = 0;
*((uint32_t *)addr) = 0x41414141


But when i trigged the panic by some IOKit external method, it can't access null page and a panic happens as well.

What's wrong? Can null page be mapped?!

Re: Can't access null page on mac OS 10.12

PostPosted: Sat Jan 14, 2017 2:38 am
by morpheus
Can you share a panic? It is very likely that Aapl finally fixed the jump back to NULL page in Sierra - I haven't had a chance to peruse the XNU code that deeply yet.

Re: Can't access null page on mac OS 10.12

PostPosted: Mon Jan 16, 2017 3:49 am
by chengyang
Sorry the panic can't be shared in public because it has been reported to Apple.

It seems that SMAP has been introduced to iPhone7, So I'm wondering there is also a similar SMAP protection on Sierra.