Linux kernel code space write protection_问答_开发者

开发者 https://www.devze.com 2023-02-13 10:40 出处：网络

I had couple of questions on linux kernel memory page write protection. How can i figure out if the kernel

相关专题：linux-kernel

I had couple of questions on linux kernel memory page write protection.

How can i figure out if the kernel code (text segment) is write protected or not. I can look at /proc/<process-id>/map to see the memory map for various processes. But not sure where to look for the kernel code memory map.
If the kernel code segment is write protected, then is it possible for the code segment pages to be overwritten by any other kernel level code. In other words, does the write protect on a text segment page protects against only the user space code writing to it or will it prevent writes even fro开发者_开发问答m within the kernel space code.

Thanks

Code running in the kernel has direct access to the page tables for the current address space, so it can check for write access by examining those. There are probably functions to help you with that check, but I'm not familiar enough with the mm code to point them out. Is there an easier way? I'm not sure.
The kernel text should never be writable from user-space. The text can additionally be protected against writing from kernel code too (I think this is what you're talking about). This is only a basic protection against bugs. Kernel code, if it really wants to, can disable that protection by modifying the page tables directly.

There is one paper talking about that. Basically, it uses a small hypervisor to protect the OS kernel.

SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes.

http://www.sosp2007.org/papers/sosp079-seshadri.pdf