check if a kernel page is read-only

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Sep 5 12:57:58 EDT 2016


On Mon, 05 Sep 2016 12:59:46 +0200, Oscar Salvador said:

> I'm writing a module to read/write kernel memory, and for this I'd like to
> check if a page is marked as read-only

Actually, you almost certainly want to do a *much* stricter check than
that.  If your module is doing unrestricted writes, there's almost certainly
a major design failure.  Modules should *only* access memory that belongs
to them - for instance, a driver for some new widget shouldn't be doing
anything with memory that isn't either I/O buffer space allocated for
that device, or the various struct * that the driver core sets up for a device.

If you're trying to scribble *anywhere*, you're either trying to write a
rootkit, or you're mis-designing something that will almost certainly be
abused by somebody to backdoor in a rootkit.

And I don't have much sympathy for "it's just a toy module" - if you can't
be bothered to write modules with proper design, you shouldn't be coding
in kernelspace.  Learn to do it right from the beginning and don't learn
sloppy habits.

So what actual problem are you trying to solve by scribbling all over kernel
space?  There's probably a better way to do it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 830 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20160905/3ce376ca/attachment.bin 


More information about the Kernelnewbies mailing list