check if a kernel page is read-only
Peter Senna Tschudin
peter.senna at gmail.com
Tue Sep 6 04:24:57 EDT 2016
On Mon, Sep 5, 2016 at 6:57 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Mon, 05 Sep 2016 12:59:46 +0200, Oscar Salvador said:
>
>> I'm writing a module to read/write kernel memory, and for this I'd like to
>> check if a page is marked as read-only
>
> Actually, you almost certainly want to do a *much* stricter check than
> that. If your module is doing unrestricted writes, there's almost certainly
> a major design failure. Modules should *only* access memory that belongs
> to them - for instance, a driver for some new widget shouldn't be doing
> anything with memory that isn't either I/O buffer space allocated for
> that device, or the various struct * that the driver core sets up for a device.
>
> If you're trying to scribble *anywhere*, you're either trying to write a
> rootkit, or you're mis-designing something that will almost certainly be
> abused by somebody to backdoor in a rootkit.
>
> And I don't have much sympathy for "it's just a toy module" - if you can't
> be bothered to write modules with proper design, you shouldn't be coding
> in kernelspace. Learn to do it right from the beginning and don't learn
> sloppy habits.
I guess this depends on the goals. I can think of a few valid reasons
for making that with profiling/instrumentation in mind.
>
> So what actual problem are you trying to solve by scribbling all over kernel
> space? There's probably a better way to do it.
Yes, tell us a little bit more about what you want to get. I guess we
can help you if you tell us more about your problem. I'm curious.
More information about the Kernelnewbies
mailing list