|
Home > Archive > alt.os.linux > July 2002 > Memory protection in Linux 2.4
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Memory protection in Linux 2.4
|
|
| Ashish Raniwala 2002-07-24, 3:25 pm |
| Hello All,
I'm trying to understand - how are user processes prevented from
accessing kernel pages on x86 architecture ?
Till 2.0, I guess the user and kernel segments were exclusive and had
different privilege levels.
504 /* 0x10 kernel 1GB code at 0xC0000000: */
505 x86_seg(0xa,0,__PAGE_OFFSET,0x
ffffffff-__PAGE_OFFSET)
506
507 /* 0x18 kernel 1GB data at 0xC0000000: */
508 x86_seg(0x2,0,__PAGE_OFFSET,0x
ffffffff-__PAGE_OFFSET)
509
510 /* 0x23 user 3GB code at 0x00000000: */
511 x86_seg(0xa,3,0,__PAGE_OFFSET-1)
512
513 /* 0x2b user 3GB data at 0x00000000: */
514 x86_seg(0x2,3,0,__PAGE_OFFSET-1)
--------------------------------------------
But in the latest kernel, all these segments are the same - based at 0x00,
and of size 4GB.
434 .quad 0x00cf9a000000ffff /* 0x10 kernel 4GB code at 0x00000000 */
435 .quad 0x00cf92000000ffff /* 0x18 kernel 4GB data at 0x00000000 */
436 .quad 0x00cffa000000ffff /* 0x23 user 4GB code at 0x00000000 */
437 .quad 0x00cff2000000ffff /* 0x2b user 4GB data at 0x00000000 */
Now, I believe the segment-level protection is not in action because of
the following two reasons -
1. kernel does not need to change any segment registers for accessing
user-space while doing copy_from_user(). So, the 4GB address space as seen
inside the kernel is still composed of 3GB user and 1GB kernel space.
2. A user-process can, theoretically, create pointers to the whole 4GB
address space, because of the base & size of its segments.
---------------------------------------------
So, the questions is - Is page-level protection the only mechanism that
prevents user-programs from accessing kernel memory ?
Another question I have is - inside the kernel, how can I give more
privilege to a process, so that it can call kernel functions and kernel
data structures directly ?
Thanks,
Ashish
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
Ashish Raniwala wrote:
> So, the questions is - Is page-level protection the only mechanism that
> prevents user-programs from accessing kernel memory ?
a better question: why would you allow a user-program access to
kernel memory structures?
> Another question I have is - inside the kernel, how can I give more
> privilege to a process, so that it can call kernel functions and kernel
> data structures directly ?
interesting questions, but i must inquire: what is your motivation
for the questions? (the question is designed for you to ponder).
i think you'd be better served in a kernel NG or check out this
[really great] book: http://www.oreilly.com/catalog/linuxkernel/
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~
Michael J. Tobler: motorcyclist, surfer, # Black holes result
skydiver, and author: "Inside Linux", # when God divides the
"C++ HowTo", "C++ Unleashed" # universe by zero
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9PxvqtTveLPAHcDIRAmuCAJ
9R7oUhnpdCFS12Z0Zha2FPuYl+PwCg
h3X9
ZihEFjkqAsuFbTC3lrDYT0E=
=Ubd7
-----END PGP SIGNATURE-----
| |
|
| In article <Pine.GSO.4.33.0207241626380.4655-100000@compserv1>,
Ashish Raniwala <raniwala@cs.sunysb.edu> wrote:
> I'm trying to understand - how are user processes prevented from
>accessing kernel pages on x86 architecture ?
Simple, they don't even have a way to address kernel pages.
--
http://www.spinics.net/linux/
| |
|
| > So, the questions is - Is page-level protection the only mechanism that
> prevents user-programs from accessing kernel memory ?
The the processor and MMU enforces the page access depending
if the CPU is in kernel mode or user mode
>
> Another question I have is - inside the kernel, how can I give more
> privilege to a process, so that it can call kernel functions and kernel
> data structures directly ?
YOu can't. User mode processes can only run kernel code by makeing a system
call
like read(), write() ,signal() , poll() ....
////
>
> Thanks,
> Ashish
>
| |
| Kasper Dupont 2002-07-27, 10:25 am |
| mjt wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> Ashish Raniwala wrote:
>
> > So, the questions is - Is page-level protection the only mechanism that
> > prevents user-programs from accessing kernel memory ?
>
> a better question: why would you allow a user-program access to
> kernel memory structures?
Read access would be very nice for some kernel hacking.
Otherwise it should of course be avoided and everything
should be done through official interfaces.
--
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:razrep@daimi.au.dk
or mailto:mcxumhvenwblvtl@skramme
l.yaboo.dk
|
|
|
|
|