From mboxrd@z Thu Jan 1 00:00:00 1970 From: peter.senna@gmail.com (Peter Senna Tschudin) Date: Tue, 6 Sep 2016 10:24:57 +0200 Subject: check if a kernel page is read-only In-Reply-To: <11599.1473094678@turing-police.cc.vt.edu> References: <11599.1473094678@turing-police.cc.vt.edu> Message-ID: To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org On Mon, Sep 5, 2016 at 6:57 PM, wrote: > On Mon, 05 Sep 2016 12:59:46 +0200, Oscar Salvador said: > >> I'm writing a module to read/write kernel memory, and for this I'd like to >> check if a page is marked as read-only > > Actually, you almost certainly want to do a *much* stricter check than > that. If your module is doing unrestricted writes, there's almost certainly > a major design failure. Modules should *only* access memory that belongs > to them - for instance, a driver for some new widget shouldn't be doing > anything with memory that isn't either I/O buffer space allocated for > that device, or the various struct * that the driver core sets up for a device. > > If you're trying to scribble *anywhere*, you're either trying to write a > rootkit, or you're mis-designing something that will almost certainly be > abused by somebody to backdoor in a rootkit. > > And I don't have much sympathy for "it's just a toy module" - if you can't > be bothered to write modules with proper design, you shouldn't be coding > in kernelspace. Learn to do it right from the beginning and don't learn > sloppy habits. I guess this depends on the goals. I can think of a few valid reasons for making that with profiling/instrumentation in mind. > > So what actual problem are you trying to solve by scribbling all over kernel > space? There's probably a better way to do it. Yes, tell us a little bit more about what you want to get. I guess we can help you if you tell us more about your problem. I'm curious.