howto set some kernel pages to readonly?

howto set some kernel pages to readonly?

[Peter Wächtler]

Hello Linux ARM developers,

on Linux x86 there is infrastructure to set rodata to, aeh, readonly. ;)

I also want to protect some pages to readonly  as a guard.
So if some kernel code writes to the memory the kernel panics.

I tried the following without success:

And I have to admit that I don't understand all the macros for 
manipulating the page table entries ;(
Any clue what's wrong?


int set_page_ro(unsigned long addr)
{
        pte_t new_pte;
        unsigned long pfn;
        pte_t *pte;
        pgd_t *pgd;
        pmd_t *pmd;
 
        pgd = pgd_offset_k(addr);
        pmd = pmd_offset(pgd, addr);
 
        pfn = __phys_to_pfn(virt_to_phys((void*)addr));
 
        pte = pte_offset_kernel(pmd, addr);
        new_pte = pfn_pte(pfn, __pgprot(pgprot_val(pgprot_kernel) | 
                                                      (__PAGE_READONLY)) );
 
        set_pte_ext(pte, new_pte, 0);
 
        return 0;
}
 

set_page_ro( (unsigned long)pa );
flush_tlb_kernel_page((long)pa);

--
   Peter

howto set some kernel pages to readonly?

[Peter Wächtler]

Am Donnerstag, 7. April 2011, 20:26:36 schrieb Peter W?chtler:
> Hello Linux ARM developers,
> 
> on Linux x86 there is infrastructure to set rodata to, aeh, readonly. ;)
> 
> I also want to protect some pages to readonly  as a guard.
> So if some kernel code writes to the memory the kernel panics.
> 
> I tried the following without success:
> 
> And I have to admit that I don't understand all the macros for
> manipulating the page table entries ;(
> Any clue what's wrong?
> 
> 
> int set_page_ro(unsigned long addr)
> {
>         pte_t new_pte;
>         unsigned long pfn;
>         pte_t *pte;
>         pgd_t *pgd;
>         pmd_t *pmd;
> 
>         pgd = pgd_offset_k(addr);
>         pmd = pmd_offset(pgd, addr);
> 
>         pfn = __phys_to_pfn(virt_to_phys((void*)addr));
> 
>         pte = pte_offset_kernel(pmd, addr);
>         new_pte = pfn_pte(pfn, __pgprot(pgprot_val(pgprot_kernel) |
>                                                       (__PAGE_READONLY)) );
> 
>         set_pte_ext(pte, new_pte, 0);
> 
>         return 0;
> }
> 
> 
> set_page_ro( (unsigned long)pa );
> flush_tlb_kernel_page((long)pa);
> 

While the variable is named "pa" - it's actually a virtual address.
The code has to run on a SMP box - ARM 1136 multi core (ARMv6).

howto set some kernel pages to readonly?

[Russell King - ARM Linux]

On Thu, Apr 07, 2011 at 08:26:36PM +0200, Peter W?chtler wrote:
> Hello Linux ARM developers,
> 
> on Linux x86 there is infrastructure to set rodata to, aeh, readonly. ;)
> 
> I also want to protect some pages to readonly  as a guard.
> So if some kernel code writes to the memory the kernel panics.
> 
> I tried the following without success:
> 
> And I have to admit that I don't understand all the macros for 
> manipulating the page table entries ;(
> Any clue what's wrong?

We don't map kernel space using pages, but section mappings which have a
granularity of 1MB.

That makes it difficult to set read-only status on just small areas of
memory because you'd have to ensure that the .rodata starts at a 1MB
boundary, and the following data also starts at a 1MB boundary - which
would be quite wasteful.