Reputation: 185
How are memory read, write, execute permissions enforced in the Linux kernel?
How is a system able to restrict processes from being able to write to regions of memory set read-only? In particular, how is the Linux kernel able to enforce these permissions, assuming that the hardware is not able to do this job for the kernel?
My initial guess is that these regions of memory are not mapped to the process's address space, so whenever the process tries accessing these regions of memory, a page fault is generated, which allows the kernel to take control to check that everything is in order. I realize this would probably greatly degrade performance, so I'm here asking for help understanding if there is a smarter method to enforcing these permissions.
Upvotes: 2
Views: 2478
Answers (2)
Reputation: 21617
There are four ways that prevent access to memory in a non-segmented system to restrict access to pages.
There is no page table entry for specific address (easy to do with nested page tables).
There is no page mapping for the page.
The page table restricts access by mode. For example, does not allow user mode access but allows kernel mode.
The page table restricts access by type (write,execute).
Setting up the page tables is done in hardware. Validating the access against the tables is done in hardware.
Upvotes: 0
Reputation: 2079
The task of enforcing memory protection is handled by MMU. I'm not aware of any architecture that does have MMU but don't have hardware support memory permissions. Thus I guess we are talking about MMU-less systems here.
For long time Linux required MMU to work. It still does if you want to but the is some support for MMU-less systems. It comes from uClinux project that was merged upstream some time ago. The system compiled with NOMMU does not, however, work like normal Linux system (a lot of applications won't work on it) and no memory protection is one of its limitations.
To answer your question directly - memory protection on Linux depends on hardware support for it. If it's absent, the kernel won't try to emulate it.
Now your idea seems fine (if impractical) but in order to do this, you still need virtual memory support which requires some kind of MMU. As stated earlier, I don't think there are any systems that do have MMU but does not support memory protection. Either way, Linux does not seem to support this case.
Upvotes: 1
Related Questions
- Access permissions of /dev/mem
- How are memory segment permissions set in Linux x86_64 and x86
- How does the kernel access the memory of other processes?
- Which part of Linux kernel enforces privilege separation and how?
- Memory protection in Linux kernel
- How does kernel restrict processes to their own memory pool?
- What is CPU kernel/privileged mode, and how is it guarded by the OS?
- kmalloc function and protection (READ,WRITE,EXEC)
- How does linux protect memory?
- How does Android enforce permissions?