/dev/mem的访问权限 [英] Access permissions of /dev/mem
问题描述
我对/dev/mem
有一系列疑问:
-
网络上的许多文章似乎都将
/dev/mem
称为"Physical RAM"
的网关.但是,如果我是对的,那么/dev/mem
是通往处理器"Physical Address Space"
的网关,它可能包括许多硬件外设的控制寄存器,而不仅仅是RAM?请纠正我,如果我错了!
Many articles on the net, seem to refer
/dev/mem
as the gateway to"Physical RAM"
. But if I am right,/dev/mem
is the gateway to the"Physical Address Space"
of the processor which might include control registers of many HW peripherals and not just the RAM? Please, correct me if I am wrong!
为防止攻击者滥用/dev/mem
和更改内核内存,需要启用标志CONFIG_STRICT_DEVMEM
,这将阻止用户应用访问1MB以上的物理地址空间.我在PC(Ubuntu)上检查了配置文件,发现该文件为CONFIG_STRICT_DEVMEM = y
.我写了一个程序,试图读取超过1 MB的物理内存,然后我就能读取了!没有分段错误或任何Operation NOT Permitted
错误.这怎么可能?
In order to prevent attackers from misusing /dev/mem
and altering kernel memory, a flag CONFIG_STRICT_DEVMEM
needs to be enabled which will prevent user apps from accessing physical address space beyond 1MB. I checked the config file on my PC (Ubuntu) and found that CONFIG_STRICT_DEVMEM = y
. And I wrote a program which tries to read to physical memory beyond 1 MB and I was able to read! No segmentation fault or any Operation NOT Permitted
error. How is this possible?
我的程序大致如下:
fd = open ( "/dev/mem", O_RDWR);
ptr = (int*) mmap(0, MAP_SIZE, PROT_READ, fd, myAddress & (~MAP_MASK));
printf("%d", *ptr);
推荐答案
-
是的,没错,/dev/mem允许您映射任何物理地址,包括非RAM存储器映射的IO.这对于快速而又肮脏的黑客在不编写内核驱动程序的情况下访问某些硬件设备很有用.
Yes, you're right, /dev/mem allows you to map any physical address, including non-RAM memory mapped IO. This can can be useful for a quick and dirty hack to access some hardware device without writing a kernel driver.
CONFIG_STRICT_DEVMEM使用arch/x86/mm/init.c
中的devmem_is_allowed()
在/dev/mem中进行内核检查地址,并且其中的注释说明:
CONFIG_STRICT_DEVMEM makes the kernel check addresses in /dev/mem with devmem_is_allowed()
in arch/x86/mm/init.c
, and the comment there explains:
* On x86, access has to be given to the first megabyte of ram because that area
* contains bios code and data regions used by X and dosemu and similar apps.
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
您的地址0xFFFF0000
很可能是非RAM的,因为BIOS通常会将IO内存放在4GB以下,所以这就是为什么即使使用STRICT_DEVMEM也可以映射它的原因.
your address 0xFFFF0000
is quite likely to be non-RAM, since BIOSes typically put IO memory just below 4GB, so that's why you're able to map it even with STRICT_DEVMEM.
这篇关于/dev/mem的访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!