如何从Linux内核访问用户空间内存? [英] How to access user space memory from the Linux kernel?

问题描述

我知道copy_to_user/copy_from_user，get_user/put_user函数是用于此目的的.

I know that copy_to_user/copy_from_user, get_user/put_user functions are for this purpose.

我的问题是，在给定用户空间地址/指针的情况下，通常如何从内核访问该地址指向的数据?

My question is that, given a user space address/pointer, how can I access the data pointed to by the address from the kernel in general?

我可以想象，首先我必须确保包含页面应该在物理内存中(而不是磁盘中).

I can imagine that first I have to make sure the containing page should be in physical memory (instead of in disk).

下一步是什么?我可以使用*p(其中p是指向某些用户空间数据的指针)直接引用该数据吗?

What is the next step? Can I use *p, where p is the pointer pointing to some user space data, directly to refer to the data?

还是我必须首先调用kmap才能将包含的物理页面框架映射到内核虚拟地址空间?为什么?

Or do I have to first invoke kmap to map the containing physical page frame to the kernel virtual address space? Why?

推荐答案

您可能会发现这很有用.

You may find this useful.

让我们重复一下，read和write方法的buff参数是 用户空间指针.因此，它不能被直接取消引用 内核代码.造成这种限制的原因有很多:

Let us repeat that the buff argument to the read and write methods is a user-space pointer. Therefore, it cannot be directly dereferenced by kernel code. There are a few reasons for this restriction:

• 取决于驱动程序在哪种体系结构上运行以及如何 已配置内核，用户空间指针可能在以下时间无效 完全以内核模式运行.可能没有对应的映射 地址，也可以指向其他随机数据.

• Depending on which architecture your driver is running on, and how the kernel was configured, the user-space pointer may not be valid while running in kernel mode at all. There may be no mapping for that address, or it could point to some other, random data.

即使指针在内核空间中的含义相同， 用户空间内存已分页，并且相关内存可能不是 进行系统调用时驻留在RAM中.尝试参考 用户空间内存直接可以产生页面错误，这是 不允许执行内核代码的操作.结果将是 一个哎呀"，这将导致该进程的死亡 系统调用.

Even if the pointer does mean the same thing in kernel space, user-space memory is paged, and the memory in question might not be resident in RAM when the system call is made. Attempting to reference the user-space memory directly could generate a page fault, which is something that kernel code is not allowed to do. The result would be an "oops," which would result in the death of the process that made the system call.

所讨论的指针已由用户程序提供，该程序 可能是越野车或恶意软件.如果您的驾驶员盲目地取消引用 用户提供的指针，它提供了一个开放的门口，允许 用户空间程序，用于访问或覆盖内存中任何位置的内存 系统.如果您不希望负责损害 用户系统的安全性，您永远都不能取消引用 用户空间指针直接.

The pointer in question has been supplied by a user program, which could be buggy or malicious. If your driver ever blindly dereferences a user-supplied pointer, it provides an open doorway allowing a user-space program to access or overwrite memory anywhere in the system. If you do not wish to be responsible for compromising the security of your users' systems, you cannot ever dereference a user-space pointer directly.

来源: http://www.makelinux.net/ldd3/chp- 3-sect-7

也就是说，我自己很想知道如果用户空间地址确实有效，并且以上条件都不适用...

That said, I am myself curious to know what happens if the user-space address is indeed valid, and none of the above conditions apply...

这篇关于如何从Linux内核访问用户空间内存?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！