Linux /dev/mem 的访问权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6134984/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Access permissions of /dev/mem
提问by Pavan Manjunath
I have a set of questions regarding /dev/mem:
我有一系列关于以下方面的问题/dev/mem:
Many articles on the net, seem to refer
/dev/memas the gateway to"Physical RAM". But if I am right,/dev/memis the gateway to the"Physical Address Space"of the processor which might include control registers of many HW peripherals and not just the RAM? Please, correct me if I am wrong!In order to prevent attackers from misusing
/dev/memand altering kernel memory, a flagCONFIG_STRICT_DEVMEMneeds to be enabled which will prevent user apps from accessing physical address space beyond 1MB. I checked the config file on my PC (Ubuntu) and found thatCONFIG_STRICT_DEVMEM = y. And I wrote a program which tries to read to physical memory beyond 1 MB and I was able to read! No segmentation fault or anyOperation NOT Permittederror. How is this possible?
网上的很多文章,似乎都被
/dev/mem称为"Physical RAM". 但如果我是对的,处理器/dev/mem的网关是否"Physical Address Space"可能包括许多硬件外设的控制寄存器,而不仅仅是 RAM?如果我错了,请纠正我!为了防止攻击者滥用
/dev/mem和更改内核内存,CONFIG_STRICT_DEVMEM需要启用一个标志,以防止用户应用程序访问超过 1MB 的物理地址空间。我检查了我的 PC(Ubuntu)上的配置文件,发现CONFIG_STRICT_DEVMEM = y. 我写了一个程序,试图读取超过 1 MB 的物理内存,我能够读取!没有分段错误或任何Operation NOT Permitted错误。这怎么可能?
My program roughly looks like this:
我的程序大致是这样的:
fd = open ( "/dev/mem", O_RDWR);
ptr = (int*) mmap(0, MAP_SIZE, PROT_READ, fd, myAddress & (~MAP_MASK));
printf("%d", *ptr);
采纳答案by Roland
Yes, you're right, /dev/mem allows you to map any physical address, including non-RAM memory mapped IO. This can can be useful for a quick and dirty hack to access some hardware device without writing a kernel driver.
CONFIG_STRICT_DEVMEM makes the kernel check addresses in /dev/mem with
devmem_is_allowed()inarch/x86/mm/init.c, and the comment there explains:* On x86, access has to be given to the first megabyte of ram because that area * contains bios code and data regions used by X and dosemu and similar apps. * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions.your address
0xFFFF0000is quite likely to be non-RAM, since BIOSes typically put IO memory just below 4GB, so that's why you're able to map it even with STRICT_DEVMEM.
是的,您说得对,/dev/mem 允许您映射任何物理地址,包括非 RAM 内存映射 IO。这对于快速而肮脏的黑客访问某些硬件设备而无需编写内核驱动程序非常有用。
CONFIG_STRICT_DEVMEM 使用
devmem_is_allowed()in使内核检查 /dev/mem 中的地址arch/x86/mm/init.c,并且那里的注释解释了:* On x86, access has to be given to the first megabyte of ram because that area * contains bios code and data regions used by X and dosemu and similar apps. * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions.您的地址
0xFFFF0000很可能不是 RAM,因为 BIOS 通常将 IO 内存放在 4GB 以下,所以这就是为什么即使使用 STRICT_DEVMEM 也可以映射它的原因。
回答by linuts
What does the follow yield:
以下产生什么:
cat /dev/mem | wc
I get:
我得到:
cat: /dev/mem: Operation not permitted
1908 11791 1048576
So for me it does stop at 1MB.
所以对我来说,它确实停留在 1MB。
Note that cat uses open, not mmap so its not an identical test.
请注意, cat 使用 open,而不是 mmap,因此它不是完全相同的测试。
Are you sure you're reading beyond 1MB?
你确定你正在阅读超过 1MB 的内容吗?
