Aw: Re: new module to check constant memory for corruption

[Alexander . Kleinsorge]

Hi Andi,

I would like to ask for your help.
Is there a central kernel function that enables/disables write-protection for kernel memory?
I only know the place, where its write protected at booting for x86/x64.
If there is one place, it would be much easier, as to hook into many places (e.g. ftrace, etc).Â

My goal is to verify kernel memory (the constant part), not to rebuild memcheck as a process.
In my Ubuntu 12.04 system, this range has never changed during module-runtime (many hours).
I think in >90% of all systems is no ftrace (etc) changing this range.

So I need either a trigger when to update my reference sum, or to know when ftrace (etc) are really working.
ftrace_enabled = 1 (default) is no indicator, because it is typically on.

Thanks a lot,
Alexander


Gesendet:ÂSonntag, 13. April 2014 um 05:00 Uhr
Von:Â"Andi Kleen" <andi@xxxxxxxxxxxxxx>
An:ÂAlexander.Kleinsorge@xxxxxx
Cc:Âlinux-kernel@xxxxxxxxxxxxxxx
Betreff:ÂRe: new module to check constant memory for corruption
Alexander.Kleinsorge@xxxxxx writes:

> ramcheck kernel module
> new module to check constant memory for corruption
>
> detect corruption of constant kernel memory (text and data) periodically.
> runtime costs about 1..2 ms per sec (about 10 mb with 5 mb/ms),
> which is distributed over 8 (BLOCKS) time partitions (less than half
> ms per sec).
> in case of checksum (xor) error, an kernel log is posted.
> manual trigger via /proc/ramcheck is possible.
> range: kallsyms_lookup_name("_text") .. kallsyms_lookup_name("__end_rodata")


Can you explain how this works? How does it handle legal writes?

If it just checks its own memory it could be done in user space.

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/