2006-03-05 18:12:30

by Aritz Bastida

[permalink] [raw]
Subject: MMAP: How a driver can get called on mprotect()

Hello, i have a driver which lets a region of its memory to be mmaped.
The memory can be read and written to from user processes, but sometimes
i just want to let read it, not write it.

I can do that playing with VM_READ and VM_WRITE in the driver's mmap() function,
and refuse to mmap if the user process tries to mmap for writing.

The problem is that, those flags can be changed from userspace with
mprotect() and my mapping count (vma's open and close functions) got
corrupted. Is there any way to get called when the process issues
mprotect(). Should I turn off VM_MAYWRITE and that kind of flags?

I hope my question is clear
Thank you


2006-03-05 18:22:47

by Jan-Benedict Glaw

[permalink] [raw]
Subject: Re: MMAP: How a driver can get called on mprotect()

On Sun, 2006-03-05 19:12:29 +0100, Aritz Bastida <[email protected]> wrote:
> Hello, i have a driver which lets a region of its memory to be mmaped.
> The memory can be read and written to from user processes, but sometimes
> i just want to let read it, not write it.

Well, what hardware is it for and where can we download the driver to
have a view at it? That'd probably help suggesting something...

MfG, JBG

--
Jan-Benedict Glaw [email protected] . +49-172-7608481 _ O _
"Eine Freie Meinung in einem Freien Kopf | Gegen Zensur | Gegen Krieg _ _ O
für einen Freien Staat voll Freier Bürger" | im Internet! | im Irak! O O O
ret = do_actions((curr | FREE_SPEECH) & ~(NEW_COPYRIGHT_LAW | DRM | TCPA));


Attachments:
(No filename) (744.00 B)
signature.asc (189.00 B)
Digital signature
Download all attachments

2006-03-05 18:40:20

by Aritz Bastida

[permalink] [raw]
Subject: Re: MMAP: How a driver can get called on mprotect()

> Well, what hardware is it for and where can we download the driver to
> have a view at it? That'd probably help suggesting something...
>

Well actually is a virtual memory driver somewhat based on scullp
device in the book Linux Device Drivers 3rd edition.

Nonetheless the question is the same: a char device with mmap
implemented can get called any time a new vma is created or destroyed
(a process creating a new mmap): vma_open() and vma_close().

But if a user process changes the mmap protections calling mprotect()?
How can the driver know about that? Is there any way to do that?

Thanks

2006-03-05 20:18:43

by Brice Goglin

[permalink] [raw]
Subject: Re: MMAP: How a driver can get called on mprotect()

Aritz Bastida wrote:

>Nonetheless the question is the same: a char device with mmap
>implemented can get called any time a new vma is created or destroyed
>(a process creating a new mmap): vma_open() and vma_close().
>
>But if a user process changes the mmap protections calling mprotect()?
>How can the driver know about that? Is there any way to do that?
>
>

You probably want to remove VM_MAYWRITE from vma->vm_flags in the mmap
vm_op of your char device.
For instance, see how the DRM device mmap protection is set when you're
not admin and the device is read-only:
http://sosdg.org/~coywolf/lxr/source/drivers/char/drm/drm_vm.c#L570

Brice