-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Documentation/arm64: Add ptdump documentation
ptdump is a debugfs interface used to dump the kernel page tables. It provides a comprehensive overview about the kernel's virtual memory layout, page table entries and associated page attributes. A document detailing how to enable ptdump in the kernel and analyse its output has been added. Changes in V2: - Corrected command to cat /sys/kernel/debug/kernel_page_tables Changes in V1: https://lore.kernel.org/all/20230613064845.1882177-1-chaitanyas.prakash@arm.com/ Cc: Will Deacon <will@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> CC: linux-arm-kernel@lists.infradead.org Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Chaitanya S Prakash <chaitanyas.prakash@arm.com> Link: https://lore.kernel.org/r/20230619083802.76092-1-chaitanyas.prakash@arm.com [catalin.marinas@arm.com: various minor fixups; sorted index.rst in alphabetical order] Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
- Loading branch information
Chaitanya S Prakash
authored and
Catalin Marinas
committed
Jun 21, 2023
1 parent
44c026a
commit a0238ad
Showing
2 changed files
with
97 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| ====================== | ||
| Kernel page table dump | ||
| ====================== | ||
|
|
||
| ptdump is a debugfs interface that provides a detailed dump of the | ||
| kernel page tables. It offers a comprehensive overview of the kernel | ||
| virtual memory layout as well as the attributes associated with the | ||
| various regions in a human-readable format. It is useful to dump the | ||
| kernel page tables to verify permissions and memory types. Examining the | ||
| page table entries and permissions helps identify potential security | ||
| vulnerabilities such as mappings with overly permissive access rights or | ||
| improper memory protections. | ||
|
|
||
| Memory hotplug allows dynamic expansion or contraction of available | ||
| memory without requiring a system reboot. To maintain the consistency | ||
| and integrity of the memory management data structures, arm64 makes use | ||
| of the ``mem_hotplug_lock`` semaphore in write mode. Additionally, in | ||
| read mode, ``mem_hotplug_lock`` supports an efficient implementation of | ||
| ``get_online_mems()`` and ``put_online_mems()``. These protect the | ||
| offlining of memory being accessed by the ptdump code. | ||
|
|
||
| In order to dump the kernel page tables, enable the following | ||
| configurations and mount debugfs:: | ||
|
|
||
| CONFIG_GENERIC_PTDUMP=y | ||
| CONFIG_PTDUMP_CORE=y | ||
| CONFIG_PTDUMP_DEBUGFS=y | ||
|
|
||
| mount -t debugfs nodev /sys/kernel/debug | ||
| cat /sys/kernel/debug/kernel_page_tables | ||
|
|
||
| On analysing the output of ``cat /sys/kernel/debug/kernel_page_tables`` | ||
| one can derive information about the virtual address range of the entry, | ||
| followed by size of the memory region covered by this entry, the | ||
| hierarchical structure of the page tables and finally the attributes | ||
| associated with each page. The page attributes provide information about | ||
| access permissions, execution capability, type of mapping such as leaf | ||
| level PTE or block level PGD, PMD and PUD, and access status of a page | ||
| within the kernel memory. Assessing these attributes can assist in | ||
| understanding the memory layout, access patterns and security | ||
| characteristics of the kernel pages. | ||
|
|
||
| Kernel virtual memory layout example:: | ||
|
|
||
| start address end address size attributes | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ Linear Mapping start ]---------------------------------------------------------- | | ||
| | .................. | | ||
| | 0xfff0000000000000-0xfff0000000210000 2112K PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED | | ||
| | 0xfff0000000210000-0xfff0000001c00000 26560K PTE ro NX SHD AF UXN MEM/NORMAL | | ||
| | .................. | | ||
| | ---[ Linear Mapping end ]------------------------------------------------------------ | | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ Modules start ]----------------------------------------------------------------- | | ||
| | .................. | | ||
| | 0xffff800000000000-0xffff800008000000 128M PTE | | ||
| | .................. | | ||
| | ---[ Modules end ]------------------------------------------------------------------- | | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ vmalloc() area ]---------------------------------------------------------------- | | ||
| | .................. | | ||
| | 0xffff800008010000-0xffff800008200000 1984K PTE ro x SHD AF UXN MEM/NORMAL | | ||
| | 0xffff800008200000-0xffff800008e00000 12M PTE ro x SHD AF CON UXN MEM/NORMAL | | ||
| | .................. | | ||
| | ---[ vmalloc() end ]----------------------------------------------------------------- | | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ Fixmap start ]------------------------------------------------------------------ | | ||
| | .................. | | ||
| | 0xfffffbfffdb80000-0xfffffbfffdb90000 64K PTE ro x SHD AF UXN MEM/NORMAL | | ||
| | 0xfffffbfffdb90000-0xfffffbfffdba0000 64K PTE ro NX SHD AF UXN MEM/NORMAL | | ||
| | .................. | | ||
| | ---[ Fixmap end ]-------------------------------------------------------------------- | | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ PCI I/O start ]----------------------------------------------------------------- | | ||
| | .................. | | ||
| | 0xfffffbfffe800000-0xfffffbffff800000 16M PTE | | ||
| | .................. | | ||
| | ---[ PCI I/O end ]------------------------------------------------------------------- | | ||
| +---------------------------------------------------------------------------------------+ | ||
| | ---[ vmemmap start ]----------------------------------------------------------------- | | ||
| | .................. | | ||
| | 0xfffffc0002000000-0xfffffc0002200000 2M PTE RW NX SHD AF UXN MEM/NORMAL | | ||
| | 0xfffffc0002200000-0xfffffc0020000000 478M PTE | | ||
| | .................. | | ||
| | ---[ vmemmap end ]------------------------------------------------------------------- | | ||
| +---------------------------------------------------------------------------------------+ | ||
|
|
||
| ``cat /sys/kernel/debug/kernel_page_tables`` output:: | ||
|
|
||
| 0xfff0000001c00000-0xfff0000080000000 2020M PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED | ||
| 0xfff0000080000000-0xfff0000800000000 30G PMD | ||
| 0xfff0000800000000-0xfff0000800700000 7M PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED | ||
| 0xfff0000800700000-0xfff0000800710000 64K PTE ro NX SHD AF UXN MEM/NORMAL-TAGGED | ||
| 0xfff0000800710000-0xfff0000880000000 2089920K PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED | ||
| 0xfff0000880000000-0xfff0040000000000 4062G PMD | ||
| 0xfff0040000000000-0xffff800000000000 3964T PGD |