* Page Mapping
@ 2004-04-05 2:57 Kuas (gmane)
2004-04-05 14:49 ` Kuas (gmane)
0 siblings, 1 reply; 4+ messages in thread
From: Kuas (gmane) @ 2004-04-05 2:57 UTC (permalink / raw)
To: linux-mm
Hello,
This might be very trivial question for people in this mailing list. I
need to know if my understanding is correct.
We are doing some experiment with Linux kernel for security. Right now,
we are trying to see some behavior in the Linux memory management. I am
trying to track and possibly scan (for now) all the pages that's just
brought into the memory. I am doing this in i386 arch and Linux kernel
2.4.22.
I think it would be good to do it in: mm/memory.c in do_no_page(). At
the end of the function, I have references to pte_t and page struct of
the fresh new page that's just brought in from disk (not swapped).
This is diagram the diagram I'm going to refer:
http://www.skynet.ie/~mel/projects/vm/guide/html/understand/node24.html
From my understanding from the diagram of Linear Address to Page
conversion (please let me know if I'm correct or misunderstood). The
struct "pte_t->pte_low" an entry if PTE table, is the base 'physical'
address of the page. In this case I can just use it to reference the
page. I can't find any other conversion method to get another address.
Assuming I have that address, can I just direct reference that address
(assuming the address is physical and from kernel mode) or do I have to
use some methods to access the page content?
How do I know the size of the page that's filled though? I can't see
that information from the page struct.
Thanks in Advance for comments and information.
Kuas
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Page Mapping
2004-04-05 2:57 Page Mapping Kuas (gmane)
@ 2004-04-05 14:49 ` Kuas (gmane)
2004-04-19 15:26 ` Ed L Cashin
0 siblings, 1 reply; 4+ messages in thread
From: Kuas (gmane) @ 2004-04-05 14:49 UTC (permalink / raw)
To: linux-mm
Sorry, please ignore some of the previous question.
I found the answer in Intel Developer guide v3. 'pte_t' consists of the
base physical address of the page (20 MSB of pte_t) and page flags (12
LSB of pte_t). So to get the address, I just have to mask the pte_t with
PAGE_MASK.
Now the next question is can I just use that address and refer to it
right away? Like using a pointer? Or I still have to use some MMU mechanism?
And I don't see anywhere in the page struct to know how big is the page
filled? I don't think every page has all 4 KB filled, right? Or are all
the pages zeroed out before being reassigned? So I still can read the
whole page, just the last bytes will be 0x00 if it's not used.
Kuas.
Kuas (gmane) wrote:
> Hello,
>
> This might be very trivial question for people in this mailing list. I
> need to know if my understanding is correct.
>
> We are doing some experiment with Linux kernel for security. Right now,
> we are trying to see some behavior in the Linux memory management. I am
> trying to track and possibly scan (for now) all the pages that's just
> brought into the memory. I am doing this in i386 arch and Linux kernel
> 2.4.22.
>
> I think it would be good to do it in: mm/memory.c in do_no_page(). At
> the end of the function, I have references to pte_t and page struct of
> the fresh new page that's just brought in from disk (not swapped).
>
> This is diagram the diagram I'm going to refer:
> http://www.skynet.ie/~mel/projects/vm/guide/html/understand/node24.html
>
> From my understanding from the diagram of Linear Address to Page
> conversion (please let me know if I'm correct or misunderstood). The
> struct "pte_t->pte_low" an entry if PTE table, is the base 'physical'
> address of the page. In this case I can just use it to reference the
> page. I can't find any other conversion method to get another address.
>
> Assuming I have that address, can I just direct reference that address
> (assuming the address is physical and from kernel mode) or do I have to
> use some methods to access the page content?
>
> How do I know the size of the page that's filled though? I can't see
> that information from the page struct.
>
> Thanks in Advance for comments and information.
>
>
> Kuas
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Page Mapping
2004-04-05 14:49 ` Kuas (gmane)
@ 2004-04-19 15:26 ` Ed L Cashin
2004-04-19 15:58 ` Ed L Cashin
0 siblings, 1 reply; 4+ messages in thread
From: Ed L Cashin @ 2004-04-19 15:26 UTC (permalink / raw)
To: Kuas (gmane); +Cc: linux-mm
"Kuas (gmane)" <ku4s@users.sourceforge.net> writes:
> Sorry, please ignore some of the previous question.
>
> I found the answer in Intel Developer guide v3. 'pte_t' consists of
> the base physical address of the page (20 MSB of pte_t) and page flags
> (12 LSB of pte_t). So to get the address, I just have to mask the
> pte_t with PAGE_MASK.
>
> Now the next question is can I just use that address and refer to it
> right away? Like using a pointer? Or I still have to use some MMU
> mechanism?
No, it's a physical address. Normally, pointers inside the kernel
contain virtual addresses, and the MMU will translate them into
physical addresses automatically.
If you know the page is present in RAM and you want to access the
contents of the page, you can convert it to a virtual address and then
use that address. There's the "phys_to_virt" function that you can
use.
> And I don't see anywhere in the page struct to know how big is the
> page filled? I don't think every page has all 4 KB filled, right? Or
> are all the pages zeroed out before being reassigned? So I still can
> read the whole page, just the last bytes will be 0x00 if it's not used.
I think that anonymous pages are usually set up copy-on-write from the
ZERO_PAGE. They'll be all zero in parts of the page that haven't been
modified.
--
--Ed L Cashin | PGP public key:
ecashin@uga.edu | http://noserose.net/e/pgp/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Page Mapping
2004-04-19 15:26 ` Ed L Cashin
@ 2004-04-19 15:58 ` Ed L Cashin
0 siblings, 0 replies; 4+ messages in thread
From: Ed L Cashin @ 2004-04-19 15:58 UTC (permalink / raw)
To: Kuas (gmane); +Cc: linux-mm
Ed L Cashin <ecashin@uga.edu> writes:
...
> If you know the page is present in RAM and you want to access the
> contents of the page, you can convert it to a virtual address and then
> use that address. There's the "phys_to_virt" function that you can
> use.
I should have mentioned that looking at get_user_pages in mm/memory.c
first is a good idea. It will help remind you of all the
synchronization issues.
--
--Ed L Cashin | PGP public key:
ecashin@uga.edu | http://noserose.net/e/pgp/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-04-19 15:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-04-05 2:57 Page Mapping Kuas (gmane)
2004-04-05 14:49 ` Kuas (gmane)
2004-04-19 15:26 ` Ed L Cashin
2004-04-19 15:58 ` Ed L Cashin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox