Commit | Line | Data |
---|---|---|
df4e817b PT |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | .. _page_table_check: | |
4 | ||
5 | ================ | |
6 | Page Table Check | |
7 | ================ | |
8 | ||
9 | Introduction | |
10 | ============ | |
11 | ||
854d0982 | 12 | Page table check allows to harden the kernel by ensuring that some types of |
df4e817b PT |
13 | the memory corruptions are prevented. |
14 | ||
15 | Page table check performs extra verifications at the time when new pages become | |
16 | accessible from the userspace by getting their page table entries (PTEs PMDs | |
17 | etc.) added into the table. | |
18 | ||
19 | In case of detected corruption, the kernel is crashed. There is a small | |
20 | performance and memory overhead associated with the page table check. Therefore, | |
21 | it is disabled by default, but can be optionally enabled on systems where the | |
22 | extra hardening outweighs the performance costs. Also, because page table check | |
23 | is synchronous, it can help with debugging double map memory corruption issues, | |
24 | by crashing kernel at the time wrong mapping occurs instead of later which is | |
25 | often the case with memory corruptions bugs. | |
26 | ||
27 | Double mapping detection logic | |
28 | ============================== | |
29 | ||
30 | +-------------------+-------------------+-------------------+------------------+ | |
31 | | Current Mapping | New mapping | Permissions | Rule | | |
32 | +===================+===================+===================+==================+ | |
33 | | Anonymous | Anonymous | Read | Allow | | |
34 | +-------------------+-------------------+-------------------+------------------+ | |
35 | | Anonymous | Anonymous | Read / Write | Prohibit | | |
36 | +-------------------+-------------------+-------------------+------------------+ | |
37 | | Anonymous | Named | Any | Prohibit | | |
38 | +-------------------+-------------------+-------------------+------------------+ | |
39 | | Named | Anonymous | Any | Prohibit | | |
40 | +-------------------+-------------------+-------------------+------------------+ | |
41 | | Named | Named | Any | Allow | | |
42 | +-------------------+-------------------+-------------------+------------------+ | |
43 | ||
44 | Enabling Page Table Check | |
45 | ========================= | |
46 | ||
47 | Build kernel with: | |
48 | ||
49 | - PAGE_TABLE_CHECK=y | |
50 | Note, it can only be enabled on platforms where ARCH_SUPPORTS_PAGE_TABLE_CHECK | |
51 | is available. | |
52 | ||
53 | - Boot with 'page_table_check=on' kernel parameter. | |
54 | ||
55 | Optionally, build kernel with PAGE_TABLE_CHECK_ENFORCED in order to have page | |
56 | table support without extra kernel parameter. |