CN102567068A - System and method for handling kernel mmap call failure - Google Patents
System and method for handling kernel mmap call failure Download PDFInfo
- Publication number
- CN102567068A CN102567068A CN2011104151280A CN201110415128A CN102567068A CN 102567068 A CN102567068 A CN 102567068A CN 2011104151280 A CN2011104151280 A CN 2011104151280A CN 201110415128 A CN201110415128 A CN 201110415128A CN 102567068 A CN102567068 A CN 102567068A
- Authority
- CN
- China
- Prior art keywords
- kernel
- mmap
- user
- driver
- attitude
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a system and a method for handling kernel mmap call failure. The method is used for creating a private memory device in a kernel mode by the aid of a driver, and all memory mappings and data sharing are operated on the private memory device, so that sharing of data in a user mode and in the kernel mode of each kernel version is realized. The system and the method for handling kernel mmap call failure have the advantages that firstly, compatibility is greatly improved as mmap can be independent from a kernel only by writing a small-scale driver, and compatibility of the kernel versions of various systems is realized; and secondly, controllability is greatly enhanced as user mode application programs and bottom equipment can be arbitrarily accessed and controlled only by writing one driver. If the scheme is not adopted, the kernel is recompiled or third-party software is adopted, both compatibility and controllability are greatly reduced.
Description
Technical field
The invention belongs to network safety filed, be specifically related to a kind of system and method that solves kernel mmap malloc failure malloc.
Background technology
Along with the continual renovation development of linux kernel, it has done more many-sided consideration to the security of system aspect.In order to prevent that the user from the premeditated malicious sabotage of user's attitude to kernel state, beginning from the 2.6.28 kernel, kernel has limited the unrestricted use of user to mmap.But mmap is basic functions to many user programs, when especially utilizing mmap to kernel state and user's attitude shared drive, in check mmap restriction will directly cause user program on new kernel, moving.
Patent No. CN201010622299.6 (in linux kernel, realizing the method for imitative Windows system call mechanism) discloses a kind of method that in linux kernel, realizes imitative Windows system call mechanism; 1) code of modification linux kernel; The interrupt vector of reservation from the 0x20-0x2f scope can not divided interrupt vector 0x2e linux kernel and is used in external interrupt; 2) code of realizing imitative Windows system call mechanism among the ReactOS is transplanted in the linux kernel, as required necessary modifications in addition again.The effect that the present invention is useful is: the invention provides a kind of method, make and can in linux kernel, realize the imitative Windows system call mechanism based on " int 0x2e " instruction, solved the most important condition that makes linux kernel support the Windows application.
Patent No. CN200710039207.X (inner core debug method of (SuSE) Linux OS) discloses a kind of inner core debug method of (SuSE) Linux OS, at first, needs is revised and the kernel portion of debugging is compiled into interim kernel with the mode of kernel module; Utilize the kernel loading appliance with the user's space of described interim kernel loads then to kernel; And place the function jump list at the inlet of the function of the original kernel that is replaced; Intercept and capture all function calls, when calling the function of original kernel, jump to the replacement function place of interim kernel automatically original kernel; Carry out the debugging of interim kernel; After debug process is accomplished, utilize the kernel tool of unloading that interim kernel is unloaded from the kernel of revising, recover the virgin state of kernel.Kernel compilation process of the present invention only limits to the related function of appointment, need not to restart kernel, can avoid recompility, link again, download time and kernel start-up time in the kernel debug process; Shorten the exploitation and the debug time of operating system, improve the exploitation and the debugging efficiency of operating system.
At present, modal solution is CONFIG_STRICT_DEVMEM and the CONFIG_X86_PAT that opens in the .config file, recompilates kernel then, checks the restriction of mmap in the releasing and uses.Scheme is the storehouse of adopting the third party to provide in second.These two kinds of schemes are changed all bigger concerning the user, especially first kind.And in some cases, the client can not allow to recompilate kernel.The controllability of second kind of scheme is also bad.
Summary of the invention
The present invention overcomes the prior art deficiency, can do under the minimum situation of changing at user program, realizes user program unrestricted use to mmap on up-to-date kernel.
The invention provides the method for the restriction use of checking mmap in a kind of the releasing; It creates privately owned memory device through driver in kernel state; All memory-mapped, data sharing are all operated on this privately owned equipment, thereby realize sharing of user's attitude and kernel state data on each kernel version.
Check the method for the restriction use of mmap in the releasing provided by the invention, the application program that driver provides the mmap method to supply user's attitude is used.
Check the method for the restriction use of mmap in the releasing provided by the invention, driver provides open, release, read, write to supply the application program of user's attitude to use.
Check the method for the restriction use of mmap in the releasing provided by the invention; The mmap method that the application program of user's attitude provides through driver is shone upon privately owned memory device to user's space; Open closing device through open, release, come read-write equipment through read, write.
The present invention also provides the system of the restriction use of checking mmap in a kind of the releasing; It comprises in the kernel state creates privately owned memory device through driver; All memory-mapped, data sharing are all operated on this privately owned equipment, thereby realize sharing of user's attitude and kernel state data on each kernel version.
Check the system of the restriction use of mmap in the releasing provided by the invention, the application program that driver provides the mmap method to supply user's attitude is used.
Check the system of the restriction use of mmap in the releasing provided by the invention, driver provides open, release, read, write to supply the application program of user's attitude to use.
Check the system of the restriction use of mmap in the releasing provided by the invention; The mmap method that the application program of user's attitude provides through driver is shone upon privately owned memory device to user's space; Open closing device through open, release, come read-write equipment through read, write.
Compared with prior art, beneficial effect of the present invention is: adopt this scheme, at first, compatibility improves greatly.Only need write a small driver just can break away from the dependence of mmap to kernel, realizes the compatibility to various system kernel versions.Secondly, controllability strengthens greatly.Only, just can realize the random access control of user's attitude application program and underlying device through writing a driving.If do not adopt this scheme, perhaps through recompilating kernel, perhaps through adopting third party software, compatible and controllability all can receive discount greatly.
Description of drawings
Fig. 1 is a structural representation of the present invention.
Embodiment
In order to address this problem, the present invention has created a privately owned equipment separately, and all memory-mapped, data sharing are all operated on the privately owned equipment of oneself.Check the protection of its own privately owned equipment in so just having avoided newly, mmap just can move on each kernel version without restriction like this, realizes sharing of user's attitude and kernel state data.Concrete operations are shown in accompanying drawing 1.Driver is responsible for generating a privately owned memory device, drives the application program that provides open, release, read, write and mmap method to supply user's attitude and uses.The application program of user's attitude just can be shone upon privately owned memory device to user's space through the mmap method that driving provides like this, opens closing device through open, release, comes read-write equipment through read, write.
Scheme of the present invention can be broken away from the dependence of mmap to kernel through driver, realizes the compatibility to various system kernel versions, and can realize the random access control of user's attitude application program and underlying device.
Above embodiment is only in order to technical scheme of the present invention to be described but not to its restriction; Although the present invention has been carried out detailed explanation with reference to the foregoing description; The those of ordinary skill in said field is to be understood that: still can specific embodiments of the invention make amendment or replacement on an equal basis; And do not break away from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (8)
1. check the method that the restriction of mmap is used in the releasing; It creates privately owned memory device through driver in kernel state; All memory-mapped, data sharing are all operated on this privately owned equipment, thereby realize sharing of user's attitude and kernel state data on each kernel version.
2. the method for claim 1 is characterized in that, the application program that driver provides the mmap method to supply user's attitude is used.
3. the method for claim 1-2 is characterized in that, driver provides open, release, read, write to supply the application program of user's attitude to use.
4. the method for claim 1-2 is characterized in that, the mmap method that the application program of user's attitude provides through driver is shone upon privately owned memory device to user's space, opens closing device through open, release, comes read-write equipment through read, write.
5. check the system that the restriction of mmap is used in the releasing; It comprises in the kernel state creates privately owned memory device through driver; All memory-mapped, data sharing are all operated on this privately owned equipment, thereby realize sharing of user's attitude and kernel state data on each kernel version.
6. the system of claim 5 is characterized in that, the application program that driver provides the mmap method to supply user's attitude is used.
7. the system of claim 5-6 is characterized in that, driver provides open, release, read, write to supply the application program of user's attitude to use.
8. the system of claim 5-7 is characterized in that, the mmap method that the application program of user's attitude provides through driver is shone upon privately owned memory device to user's space, opens closing device through open, release, comes read-write equipment through read, write.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104151280A CN102567068A (en) | 2011-12-13 | 2011-12-13 | System and method for handling kernel mmap call failure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104151280A CN102567068A (en) | 2011-12-13 | 2011-12-13 | System and method for handling kernel mmap call failure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102567068A true CN102567068A (en) | 2012-07-11 |
Family
ID=46412568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104151280A Pending CN102567068A (en) | 2011-12-13 | 2011-12-13 | System and method for handling kernel mmap call failure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102567068A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106201749A (en) * | 2016-08-29 | 2016-12-07 | 东软集团股份有限公司 | The access control method of a kind of shared drive, Apparatus and system |
| CN110635569A (en) * | 2019-09-24 | 2019-12-31 | 南京智联达科技有限公司 | Power distribution terminal design architecture and method based on Linux |
| CN111966383A (en) * | 2020-09-03 | 2020-11-20 | 中国人民解放军国防科技大学 | Quantitative analysis method, system and medium for operating system kernel compatibility |
| CN112817986A (en) * | 2021-02-26 | 2021-05-18 | 北京易捷思达科技发展有限公司 | Data structure repairing method and device suitable for Linux production environment |
| CN116795726A (en) * | 2023-08-25 | 2023-09-22 | 麒麟软件有限公司 | Method for online debugging Linux kernel |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925465A (en) * | 2006-09-22 | 2007-03-07 | 中国科学院计算技术研究所 | Method for realizing data packet catching based on sharing internal memory |
| CN101616194A (en) * | 2009-07-23 | 2009-12-30 | 中国科学技术大学 | The optimizing host network performance system and method |
-
2011
- 2011-12-13 CN CN2011104151280A patent/CN102567068A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925465A (en) * | 2006-09-22 | 2007-03-07 | 中国科学院计算技术研究所 | Method for realizing data packet catching based on sharing internal memory |
| CN101616194A (en) * | 2009-07-23 | 2009-12-30 | 中国科学技术大学 | The optimizing host network performance system and method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106201749A (en) * | 2016-08-29 | 2016-12-07 | 东软集团股份有限公司 | The access control method of a kind of shared drive, Apparatus and system |
| CN106201749B (en) * | 2016-08-29 | 2019-04-26 | 东软集团股份有限公司 | A kind of access control method of shared drive, apparatus and system |
| CN110635569A (en) * | 2019-09-24 | 2019-12-31 | 南京智联达科技有限公司 | Power distribution terminal design architecture and method based on Linux |
| CN111966383A (en) * | 2020-09-03 | 2020-11-20 | 中国人民解放军国防科技大学 | Quantitative analysis method, system and medium for operating system kernel compatibility |
| CN111966383B (en) * | 2020-09-03 | 2023-08-15 | 中国人民解放军国防科技大学 | Method, system and medium for quantitatively analyzing kernel compatibility of operating system |
| CN112817986A (en) * | 2021-02-26 | 2021-05-18 | 北京易捷思达科技发展有限公司 | Data structure repairing method and device suitable for Linux production environment |
| CN112817986B (en) * | 2021-02-26 | 2022-03-22 | 北京易捷思达科技发展有限公司 | Data structure repairing method and device suitable for Linux production environment |
| CN116795726A (en) * | 2023-08-25 | 2023-09-22 | 麒麟软件有限公司 | Method for online debugging Linux kernel |
| CN116795726B (en) * | 2023-08-25 | 2023-11-28 | 麒麟软件有限公司 | Method for online debugging Linux kernel |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hallinan | Embedded Linux primer: a practical real-world approach | |
| CA2768752C (en) | Terminal device of non-android platform for executing android applications, and computer readable recording medium for storing program of executing android applications on non-android platform | |
| CN106062708B (en) | Binary system in the system being randomized with address space layout, which converts, to be reused | |
| CN102567068A (en) | System and method for handling kernel mmap call failure | |
| US20080066063A1 (en) | System and method for preparing runtime checks | |
| US20060080648A1 (en) | Concurrent code loading mechanism | |
| CN105204913A (en) | Method and system for running Linux application on Android operating system and system | |
| US20150121055A1 (en) | Flexible bootstrap code architecture | |
| TW200846897A (en) | Firmware ROM patch method | |
| CN102402427A (en) | Method and device for updating Java application program | |
| TWI625672B (en) | Updatable integrated-circuit radio | |
| CN100492387C (en) | Method and system for software protected development based on Keil C51 | |
| US20170102924A1 (en) | Software architecture for embedded systems | |
| US20060080681A1 (en) | Mechanism to extend functionality in a restricted computing environment | |
| CN106055368A (en) | Application updating method and device | |
| CN104035778A (en) | Android application program development method | |
| Andrus et al. | Cider: Native execution of ios apps on android | |
| US20160224325A1 (en) | Hiding compilation latency | |
| CN105556461A (en) | Techniques for pre-OS image rewriting to provide cross-architecture support, security introspection, and performance optimization | |
| Meike et al. | Inside the android OS: building, customizing, managing and operating android system services | |
| TWI640869B (en) | Method of configuring an integrated-circuit radiocommunication device and integrated-circuit radiocommunication device | |
| Xu et al. | Condroid: a container-based virtualization solution adapted for android devices | |
| KR20150024927A (en) | Integrated-circuit radio | |
| CN104281443B (en) | Method for realizing code and data replacement by using TCM (trusted cryptography module) | |
| US11144329B2 (en) | Processor microcode with embedded jump table |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120711 |