1====================== 2Kernel page table dump 3====================== 4 5ptdump is a debugfs interface that provides a detailed dump of the 6kernel page tables. It offers a comprehensive overview of the kernel 7virtual memory layout as well as the attributes associated with the 8various regions in a human-readable format. It is useful to dump the 9kernel page tables to verify permissions and memory types. Examining the 10page table entries and permissions helps identify potential security 11vulnerabilities such as mappings with overly permissive access rights or 12improper memory protections. 13 14Memory hotplug allows dynamic expansion or contraction of available 15memory without requiring a system reboot. To maintain the consistency 16and integrity of the memory management data structures, arm64 makes use 17of the ``mem_hotplug_lock`` semaphore in write mode. Additionally, in 18read mode, ``mem_hotplug_lock`` supports an efficient implementation of 19``get_online_mems()`` and ``put_online_mems()``. These protect the 20offlining of memory being accessed by the ptdump code. 21 22In order to dump the kernel page tables, enable the following 23configurations and mount debugfs:: 24 25 CONFIG_GENERIC_PTDUMP=y 26 CONFIG_PTDUMP_CORE=y 27 CONFIG_PTDUMP_DEBUGFS=y 28 29 mount -t debugfs nodev /sys/kernel/debug 30 cat /sys/kernel/debug/kernel_page_tables 31 32On analysing the output of ``cat /sys/kernel/debug/kernel_page_tables`` 33one can derive information about the virtual address range of the entry, 34followed by size of the memory region covered by this entry, the 35hierarchical structure of the page tables and finally the attributes 36associated with each page. The page attributes provide information about 37access permissions, execution capability, type of mapping such as leaf 38level PTE or block level PGD, PMD and PUD, and access status of a page 39within the kernel memory. Assessing these attributes can assist in 40understanding the memory layout, access patterns and security 41characteristics of the kernel pages. 42 43Kernel virtual memory layout example:: 44 45 start address end address size attributes 46 +---------------------------------------------------------------------------------------+ 47 | ---[ Linear Mapping start ]---------------------------------------------------------- | 48 | .................. | 49 | 0xfff0000000000000-0xfff0000000210000 2112K PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED | 50 | 0xfff0000000210000-0xfff0000001c00000 26560K PTE ro NX SHD AF UXN MEM/NORMAL | 51 | .................. | 52 | ---[ Linear Mapping end ]------------------------------------------------------------ | 53 +---------------------------------------------------------------------------------------+ 54 | ---[ Modules start ]----------------------------------------------------------------- | 55 | .................. | 56 | 0xffff800000000000-0xffff800008000000 128M PTE | 57 | .................. | 58 | ---[ Modules end ]------------------------------------------------------------------- | 59 +---------------------------------------------------------------------------------------+ 60 | ---[ vmalloc() area ]---------------------------------------------------------------- | 61 | .................. | 62 | 0xffff800008010000-0xffff800008200000 1984K PTE ro x SHD AF UXN MEM/NORMAL | 63 | 0xffff800008200000-0xffff800008e00000 12M PTE ro x SHD AF CON UXN MEM/NORMAL | 64 | .................. | 65 | ---[ vmalloc() end ]----------------------------------------------------------------- | 66 +---------------------------------------------------------------------------------------+ 67 | ---[ Fixmap start ]------------------------------------------------------------------ | 68 | .................. | 69 | 0xfffffbfffdb80000-0xfffffbfffdb90000 64K PTE ro x SHD AF UXN MEM/NORMAL | 70 | 0xfffffbfffdb90000-0xfffffbfffdba0000 64K PTE ro NX SHD AF UXN MEM/NORMAL | 71 | .................. | 72 | ---[ Fixmap end ]-------------------------------------------------------------------- | 73 +---------------------------------------------------------------------------------------+ 74 | ---[ PCI I/O start ]----------------------------------------------------------------- | 75 | .................. | 76 | 0xfffffbfffe800000-0xfffffbffff800000 16M PTE | 77 | .................. | 78 | ---[ PCI I/O end ]------------------------------------------------------------------- | 79 +---------------------------------------------------------------------------------------+ 80 | ---[ vmemmap start ]----------------------------------------------------------------- | 81 | .................. | 82 | 0xfffffc0002000000-0xfffffc0002200000 2M PTE RW NX SHD AF UXN MEM/NORMAL | 83 | 0xfffffc0002200000-0xfffffc0020000000 478M PTE | 84 | .................. | 85 | ---[ vmemmap end ]------------------------------------------------------------------- | 86 +---------------------------------------------------------------------------------------+ 87 88``cat /sys/kernel/debug/kernel_page_tables`` output:: 89 90 0xfff0000001c00000-0xfff0000080000000 2020M PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED 91 0xfff0000080000000-0xfff0000800000000 30G PMD 92 0xfff0000800000000-0xfff0000800700000 7M PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED 93 0xfff0000800700000-0xfff0000800710000 64K PTE ro NX SHD AF UXN MEM/NORMAL-TAGGED 94 0xfff0000800710000-0xfff0000880000000 2089920K PTE RW NX SHD AF UXN MEM/NORMAL-TAGGED 95 0xfff0000880000000-0xfff0040000000000 4062G PMD 96 0xfff0040000000000-0xffff800000000000 3964T PGD 97