Huawei Continues Working On Protectable Memory Support For The Linux Kernel
Igor Stoppa of Huawei continues working on a new kernel feature to provide read-only protection for dynamic data.
The patch work allows protecting memory that was dynamically allocated and to make it permanently read-only -- when a memory pool defined by this protectable memory support is made read-only, it cannot be made read-write again, only destroyed. MMUs can provide read-only protection currently for Linux systems, but not really geared for dynamic memory allocation. This protectable memory support offers a new "pmalloc" allocator that is short for protectable memory allocator.
An example user of pmalloc with this patch series is for protecting LSM security hooks whether they can be writable after boot, rather than making that just a kernel compile time option, it can then be controlled via a kernel boot-time argument.
This latest round of patches for protectable memory support can be found via the kernel mailing list.
The patch work allows protecting memory that was dynamically allocated and to make it permanently read-only -- when a memory pool defined by this protectable memory support is made read-only, it cannot be made read-write again, only destroyed. MMUs can provide read-only protection currently for Linux systems, but not really geared for dynamic memory allocation. This protectable memory support offers a new "pmalloc" allocator that is short for protectable memory allocator.
An example user of pmalloc with this patch series is for protecting LSM security hooks whether they can be writable after boot, rather than making that just a kernel compile time option, it can then be controlled via a kernel boot-time argument.
This latest round of patches for protectable memory support can be found via the kernel mailing list.
Add A Comment