1======================
2Kernel page table dump
3======================
4
5ptdump is a debugfs interface that provides a detailed dump of the
6kernel page tables. It offers a comprehensive overview of the kernel
7virtual memory layout as well as the attributes associated with the
8various regions in a human-readable format. It is useful to dump the
9kernel page tables to verify permissions and memory types. Examining the
10page table entries and permissions helps identify potential security
11vulnerabilities such as mappings with overly permissive access rights or
12improper memory protections.
13
14Memory hotplug allows dynamic expansion or contraction of available
15memory without requiring a system reboot. To maintain the consistency
16and integrity of the memory management data structures, arm64 makes use
17of the ``mem_hotplug_lock`` semaphore in write mode. Additionally, in
18read mode, ``mem_hotplug_lock`` supports an efficient implementation of
19``get_online_mems()`` and ``put_online_mems()``. These protect the
20offlining of memory being accessed by the ptdump code.
21
22In order to dump the kernel page tables, enable the following
23configurations and mount debugfs::
24
25 CONFIG_GENERIC_PTDUMP=y
26 CONFIG_PTDUMP_CORE=y
27 CONFIG_PTDUMP_DEBUGFS=y
28
29 mount -t debugfs nodev /sys/kernel/debug
30 cat /sys/kernel/debug/kernel_page_tables
31
32On analysing the output of ``cat /sys/kernel/debug/kernel_page_tables``
33one can derive information about the virtual address range of the entry,
34followed by size of the memory region covered by this entry, the
35hierarchical structure of the page tables and finally the attributes
36associated with each page. The page attributes provide information about
37access permissions, execution capability, type of mapping such as leaf
38level PTE or block level PGD, PMD and PUD, and access status of a page
39within the kernel memory. Assessing these attributes can assist in
40understanding the memory layout, access patterns and security
41characteristics of the kernel pages.
42
43Kernel virtual memory layout example::
44
45 start address        end address         size             attributes
46 +---------------------------------------------------------------------------------------+
47 | ---[ Linear Mapping start ]---------------------------------------------------------- |
48 | ..................                                                                    |
49 | 0xfff0000000000000-0xfff0000000210000  2112K PTE RW NX SHD AF  UXN  MEM/NORMAL-TAGGED |
50 | 0xfff0000000210000-0xfff0000001c00000 26560K PTE ro NX SHD AF  UXN  MEM/NORMAL        |
51 | ..................                                                                    |
52 | ---[ Linear Mapping end ]------------------------------------------------------------ |
53 +---------------------------------------------------------------------------------------+
54 | ---[ Modules start ]----------------------------------------------------------------- |
55 | ..................                                                                    |
56 | 0xffff800000000000-0xffff800008000000   128M PTE                                      |
57 | ..................                                                                    |
58 | ---[ Modules end ]------------------------------------------------------------------- |
59 +---------------------------------------------------------------------------------------+
60 | ---[ vmalloc() area ]---------------------------------------------------------------- |
61 | ..................                                                                    |
62 | 0xffff800008010000-0xffff800008200000  1984K PTE ro x  SHD AF       UXN  MEM/NORMAL   |
63 | 0xffff800008200000-0xffff800008e00000    12M PTE ro x  SHD AF  CON  UXN  MEM/NORMAL   |
64 | ..................                                                                    |
65 | ---[ vmalloc() end ]----------------------------------------------------------------- |
66 +---------------------------------------------------------------------------------------+
67 | ---[ Fixmap start ]------------------------------------------------------------------ |
68 | ..................                                                                    |
69 | 0xfffffbfffdb80000-0xfffffbfffdb90000    64K PTE ro x  SHD AF  UXN  MEM/NORMAL        |
70 | 0xfffffbfffdb90000-0xfffffbfffdba0000    64K PTE ro NX SHD AF  UXN  MEM/NORMAL        |
71 | ..................                                                                    |
72 | ---[ Fixmap end ]-------------------------------------------------------------------- |
73 +---------------------------------------------------------------------------------------+
74 | ---[ PCI I/O start ]----------------------------------------------------------------- |
75 | ..................                                                                    |
76 | 0xfffffbfffe800000-0xfffffbffff800000    16M PTE                                      |
77 | ..................                                                                    |
78 | ---[ PCI I/O end ]------------------------------------------------------------------- |
79 +---------------------------------------------------------------------------------------+
80 | ---[ vmemmap start ]----------------------------------------------------------------- |
81 | ..................                                                                    |
82 | 0xfffffc0002000000-0xfffffc0002200000     2M PTE RW NX SHD AF  UXN  MEM/NORMAL        |
83 | 0xfffffc0002200000-0xfffffc0020000000   478M PTE                                      |
84 | ..................                                                                    |
85 | ---[ vmemmap end ]------------------------------------------------------------------- |
86 +---------------------------------------------------------------------------------------+
87
88``cat /sys/kernel/debug/kernel_page_tables`` output::
89
90 0xfff0000001c00000-0xfff0000080000000     2020M PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
91 0xfff0000080000000-0xfff0000800000000       30G PMD
92 0xfff0000800000000-0xfff0000800700000        7M PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
93 0xfff0000800700000-0xfff0000800710000       64K PTE  ro NX SHD AF   UXN    MEM/NORMAL-TAGGED
94 0xfff0000800710000-0xfff0000880000000  2089920K PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
95 0xfff0000880000000-0xfff0040000000000     4062G PMD
96 0xfff0040000000000-0xffff800000000000     3964T PGD
97