Abstract: To speed up data exchange, many Linux device drivers provide mmap handler interface, and user processes directly share physical memory between user space and the kernel space by calling mmap. To ensure kernel security, mmap handler interface should check arguments passed in by user process, such as the starting location and the length of memory mapping. Those interfaces which are negligent in checking or have loopholes in checking logic may directly threaten the security of the system. This paper analyzes the main problems of mmap handler argument checking, and proposes a kernel protection mechanism based on registration policy.

Key words: Linux, driver, mmap, argument checking, registration policy, kernel protection

摘要： 为加快数据交换速度，Linux设备驱动程序提供了mmap接口.用户进程通过调用mmap函数在用户空间和内核之间直接共享物理内存.为保障内核安全，mmap接口需要检查用户进程传入的内存映射起始位置、长度等输入参数，疏于检查或检查逻辑存在疏漏的接口将直接威胁系统的安全.分析了mmap接口参数检查的主要问题，提出了一种基于登记策略的内核保护机制.

关键词: Linux, 驱动程序, mmap, 参数检查, 登记策略, 内核保护