mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-23 02:05:57 +01:00
ring0: move docs to readme
This commit is contained in:
Ciro Santilli
51
README.adoc
51
README.adoc
@@ -2171,6 +2171,57 @@ We also have one letter shorthand names for the architectures:
|
||||
|
||||
Known quirks of the supported architectures are documented in this section.
|
||||
|
||||
=== x86_64
|
||||
|
||||
==== ring0
|
||||
|
||||
This example illustrates how reading from the x86 control registers with `mov crX, rax` can only be done from kernel land on ring0.
|
||||
|
||||
From kernel land:
|
||||
|
||||
....
|
||||
insmod ring0.ko
|
||||
....
|
||||
|
||||
works and output the registers, for example:
|
||||
|
||||
....
|
||||
cr0 = 0xFFFF880080050033
|
||||
cr2 = 0xFFFFFFFF006A0008
|
||||
cr3 = 0xFFFFF0DCDC000
|
||||
....
|
||||
|
||||
However if we try to do it from userland:
|
||||
|
||||
....
|
||||
/ring0.out
|
||||
....
|
||||
|
||||
stdout gives:
|
||||
|
||||
....
|
||||
Segmentation fault
|
||||
....
|
||||
|
||||
and dmesg outputs:
|
||||
|
||||
....
|
||||
traps: ring0.out[55] general protection ip:40054c sp:7fffffffec20 error:0 in ring0.out[400000+1000]
|
||||
....
|
||||
|
||||
Sources:
|
||||
|
||||
* link:kernel_module/ring0.c[]
|
||||
* link:kernel_module/ring0.h[]
|
||||
* link:kernel_module/user/ring0.c[]
|
||||
|
||||
In both cases, we attempt to run the exact same code which is shared on the `ring0.h` header file.
|
||||
|
||||
Bibliography:
|
||||
|
||||
* https://stackoverflow.com/questions/7415515/how-to-access-the-control-registers-cr0-cr2-cr3-from-a-program-getting-segmenta/7419306#7419306
|
||||
* https://stackoverflow.com/questions/18717016/what-are-ring-0-and-ring-3-in-the-context-of-operating-systems/44483439#44483439
|
||||
|
||||
=== mips64
|
||||
|
||||
Keep in mind that MIPS has the worst support compared to our other architectures due to the smaller community. Patches welcome as usual.
|
||||
|
||||
@@ -16,6 +16,3 @@ Our kernel modules!
|
||||
.. link:strlen_overflow.c[]
|
||||
. Tracing
|
||||
.. link:kprobe_example.c[]
|
||||
. Arch
|
||||
.. x86
|
||||
... link:ring0.c[]
|
||||
|
||||
@@ -1,13 +1,4 @@
|
||||
/*
|
||||
This illustrates operations which are only possible in ring 0.
|
||||
https://stackoverflow.com/questions/7415515/how-to-access-the-control-registers-cr0-cr2-cr3-from-a-program-getting-segmenta/7419306#7419306
|
||||
|
||||
It only works for x86_64.
|
||||
|
||||
Then try to run this on userland and see the process be killed:
|
||||
|
||||
/ring0.out
|
||||
*/
|
||||
/* https://github.com/cirosantilli/linux-kernel-module-cheat#ring0 */
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/kernel.h>
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
/*
|
||||
See ../ring0.c
|
||||
|
||||
This executable is expected to segfault.
|
||||
*/
|
||||
/* https://github.com/cirosantilli/linux-kernel-module-cheat#ring0 */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
Reference in New Issue
Block a user