ring0 priviledged actions

kernel_module/README.adoc

@@ -37,7 +37,9 @@
 .. link:character_device_create.c[]
 .. link:virt_to_phys.c[]
 . Utilities
-.. kstrto
+.. link:kstrto.c[]
+. Misc
+.. link:ring0.c[]
 . Hardware device drivers
 .. link:pci_min.c[]
 .. link:pci.c[]

kernel_module/pci.c

@@ -1,5 +1,5 @@
 /*
-Only teted for x86.
+Only tested for x86.
 
 Usage:
 

kernel_module/ring0.c

@@ -0,0 +1,33 @@
+/*
+This illustrates operations which are only possible in ring 0.
+https://stackoverflow.com/questions/7415515/how-to-access-the-control-registers-cr0-cr2-cr3-from-a-program-getting-segmenta/7419306#7419306
+
+It only works for x86_64.
+
+Then try to run this on userland and see the process be killed:
+
+    /ring0.out
+*/
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+
+#include "ring0.h"
+
+static int myinit(void)
+{
+#if defined(__x86_64__) || defined(__i386__)
+	Ring0Regs ring0_regs;
+	ring0_get_control_regs(&ring0_regs);
+	pr_info("cr0 = 0x%8.8llX\n", (unsigned long long)ring0_regs.cr0);
+	pr_info("cr2 = 0x%8.8llX\n", (unsigned long long)ring0_regs.cr2);
+	pr_info("cr3 = 0x%8.8llX\n", (unsigned long long)ring0_regs.cr3);
+#endif
+    return 0;
+}
+
+static void myexit(void) {}
+
+module_init(myinit)
+module_exit(myexit)
+MODULE_LICENSE("GPL");

kernel_module/ring0.h

@@ -0,0 +1,56 @@
+#if defined(__x86_64__) || defined(__i386__)
+
+#ifdef THIS_MODULE
+#include <linux/kernel.h>
+#if defined(__x86_64__)
+typedef u64 T;
+#elif defined(__i386__)
+typedef u32 T;
+#endif
+#else
+#include <stdint.h>
+#if defined(__x86_64__)
+typedef uint64_t T;
+#elif defined(__i386__)
+typedef uint32_t T;
+#endif
+#endif
+
+typedef struct {
+    T cr0;
+    T cr2;
+    T cr3;
+} Ring0Regs;
+
+void ring0_get_control_regs(Ring0Regs *ring0_regs)
+{
+#ifdef __x86_64__
+    __asm__ __volatile__ (
+        "mov %%cr0, %%rax\n\t"
+        "mov %%eax, %0\n\t"
+        "mov %%cr2, %%rax\n\t"
+        "mov %%eax, %1\n\t"
+        "mov %%cr3, %%rax\n\t"
+        "mov %%eax, %2\n\t"
+    : "=m" (ring0_regs->cr0),
+      "=m" (ring0_regs->cr2),
+      "=m" (ring0_regs->cr3)
+    : /* no input */
+    : "%rax"
+    );
+#elif defined(__i386__)
+    __asm__ __volatile__ (
+        "mov %%cr0, %%eax\n\t"
+        "mov %%eax, %0\n\t"
+        "mov %%cr2, %%eax\n\t"
+        "mov %%eax, %1\n\t"
+        "mov %%cr3, %%eax\n\t"
+        "mov %%eax, %2\n\t"
+    : "=m" (ring0_regs->cr0),
+      "=m" (ring0_regs->cr2),
+      "=m" (ring0_regs->cr3)
+    : /* no input */
+    : "%eax"
+    );
+#endif
+}

kernel_module/user/ring0.c

@@ -0,0 +1,18 @@
+/*
+See ../ring0.c
+
+This executable is expected to segfault.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "../ring0.h"
+
+int main(void) {
+#if defined(__x86_64__) || defined(__i386__)
+	Ring0Regs ring0_regs;
+	ring0_get_control_regs(&ring0_regs);
+#endif
+	return EXIT_SUCCESS;
+}