File tree Expand file tree Collapse file tree 4 files changed +53
-18
lines changed Expand file tree Collapse file tree 4 files changed +53
-18
lines changed Original file line number Diff line number Diff line change @@ -2171,6 +2171,57 @@ We also have one letter shorthand names for the architectures:
21712171
21722172Known quirks of the supported architectures are documented in this section.
21732173
2174+ === x86_64
2175+
2176+ ==== ring0
2177+
2178+ This example illustrates how reading from the x86 control registers with `mov crX, rax` can only be done from kernel land on ring0.
2179+
2180+ From kernel land:
2181+
2182+ ....
2183+ insmod ring0.ko
2184+ ....
2185+
2186+ works and output the registers, for example:
2187+
2188+ ....
2189+ cr0 = 0xFFFF880080050033
2190+ cr2 = 0xFFFFFFFF006A0008
2191+ cr3 = 0xFFFFF0DCDC000
2192+ ....
2193+
2194+ However if we try to do it from userland:
2195+
2196+ ....
2197+ /ring0.out
2198+ ....
2199+
2200+ stdout gives:
2201+
2202+ ....
2203+ Segmentation fault
2204+ ....
2205+
2206+ and dmesg outputs:
2207+
2208+ ....
2209+ traps: ring0.out[55] general protection ip:40054c sp:7fffffffec20 error:0 in ring0.out[400000+1000]
2210+ ....
2211+
2212+ Sources:
2213+
2214+ * link:kernel_module/ring0.c[]
2215+ * link:kernel_module/ring0.h[]
2216+ * link:kernel_module/user/ring0.c[]
2217+
2218+ In both cases, we attempt to run the exact same code which is shared on the `ring0.h` header file.
2219+
2220+ Bibliography:
2221+
2222+ * https://stackoverflow.com/questions/7415515/how-to-access-the-control-registers-cr0-cr2-cr3-from-a-program-getting-segmenta/7419306#7419306
2223+ * https://stackoverflow.com/questions/18717016/what-are-ring-0-and-ring-3-in-the-context-of-operating-systems/44483439#44483439
2224+
21742225=== mips64
21752226
21762227Keep in mind that MIPS has the worst support compared to our other architectures due to the smaller community. Patches welcome as usual.
Original file line number Diff line number Diff line change @@ -16,6 +16,3 @@ Our kernel modules!
1616.. link:strlen_overflow.c[]
1717. Tracing
1818.. link:kprobe_example.c[]
19- . Arch
20- .. x86
21- ... link:ring0.c[]
Original file line number Diff line number Diff line change 1- /*
2- This illustrates operations which are only possible in ring 0.
3- https://stackoverflow.com/questions/7415515/how-to-access-the-control-registers-cr0-cr2-cr3-from-a-program-getting-segmenta/7419306#7419306
4-
5- It only works for x86_64.
6-
7- Then try to run this on userland and see the process be killed:
8-
9- /ring0.out
10- */
1+ /* https://github.com/cirosantilli/linux-kernel-module-cheat#ring0 */
112
123#include <linux/module.h>
134#include <linux/kernel.h>
Original file line number Diff line number Diff line change 1- /*
2- See ../ring0.c
3-
4- This executable is expected to segfault.
5- */
1+ /* https://github.com/cirosantilli/linux-kernel-module-cheat#ring0 */
62
73#include <stdio.h>
84#include <stdlib.h>
You can’t perform that action at this time.
0 commit comments