stackoom
  简体   繁体   中英

How to correct relative addressing after memory copy function to user space?

 原文  2019-05-21 06:51:32       c/ gcc/ operating-system

Question

Hi I'm trying to jump from kernel level to user level using "sysexit", and prepared the following user function: 

void user_level_function(void)
{
    color_printk(RED, BLACK, "user_level_function task is running\n");
    while(1);
}

However GCC compiled as following: 

ffff80000010322f <user_level_function>:
ffff80000010322f:   55                      push   %rbp
ffff800000103230:   48 89 e5                mov    %rsp,%rbp
ffff800000103233:   41 57                   push   %r15
ffff800000103235:   48 83 ec 08             sub    $0x8,%rsp
ffff800000103239:   48 8d 0d f9 ff ff ff    lea    -0x7(%rip),%rcx        # ffff800000103239 <user_level_function+0xa>
ffff800000103240:   49 bb af d9 00 00 00    movabs $0xd9af,%r11
ffff800000103247:   00 00 00 
ffff80000010324a:   4c 01 d9                add    %r11,%rcx
ffff80000010324d:   48 b8 a0 01 00 00 00    movabs $0x1a0,%rax
ffff800000103254:   00 00 00 
ffff800000103257:   48 8d 14 01             lea    (%rcx,%rax,1),%rdx
ffff80000010325b:   be 00 00 00 00          mov    $0x0,%esi
ffff800000103260:   bf 00 00 ff 00          mov    $0xff0000,%edi
ffff800000103265:   49 89 cf                mov    %rcx,%r15
ffff800000103268:   b8 00 00 00 00          mov    $0x0,%eax
ffff80000010326d:   49 b8 ca 4a ff ff ff    movabs $0xffffffffffff4aca,%r8
ffff800000103274:   ff ff ff 
ffff800000103277:   49 01 c8                add    %rcx,%r8
ffff80000010327a:   41 ff d0                callq  *%r8
ffff80000010327d:   eb fe                   jmp    ffff80000010327d <user_level_function+0x4e>

Above assembly code shows that the function is addressing using its current compiled address.

Therefore after I memory copy the function to user space (0x800000) and execute it, the addressing is disordered due to the relative addressing. 

unsigned long do_execve(void)
{
    color_printk(RED,BLACK,"do_execve task is running\n");
    memcpy(user_level_function,(void *)0x800000,1024);
    PUSH_ALL;
    __asm__ __volatile__ (
        "wrmsr  \n\t"
        "movq $0x800000, %%rdx \n\t"
        "movq $0xa00000, %%rcx \n\t"
        ".byte  0x48    \n\t"
        "sysexit        \n\t"
        :
        :"d"((unsigned long)KERNEL_CS >> 32),
         "a"((unsigned long)KERNEL_CS & 0xffffffff),
         "c"(0x174)
        :"memory"
    );
    POP_ALL;
    return 0;
}

Therefore I would like to ask if there is a way to solve it?

Thanks a lot!!

1 answers

solution1
 0 ACCPTED  2019-05-22 11:59:37

您可以使用-fno-pic编译器选项吗?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How memory space behave after function return for local variables? Copy function from user space to kernel and execute How to generate IP relative addressing instructions with GCC How to make inline function only take up one copy's worth of memory space in executable file How linux's user space allocates memory How to copy a structure containing a pointer from user space to kernel Memory allocation and addressing in Assembly Directly Addressing Array Memory Copy function in memory copy data from kernel space to user space
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM