stackoom
  简体   繁体   中英

system_call value is different each time when I use rdmsrl(MSR_LSTAR, system_call)

 原文  2019-06-11 11:26:51       linux/ linux-kernel/ x86/ x86-64/ inline-assembly

Question

I'm writing a lkm to get sys_call_table address and I'm trying to get it by IDT (I have tested other methods and they work). The problem is that when I use rdmsrl to get register MSR_LSTAR , it's different each time.

I have tried function rdmsrl ( MSR_LSTAR ) and asm sentences in Ubuntu 18.04.1 with kernel 4.15.0-51. 

asm("rdmsr" : "=a" (low), "=d" (high) : "c" (IA32_LSTAR));
system_call = (void*)(((long)high<<32) | low);
printk(KERN_INFO "system_call: 0x%llx", system_call);

rdmsrl(MSR_LSTAR, sct_off);
printk("sct_off: %016llx\n", sct_off);

The result is as follows: 

system_call: 0xfffffe0000006000
system_call: 0xfffffe000008a000
system_call: 0xfffffe0000032000

1 answers

solution1
 3 ACCPTED  2019-06-12 20:30:45

Do you have CONFIG_RETPOLINE=y enabled? (check via cat /usr/src/`uname -r`/.config | grep RETPOLINE ). If so, for CPUs where Kernel Page Table Isolation is enabled MSR_LSTAR holds the trampoline per-cpu entry SYSCALL64_entry_trampoline instead of the standard entry_SYSCALL_64 for your kernel version.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Kernel probe not inserted for system_call function Kernel panic when altering system_call in entry.S Different ways to call system calls System call return value in C backlog value in listen system call When wait system call is used Use of sbrk system call in Unix Use of iret when returning from exec system call How can I get the CPU time for a perl system call? Can I use nullptr as a Linux system call parameter?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM