Re: How to tell whether a task_struct is running in kernelmode or usermode ?

Austin Kim <austindh.kim@xxxxxxxxx> · Mon, 30 Sep 2019 18:41:30 +0900

2019년 9월 30일 (월) 오전 3:26, William Tambe <tambewilliam@xxxxxxxxx>님이 작성:
>
> When a task execute a system-call, it runs in kernelmode and later
> resume in usermode.
>
> Which field of task_struct tells whether a task is currently running
> kernelmode or usermode ?

User processes can be running in both user space and kernel space,
depending on what they're doing.
The user-process is executing inside user code until it requests
kernel services(i.e: system call).

But there is no clear field from struct task_struct which determines
user-mode and kernel-mode.
(If I get wrong, I hope someone would leave a comment.)

Instead, user_mode() function would tell us whether process is running
user mode or not.
The user_mode() is architecture-dependent function since it is
implemented in different ways.

ARM architecture:
[arch/arm/include/asm/ptrace.h]
#define user_mode(regs) \
(((regs)->ARM_cpsr & 0xf) == 0)

x86 architecture:
[arch/x86/include/asm/ptrace.h]
static inline int user_mode(struct pt_regs *regs)
{
#ifdef CONFIG_X86_32
return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK))
>= USER_RPL;
#else
return !!(regs->cs & 3);
#endif
}

Everytime process comes from user-mode to kernel-mode,
a set of register is pushed into the kernel stack.

As for ARM architecture, the typical example of a set of register
being pushed into the
stack space of kernel is as follows.

________address|_data________|value_____________|symbol
   NSD:EC431FA8| 48 31 F7 BE  0xBEF73148
   NSD:EC431FAC| 02 00 00 00  0x2
   NSD:EC431FB0| C0 B3 98 AE  0xAE98B3C0 //r0
   NSD:EC431FB4| 58 00 00 00  0x58            //r1
   NSD:EC431FB8| 48 31 F7 BE  0xBEF73148   //r2
   NSD:EC431FBC| 6D 00 00 00  0x6D           //r3
   NSD:EC431FC0| 48 31 F7 BE  0xBEF73148   //r4
   NSD:EC431FC4| 02 00 00 00  0x2              //r5
   NSD:EC431FC8| 04 00 00 00  0x4              //r6
   NSD:EC431FCC| 0A 01 00 00  0x10A      // r7
   NSD:EC431FD0| FF FF FF FF  0xFFFFFFFF //r8
   NSD:EC431FD4| 00 00 00 00  0x0        //r9
   NSD:EC431FD8| 01 00 00 00  0x1        //r10
   NSD:EC431FDC| 00 B0 9F AE  0xAE9FB000 //r11
   NSD:EC431FE0| 04 00 00 00  0x4        //r12
   NSD:EC431FE4| 80 30 F7 BE  0xBEF73080 //sp
   NSD:EC431FE8| 17 8F 07 00  0x78F17    //lr
   NSD:EC431FEC| B8 29 08 00  0x829B8    //pc
   NSD:EC431FF0| 10 00 0F 20  0x200F0010 // cpsr, please pay attention
to this value
   NSD:EC431FF4| C0 B3 98 AE  0xAE98B3C0
   NSD:EC431FF8| 00 00 00 00  0x0
   NSD:EC431FFC| 00 00 00 00  0x0
___NSD:EC432000|_00_00_00_00__0x0  // <<--stack bottom address of process

At EC431FF0, value of 'cpsr' register is 0x200F0010, which means this
process is running as user-mode.

According to below definition:
[arch/arm/include/asm/ptrace.h]
#define user_mode(regs) \
(((regs)->ARM_cpsr & 0xf) == 0)

>From ARM processor perspective, each mode is as followings:
0x200F0011: FIQ mode
0x200F0012: IRQ mode
0x200F0013: Supervisor mode

Thanks,
Austin Kim