Hi guys, On Thu, May 12, 2011 at 4:53 AM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote: > Hi.... > > On Thu, May 12, 2011 at 17:55, limp <johnkyr83@xxxxxxxxxxx> wrote: >> I was wondering if any other CPU register (apart from CR3) can indicate if a >> user-process or a kernel thread under it (and which one) is executed. Is it >> possible to know such a thing *only* by looking at CPU registers? > > one thing you can use is by looking at so called CPL (Current > Privilege level) and check it whether it is 0. According to > http://en.wikipedia.org/wiki/X86_memory_segmentation, CPL is the lower > 2 bits in CS. > > However, you need to watch it continously, because user space apps > could switch to CPL=0 (which denotes kernel mode, where CPL=3 denotes > user mode) in the case of system call etc. > > perhaps better is by looking at the address of mm. However, to do > this, you need to check starting from its task_struct, which is mapped > in its kernel stack in x86 AFAIK. In other arch such as ARM, AFAIK > task_struct could be simply derived from certain register. On the ARM, you can derive the task_struct from the stack pointer. >From kernel context, you can just use "current" which is a pointer to the currently running task. If you want details about how to determine the task_struct from SP, I can get into that, although it's subject to change. Using "current" it the normal technique. -- Dave Hylands Shuswap, BC, Canada http://www.davehylands.com _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
