Identifying whether a user-process or kernel-thread execution takes place by looking at CPU registers
limp
johnkyr83 at hotmail.com
Sat May 14 13:55:53 EDT 2011
Thank you all for your replies.
> If you want details about how to determine the task_struct from SP, I
> can get into that, although it's subject to change. Using "current" it
> the normal technique.
Yes, I want to determine the "task_struct" from the SP. According to what I
read, on x86 "current" is calculated by masking out the 13 least significant
bits of the stack pointer to obtain the "thread_info" structure and
consequently
the "task_struct". Is that what you had in mind?
Another question is if the "task_struct" is allocated in contiguous memory
space as I don't see a "packed" attribute in the structure definition.
If yes, do you know of an easy way of finding the offset of the "mm" field
of the structure so that I can obtain its value? I guess a way is by finding
it manually from the structure definition but it seems quite complex.
Thanks again,
John K.
More information about the Kernelnewbies
mailing list