0

I want to read kernel memory stack from a basic C program.

I am working on an x86-64 bits Linux computer.

My goal is to read thread_info structure.

Here is what I've done:

#include <stdio.h>
#include <unistd.h>

typedef unsigned int __u32;


struct thread_info {
 struct task_struct   *task; 
  struct exec_domain  *exec_domain;
 __u32               flags;    
 __u32               status;     
 __u32                cpu;      
 int                  saved_preempt_count;
 /* ... */
};

static inline struct thread_info *stack_thread_info(void) 
{
    int PAGE_SIZE = 8 * 1024;   // 8Kb on 64 bits
    int THREAD_SIZE = PAGE_SIZE << 2;

    struct thread_info *ti;
    __asm__("andq %%rsp,%0; ":"=r" (ti) : "0" (~(THREAD_SIZE - 1)));
    return ti;
}


void main()
{
    struct thread_info *ti = stack_thread_info();
    printf("%lx\n",ti->task);
}

I get a segfault when trying to display task_struct address.

red0ct
  • 4,840
  • 3
  • 17
  • 44
Bob5421
  • 7,757
  • 14
  • 81
  • 175
  • Possible duplicate of [How to access kernel space from user space?](https://stackoverflow.com/questions/9662193/how-to-access-kernel-space-from-user-space) – Tsyvarev Apr 04 '19 at 14:20
  • I do not want to access kernel space from user space, i just want to get task_struct. And kernel space is same than user space for a given process. Just the rights changes – Bob5421 Apr 04 '19 at 14:51
  • "I just want to get task_struct." - But that object is located in the kernel space, not in the user space. You are right that for the single process memory mappings are the same for kernel mode and for the user mode. But a user code has no rights for access data placed in the kernel space. – Tsyvarev Apr 04 '19 at 15:16
  • Okay so you mean the kernel has also portion of code in another memory space ? If i write a kernel module, how can i access to this memory part ? – Bob5421 Apr 04 '19 at 16:04
  • "so you mean the kernel has also portion of code in another memory space?" - I don't understand you. Object `thread_info` contains the state of the thread is located in the kernel space, which is avaiable by the kernel code but not by the user one. Not sure what do you mean by "another memory space". In the kernel code there is macro `current` which contains pointer to `task_struct` object for current thread. The field `thread_info` of that object is a `thread_info` object. – Tsyvarev Apr 04 '19 at 16:13
  • Thanks. Is there a way to know the address memory of task_struct even if i cannot read it from userspace. I just want to know the address. – Bob5421 Apr 04 '19 at 16:16
  • "Is there a way to know the address memory of task_struct" - I don't know. Probably, this address is stored in the register, but it is unlikely that user code may access it. You may write the kernel module which reports that address to the user. – Tsyvarev Apr 04 '19 at 16:26

1 Answers1

0

The thread_info struct is for use by the kernel, not the process. Its pointers will be physical addresses, not virtual. As a result, you won't be able to dereference them from a user-space program.

Sneftel
  • 40,271
  • 12
  • 71
  • 104