Someone knows if it's possible to do a kernel-to-user jump?
Something like this:
Code: Select all
/* Simple user mode function */
int userF() {
return 0;
}Thanks.
Bye,
ab5000.
Kernel to user jump?
Kernel to user jump?
Hi.
Someone knows if it's possible to do a kernel-to-user jump?
Something like this:
can i jump to userF from a kernel module? If yes, it's just a simple jump or a more complicated thing? userF gets executed as user or kernel? (i'll aspect it to be executed as kernel, because when userF returns the context cannot be switched from user to kernel with a jump like "jump to $ra", only with syscalls)
Thanks.
Bye,
ab5000.
Someone knows if it's possible to do a kernel-to-user jump?
Something like this:
Thanks.
Bye,
ab5000.
Code: Select all
%:include<stdio.h>
int _(int __,int ___,int ____,int _____)
<%for(;____<___;_____=_____*__,____++);
return _____;%>main()<%printf
("%d\n",_(2,5,0,1));%>-
Bubbletune
- Posts: 22
- Joined: Sat Jan 03, 2009 6:51 am
Thanks! :)Bubbletune wrote:Yes, you can, using a simple jump, but it'll be executed in kernel mode.
Code: Select all
%:include<stdio.h>
int _(int __,int ___,int ____,int _____)
<%for(;____<___;_____=_____*__,____++);
return _____;%>main()<%printf
("%d\n",_(2,5,0,1));%>When you execute user functions from kernel mode, you need to set k1:
Code: Select all
unsigned int k1;
k1 = pspSdkSetK1(0);
function(args);
pspSdkSetK1(k1);
-
Bubbletune
- Posts: 22
- Joined: Sat Jan 03, 2009 6:51 am
No, you don't. That's when you hooked a system call and want to make it seem like you're coming from kernel mode.J.F. wrote:When you execute user functions from kernel mode, you need to set k1:
Code: Select all
unsigned int k1; k1 = pspSdkSetK1(0); function(args); pspSdkSetK1(k1);
Yes, you do. Look at the MediaEnginePRX... you're calling user functions from kernel mode because the ME only runs in kernel mode at the moment. You HAVE to set k1 or the whole thing bombs out. There are other examples. But it has NOTHING at all to do with hooks, system or otherwise.Bubbletune wrote:No, you don't. That's when you hooked a system call and want to make it seem like you're coming from kernel mode.J.F. wrote:When you execute user functions from kernel mode, you need to set k1:
Code: Select all
unsigned int k1; k1 = pspSdkSetK1(0); function(args); pspSdkSetK1(k1);
-
Bubbletune
- Posts: 22
- Joined: Sat Jan 03, 2009 6:51 am
I guess I didn't phrase it correctly when I said hooks, but I keep up the fact that it's to make it look like you're coming from a kernel function as opposed to a syscall. I just downloaded the MediaEnginePRX and I don't see a single call to a user mode function from kernel mode in there.J.F. wrote:Yes, you do. Look at the MediaEnginePRX... you're calling user functions from kernel mode because the ME only runs in kernel mode at the moment. You HAVE to set k1 or the whole thing bombs out. There are other examples. But it has NOTHING at all to do with hooks, system or otherwise.Bubbletune wrote:No, you don't. That's when you hooked a system call and want to make it seem like you're coming from kernel mode.J.F. wrote:When you execute user functions from kernel mode, you need to set k1:
Code: Select all
unsigned int k1; k1 = pspSdkSetK1(0); function(args); pspSdkSetK1(k1);
Other way around, calling kernel functions from user mode SOMETIMES requires $k1 changing. It's a way the kernel can check for usermode calls and escalate to allow kernel mode argument passing later in the function. There is a lot more behind the scenes though with the syscall exception obviously though.J.F. wrote:When you execute user functions from kernel mode, you need to set k1:
Code: Select all
unsigned int k1; k1 = pspSdkSetK1(0); function(args); pspSdkSetK1(k1);
In kernel mode $k1 is 0, so setting it to 0 is pointless.
Looks like you got the two mixed around =/
To call from kernel to user you either OR the address with 0x80000000 or you create a user mode thread. Depending on the circumstances, a usermode thread may be more suitable.
Look at the kernel mode PRX example thread for details, but when you call a user function from kernel mode, you set k1. It's in every example of kernel mode prx's there are... it's in every kernel mode prx you'll find. Look at cooleye's kernel prx to set the sample rate... or the kernel prx to get the HOME button... or the MediaEnginePRX. We didn't just make this up to laugh at people - if you don't set k1, it DOESN'T WORK.
@Bubbletune: The call is in the loop.
Specifically
Those functions passed in are to user functions in the program.
@Bubbletune: The call is in the loop.
Code: Select all
static void me_loop(volatile struct me_struct *mei)
{
unsigned int k1;
k1 = pspSdkSetK1(0);
while (mei->init) // ME runs this loop until killed
{
while (mei->start == 0); // wait for function
mei->start = 0;
if (mei->precache_len)
{
if (mei->precache_len < 0)
dcache_inv_all();
else
dcache_inv_range(mei->precache_addr, mei->precache_len);
}
mei->result = mei->func(mei->param); // run function
if (mei->postcache_len)
{
if (mei->postcache_len < 0)
dcache_wbinv_all();
else
dcache_wbinv_range(mei->postcache_addr, mei->postcache_len);
}
mei->done = 1;
}
pspSdkSetK1(k1);
while (1); // loop forever until ME reset
}Code: Select all
mei->result = mei->func(mei->param); // run functionCode: Select all
%:include<stdio.h>
int _(int __,int ___,int ____,int _____)
<%for(;____<___;_____=_____*__,____++);
return _____;%>main()<%printf
("%d\n",_(2,5,0,1));%>Code: Select all
main()<%printf("32\n");%>right xDhlide wrote:Code: Select all
%:include<stdio.h> int _(int __,int ___,int ____,int _____) <%for(;____<___;_____=_____*__,____++); return _____;%>main()<%printf ("%d\n",_(2,5,0,1));%>:PCode: Select all
main()<%printf("32\n");%>
Code: Select all
%:include<stdio.h>
int _(int __,int ___,int ____,int _____)
<%for(;____<___;_____=_____*__,____++);
return _____;%>main()<%printf
("%d\n",_(2,5,0,1));%>