UserSpace? KernelSpace? HyperSpace? Which one?!.....

piranha · Post by **piranha** » Tue Nov 27, 2007 10:41 pm

A more clever title for this post would be Alice in Userland....but oh well....

I was browsing the Linux Kernel 0.01 sources the other day (ok ok, it was about 5 min ago) when I came across something in the init code: move_to_user_mode();
It's a #defined thingy, here is the code:

Code: Select all

#define move_to_user_mode() \
__asm__ ("movl %%esp,%%eax\n\t" \
	"pushl $0x17\n\t" \
	"pushl %%eax\n\t" \
	"pushfl\n\t" \
	"pushl $0x0f\n\t" \
	"pushl $1f\n\t" \
	"iret\n" \
	"1:\tmovl $0x17,%%eax\n\t" \
	"movw %%ax,%%ds\n\t" \
	"movw %%ax,%%es\n\t" \
	"movw %%ax,%%fs\n\t" \
	"movw %%ax,%%gs" \
	:::"ax")

Uh....Um...what?! asm is not one of my strong points (or not even one of my points)...

Apparently.......it moves in to userspace. What is that? Advantages? Is there any way to exit it?
I already looked on Wikipedia, but all it says is the differences between the two modes(usermode and kernel mode).

-JL

jnc100 · Post by **jnc100** » Wed Nov 28, 2007 1:40 am

It jumps to ring 3 by first pushing SS, ESP, EFLAGS, CS and EIP (for ring 3) then iret'ing to it. Then it sets up ring3 segment selectors for ring3. Its basically a 'jump to ring3 in-place' where esp isn't changed (its stored at the beginning to eax then pushed at the right point for iret) and eip just continues on from the end of the function (the '1:' label).

pirahna wrote:Is there any way to exit it?

Being able to leave ring 3 at will would kind of be against the point of hardware protection, wouldn't it? That's the purpose of call gates, interrupts and sysenter.

Regards,
John.