1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#include <stdint.h>
#include <stdio.h>
// Reads GS segment base address (backed by IA32_GS_BASE msr).
//
// Instruction must be supported. Can be checked as
// cpuid(0x7).ebx & 1 == 1
//
// In case the instruction is not available, the base address can be
// read with the following syscall.
// uint64_t addr;
// arch_prctl(ARCH_GET_GS, &addr)
static inline uint64_t rdgsbase() {
uint64_t gs;
asm volatile("rdgsbase %0" : "=r"(gs));
return gs;
}
// Write GS segment base address (backed by IA32_GS_BASE msr).
//
// Instruction must be supported. Can be checked as
// cpuid(0x7).ebx & 1 == 1
//
// In case the instruction is not available, the base address can be
// set with the following syscall.
// arch_prctl(ARCH_GET_GS, addr)
static inline void wrgsbase(uint64_t* gs) {
asm volatile("wrgsbase %0" ::"r"(gs));
}
// Read u32 from off relative to GS segment.
static inline uint32_t rdgs32(int64_t off) {
uint32_t ret;
asm volatile("mov %%gs:%1, %0" : "=r"(ret) : "m"(*(uint64_t*)off));
return ret;
}
// Read u64 from off relative to GS segment.
static inline uint64_t rdgs64(int64_t off) {
uint64_t ret;
asm volatile("mov %%gs:%1, %0" : "=r"(ret) : "m"(*(uint64_t*)off));
return ret;
}
// Write u32 to off relative to GS segment.
static inline void wrgs32(int64_t off, uint32_t val) {
asm volatile("mov %1, %%gs:%0" ::"m"(*(uint64_t*)off), "r"(val));
}
int main() {
printf("gsbase=%016lx\n", rdgsbase());
uint64_t VALS[] = {
0xa7a6a5a4a3a2a1a0,
0xb7b6b5b4b3b2b1b0,
};
// Setup GS segment base address.
wrgsbase(VALS);
printf("gsbase=%016lx | &VALS=%p\n", rdgsbase(), VALS);
// Read values relative to GS segment.
int64_t off[] = {0, 8, 4, 1};
for (int64_t i = 0; i < 4; ++i) {
printf("64: gs:%ld=%016lx\n", off[i], rdgs64(off[i]));
printf("32: gs:%ld=%016lx\n", off[i], rdgs32(off[i]));
}
// Write value relative to GS segment.
wrgs32(4, 0xddccbbaa);
printf("64: gs:%ld=%016lx\n", 0, rdgs64(0));
// Reset GS segment base address.
wrgsbase(0);
}
|
