Compartir a través de


User Mode program access kernel mode address

What happens when a user mode program access the kernel mode address. The access fault happens, let's see how does the flow go in such scenario..

Actually all pages have a protection attribute that tells whether the page is owned by kernel or user. !pte shows that as K or U flag.

Now when CPU tries to access any page, it checks what privilege level is it running into. How is that checked? That it checks using code segment registers CPL (Current Privilege level value). you can always check the Privelege level the CPU is running into from cs register.

//Cs in Kernel mode . check that p/l value is 0. That means ring 0
kd> dg cs
                                                    P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags
---- ----------------- ----------------- ---------- - -- -- -- -- --------
0010 00000000`00000000 00000000`00000000 Code RE Ac 0 Nb By P Lo 0000029b

//Cs for user mode instruction. check that p/l value is 3. That means ring 3
kd> dg cs
                                                    P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags
---- ----------------- ----------------- ---------- - -- -- -- -- --------
0033 00000000`00000000 00000000`00000000 Code RE Ac 3 Nb By P Lo 000002fb

 For any memory address access, the Pvivilege level from CS and page protection is compared and if user mode tries to access any kernel mode address, cpu traps. MMAccessFult is the trap handler for such traps.