Skip to content

Instantly share code, notes, and snippets.

@PkmX

PkmX/.foo.c

Last active December 10, 2018 18:29
Show Gist options
  • Save PkmX/10b79c9af76a2aa532a0a48d905152e1 to your computer and use it in GitHub Desktop.
Save PkmX/10b79c9af76a2aa532a0a48d905152e1 to your computer and use it in GitHub Desktop.
Download ZIP
x86_64 soft float kernel module POC
Raw
.foo.c
#include <stdint.h>
double ker(void) { return 42.0; }
// Can't link with compiler-rt because their built-ins also use SSE registers.
// A super naive double to int conversion function that only works on small positive integers.
int64_t naive_dtoi(double x) {
uint64_t u = (union { double d; uint64_t u; }) { x }.u;
return ((u & 0xfffffffffffff) | (1ULL << 52)) >> (1075 - ((u >> 52) & 0x7ff));
}
int foo(void) { return naive_dtoi(ker()); }
Raw
Makefile
obj-m += mymodule.o
mymodule-y := module.o foo.o
KDIR := /lib/modules/$(shell uname -r)/build
GENS := foo.o_shipped
all: gen
$(MAKE) -C $(KDIR) M=$(PWD) modules
clean:
$(MAKE) -C $(KDIR) M=$(PWD) clean
$(RM) $(GENS)
gen: $(GENS)
foo.o_shipped: .foo.c
clang -Wall -Wextra -pedantic -msoft-float -mno-sse -mno-red-zone $< -emit-llvm -S -o - | sed -e 's/"use-soft-float"="false"/"use-soft-float"="true"/' | llc -filetype=obj -o $@ # | clang -xir - -rtlib=compiler-rt -no-pie -nostartfiles -Wl,-r -o $@
.PHONY: all clean gen
Raw
module.c
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
int foo(void);
int init_module(void) {
printk(KERN_INFO "init_module(): %d\n", foo());
return 0;
}
void cleanup_module(void) {
printk(KERN_INFO "cleanup_module()\n");
}
MODULE_LICENSE("GPL");
MODULE_AUTHOR("PkmX");
MODULE_DESCRIPTION("Test module");
MODULE_VERSION("0.0");
Raw
zoutput.txt
$ make && sudo insmod mymodule.ko && sudo rmmod mymodule && dmesg -T | tail -n2
[Tue Dec 11 02:28:11 2018] init_module(): 42
[Tue Dec 11 02:28:11 2018] cleanup_module()
$ objdump -xd mymodule.ko
...
Disassembly of section .text:
0000000000000000 <init_module>:
0: e8 00 00 00 00 callq 5 <init_module+0x5>
1: R_X86_64_PLT32 __fentry__-0x4
5: e8 00 00 00 00 callq a <init_module+0xa>
6: R_X86_64_PLT32 foo-0x4
a: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
d: R_X86_64_32S .rodata.str1.1
11: 89 c6 mov %eax,%esi
13: e8 00 00 00 00 callq 18 <init_module+0x18>
14: R_X86_64_PLT32 printk-0x4
18: 31 c0 xor %eax,%eax
1a: c3 retq
1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000020 <ker>:
20: 55 push %rbp
21: 48 89 e5 mov %rsp,%rbp
24: 48 b8 00 00 00 00 00 movabs $0x4045000000000000,%rax
2b: 00 45 40
2e: 5d pop %rbp
2f: c3 retq
0000000000000030 <naive_dtoi>:
30: 55 push %rbp
31: 48 89 e5 mov %rsp,%rbp
34: 48 83 ec 18 sub $0x18,%rsp
38: b9 33 04 00 00 mov $0x433,%ecx
3d: 48 89 7d e8 mov %rdi,-0x18(%rbp)
41: 48 8b 45 e8 mov -0x18(%rbp),%rax
45: 48 89 45 f0 mov %rax,-0x10(%rbp)
49: 48 8b 45 f0 mov -0x10(%rbp),%rax
4d: 48 89 45 f8 mov %rax,-0x8(%rbp)
51: 48 b8 ff ff ff ff ff movabs $0xfffffffffffff,%rax
58: ff 0f 00
5b: 48 23 45 f8 and -0x8(%rbp),%rax
5f: 48 ba 00 00 00 00 00 movabs $0x10000000000000,%rdx
66: 00 10 00
69: 48 09 d0 or %rdx,%rax
6c: 48 8b 55 f8 mov -0x8(%rbp),%rdx
70: 48 c1 ea 34 shr $0x34,%rdx
74: 48 81 e2 ff 07 00 00 and $0x7ff,%rdx
7b: 48 29 d1 sub %rdx,%rcx
7e: 48 d3 e8 shr %cl,%rax
81: 48 83 c4 18 add $0x18,%rsp
85: 5d pop %rbp
86: c3 retq
87: 90 nop
88: 90 nop
89: 90 nop
8a: 90 nop
8b: 90 nop
8c: 90 nop
8d: 90 nop
8e: 90 nop
8f: 90 nop
0000000000000090 <foo>:
90: 55 push %rbp
91: 48 89 e5 mov %rsp,%rbp
94: e8 87 ff ff ff callq 20 <ker>
99: 48 89 c7 mov %rax,%rdi
9c: e8 8f ff ff ff callq 30 <naive_dtoi>
a1: 5d pop %rbp
a2: c3 retq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment