On 02/09/2012 05:32 PM, Jan Kiszka wrote:
> I mean just check kpcr.self.
Yes, clear, but that means that Windows must have initialized FS.base to
point to the KPCR also in UP mode. Is that really the case? E.g. when
ACPI is off?! I wonder if that explains the reported bug of qemu-kvm
with -no-acpi and in-kernel irqchip...
Yes, it does. It's used by some fast-path kernel APIs, and indeed the
canonical way to find the KPCR base from ring 0 is to look at FS:[1Ch].
Similarly in userspace you can find the thread information block at
FS:[sizeof(void*)*6], and FS:[1Ch] is something else. But your code
cannot be reached from userspace, so that's always fine.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
