https://stackoverflow.com/questions/15251527
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFirst of all, you don't "supply a pointer to a kernel mode function". Kernel calls aren't simple jumps, they are either special instructions or software interrupts. Kernel function calling conventions are also different than your usual function calls.
In any event, exactly how accessing user memory from a kernel context works depends on the operating system in question. The kernel typically has a (virtual) address space of its own. This can be a completely independent address space from user process spaces (e.g. 32-bit OSX) or it can be in a special region (the high/low address split in many OSes). In the high/low model, the kernel can typically dereference pointers to user space while it is executing in the context of that process. In the general case, the kernel can explicitly look up the underlying physical memory the user virtual address refers to, and then map that into its own virtual address space.
As user space can maliciously supply bad pointers, they must never be used by the kernel without first checking for validity. This and the subsequent access must be atomic with regard to the user process's memory map, otherwise the process could munmap() the range in the time between the kernel's pointer validity check and actually reading/writing the memory. For this reason, most kernels have helper functions that are essentially a safe memcpy between user- and kernel space that is guaranteed to be safe or return an error in the case of an invalid pointer.
In any case, the kernel code has to do all of this explicitly, there is nothing "automatic" about it. Your syscall may pass through layers of abstraction that do automate this before reaching your kernel module, of course.
Update: Modern hardware supports SMAP (supervisor mode access prevention) which is designed to prevent accidental/malicious dereferencing of pointers to user address space from the kernel. Various operating systems have started enabling this feature, so in those cases you absolutely must go through the special kernel functions for accessing user memory.
