purpose of pspSdkSetK1

sauron_le_noir · Post by **sauron_le_noir** » Mon Nov 17, 2008 8:04 am

What does exactly do the function pspSdkSetK1(0).
You must use it before a a kernel module can access a variable created in a user prx
but what doest it do exactly? In the documenation of the mips processor $k0-$k1, are reserved for the operating system. Is this a kind of trunk ?

blu_eye4 · Post by **blu_eye4** » Mon Nov 17, 2008 8:16 am

Hi :)

I read in the web that it must be used to disable some protection: when you set this value to 0, the system think that you're calling from kernel thread. ab5000 is the person who said this thing, i've merely posted... excuse me ab5000...

sauron, can it be usefull? excuse me for my bad english.... :(

sauron_le_noir · Post by **sauron_le_noir** » Mon Nov 17, 2008 8:27 am

Can you provide the url where you've find this thx a lot

hibbyware · Post by **hibbyware** » Mon Nov 17, 2008 8:52 am

Remember the notes added to header files are always worth checking,

Copied from pspsdk.h

Code: Select all

/**
 * Set the processors K1 register to a known value
 *
 * @note This function is for use in kernel mode syscall exports. The kernel
 * sets the k1 register to indicate what mode called the function, i.e. 
 * whether it was directly called, was called via a syscall from a kernel
 * thread or called via a syscall from a user thread. By setting k1 to 0
 * before doing anything in your code you can make the other functions think
 * you are calling from a kernel thread and therefore disable numerous 
 * protections.
 *
 * @param k1 - The k1 value to set
 * 
 * @return The previous value of k1
 */
unsigned int pspSdkSetK1&#40;unsigned int k1&#41;;

/**
 * Get the current value of the processors K1 register
 *
 * @return The current value of K1
 */
unsigned int pspSdkGetK1&#40;void&#41;;

sauron_le_noir · Post by **sauron_le_noir** » Mon Nov 17, 2008 9:00 am

Yes indeed i was searching on the web the documentation and it was on my pc
big excuse for this but this give not all the responses that i want

you've tweaking the OS of sony when you set K1 to 0 so you bypass some protection

But why when passing a variable from a user.prx to a kernel.prx must i set K1 to 0
and back from the origniall value when i leave the kernel.prx.

Does the functions of the libc when they pass back some result from the kernel.prx
to the user.prx aware of this and doing some voodoo stuf with the pointers?

Torch · Post by **Torch** » Tue Nov 18, 2008 12:45 am

its mainly used when hooking kernel to user exports. by default it will be set for 'user' because the calling function is user. if you want to get more privileges in your hooked fn then set to 0.

sauron_le_noir · Post by **sauron_le_noir** » Tue Nov 18, 2008 3:27 am

Ok it's just use in syscall nothing todo with memory protection
If i use the SysMemForKernel_536AD5E1 in my kernel prx
i've got a pointer to the the root of the UID tree
can i pass unmodified this pointer to my userprx and walk trought
the list in my userprx ? that's then reason whu i asking what positioning k1 to 0 means exactly

ne0h · Post by **ne0h** » Tue Nov 18, 2008 5:09 am

Doesn't understan very well, but probably you need to "normalize" the address when return the var to get a user address...
Take a look here: http://forums.ps2dev.org/viewtopic.php?t=11255

Torch · Post by **Torch** » Tue Nov 18, 2008 6:52 pm

sauron_le_noir wrote:Ok it's just use in syscall nothing todo with memory protection
If i use the SysMemForKernel_536AD5E1 in my kernel prx
i've got a pointer to the the root of the UID tree
can i pass unmodified this pointer to my userprx and walk trought
the list in my userprx ? that's then reason whu i asking what positioning k1 to 0 means exactly

No I don't believe you can access the pointer to kernel memory space from a user prx directly.

By setting k1 it removes protections like not allowing to read flash0: files from user mode.

hlide · Post by **hlide** » Tue Nov 18, 2008 11:37 pm

technically, $k1 is used a flag. No hardware involved. We could use instead a memory placeholder (a global variable), it would be the same. They use this register as it cannot be used by gcc (unless you really want to mess with firmware) and is fast to write/read. There is no hardware memory proctection envolved.

Personnally, I find it that Sony was lame to use such a register for this purpose. They could have used a COP0 control register (cfc0/ctc0 insns) for that.

Apparently $k0 would be used as a KTLS register : kernel thread local storage.

NoEffex · Post by **NoEffex** » Thu Nov 27, 2008 4:22 pm

So, with that theory, is it not possible to call from like something like game data within a kernel prx? (From my experiences) it straight up locks up if you try to call to like game data.