Hi,
I am looking for a tutorial that deals with switching from ring 0 to ring 3 (and back). Anybody knows if there is any tutorial like that around?
Many thanks,
Jun
Switching ring 0 <--> ring 3?
Hi,
This sort of gives me a kick to start work on the documentation for my user mode tutorial. I'll do some writing now - the link to the download of documented code (tutorial style) is here.
Cheers,
James
This sort of gives me a kick to start work on the documentation for my user mode tutorial. I'll do some writing now - the link to the download of documented code (tutorial style) is here.
Cheers,
James
Hi,
After a few hours writing, draft version is now online here. I'm not fully happy with it as yet and I will add some spit and polish to it - there are also a few errata which magically appear fixed in this tutorial but have not been backported to the old ones yet - I need to do that.
Hope it helps, do give me a shout if you have any questions!
Cheers,
James
After a few hours writing, draft version is now online here. I'm not fully happy with it as yet and I will add some spit and polish to it - there are also a few errata which magically appear fixed in this tutorial but have not been backported to the old ones yet - I need to do that.
Hope it helps, do give me a shout if you have any questions!
Cheers,
James
James, excellent tutorial!!! Seriously, have you ever considered writting a book? You have a great ability, that is explain things in easy way. Believe me, not everybody can do that!
I spot some typos in the below code (syscall_handler() function)
.....
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
" : "=a" (ret) : "r" (regs->edi), "r" (regs->esi), "r" (regs->edx), "r" (regs->ecx), "r" (regs->ebx), "r" (location));
You must intend to pop %ecx, %edx, %esi, %edi here.
Keep up the good work. Your tutorials is excellent!!!
Thanks,
Jun
I spot some typos in the below code (syscall_handler() function)
.....
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
" : "=a" (ret) : "r" (regs->edi), "r" (regs->esi), "r" (regs->edx), "r" (regs->ecx), "r" (regs->ebx), "r" (location));
You must intend to pop %ecx, %edx, %esi, %edi here.
Keep up the good work. Your tutorials is excellent!!!
Thanks,
Jun
Hi,junkoi wrote:James, excellent tutorial!!! Seriously, have you ever considered writting a book? You have a great ability, that is explain things in easy way. Believe me, not everybody can do that!
I spot some typos in the below code (syscall_handler() function)
.....
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
" : "=a" (ret) : "r" (regs->edi), "r" (regs->esi), "r" (regs->edx), "r" (regs->ecx), "r" (regs->ebx), "r" (location));
You must intend to pop %ecx, %edx, %esi, %edi here.
Keep up the good work. Your tutorials is excellent!!!
Thanks,
Jun
Thanks very much!
Actually, it doesn't matter what registers we pop to there as long as we pop to somewhere! The important thing is removing the items from the stack. Their values we no longer care about.
Cheers,
James
That is true. I missed that we have no output from the inline code, except %eax.JamesM wrote:Hi,junkoi wrote:James, excellent tutorial!!! Seriously, have you ever considered writting a book? You have a great ability, that is explain things in easy way. Believe me, not everybody can do that!
I spot some typos in the below code (syscall_handler() function)
.....
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
pop %%ebx; \
" : "=a" (ret) : "r" (regs->edi), "r" (regs->esi), "r" (regs->edx), "r" (regs->ecx), "r" (regs->ebx), "r" (location));
You must intend to pop %ecx, %edx, %esi, %edi here.
Keep up the good work. Your tutorials is excellent!!!
Thanks,
Jun
Thanks very much!
Actually, it doesn't matter what registers we pop to there as long as we pop to somewhere! The important thing is removing the items from the stack. Their values we no longer care about.
James
A question: your code switch from ring 0 to ring 3 using IRET. I wonder if Linux uses the same way to switch from ring 0 to ring 3? Maybe that is how they execute /sbin/init to give control to ring 3?
Cant wait for your next tutorials!
Thanks,
Jun
-
piranha
- Member
- Posts: 1391
- Joined: Thu Dec 21, 2006 7:42 pm
- Location: Unknown. Momentum is pretty certain, however.
- Contact:
......The init program deals with runlevels, not rings. Those are 2 completely different subjects.A question: your code switch from ring 0 to ring 3 using IRET. I wonder if Linux uses the same way to switch from ring 0 to ring 3? Maybe that is how they execute /sbin/init to give control to ring 3?
Runlevels are just what stuff is started.
-JL
SeaOS: Adding VT-x, networking, and ARM support
dbittman on IRC, @danielbittman on twitter
https://dbittman.github.io
dbittman on IRC, @danielbittman on twitter
https://dbittman.github.io
Hi,junkoi wrote: A question: your code switch from ring 0 to ring 3 using IRET. I wonder if Linux uses the same way to switch from ring 0 to ring 3? Maybe that is how they execute /sbin/init to give control to ring 3?
IRET is the only way on x86 to change to ring 3. As piranha pointed out, INIT deals with runlevels which are linux specific.
Cheers,
James
Hi,junkoi wrote:You missed my point. No, I dont mistake ring and level stuffs. My question is "Is this technique (IRET to return to ring 3 from ring 0) the way Linux gives control to /sbin/init, which is the first ring 3 process?"
Thanks,
Jun
Yes. IRET is the only method of switching from ring0 to 3 on x86.
Cheers,
James
Point taken - I've never investigated SMM etc. But I purposely avoided using sysexit as it's not available on all systems, and sysret is only on x86_64...Combuster wrote:I expected a bit better from you - there are many more alternatives. IRET is the most used one though:JamesM wrote:IRET is the only method of switching from ring0 to 3 on x86.
- IRET
- Sysret
- Sysexit
- Far jump/far call using TSS
- SMM, VM extensions, Loadall etc.
Interesting! Can you elaborate about the "Far jmp/call using TSS"?Combuster wrote:I expected a bit better from you - there are many more alternatives. IRET is the most used one though:JamesM wrote:IRET is the only method of switching from ring0 to 3 on x86.
- IRET
- Sysret
- Sysexit
- Far jump/far call using TSS
- SMM, VM extensions, Loadall etc.
Thanks,
Jun
Hi,
This is basically hardware task switching (which is covered in the Intel Manuals in some depth). You do a far jump using the TSS descriptor as your segment selector. e.g. If you jump to PMode, you probably do:
Whereas here, if the TSS is your 5th GDT entry, you do:
The offset is ignored by the CPU.
Cheers,
Adam
This is basically hardware task switching (which is covered in the Intel Manuals in some depth). You do a far jump using the TSS descriptor as your segment selector. e.g. If you jump to PMode, you probably do:
Code: Select all
jmp 0x08:PModeFunctionCode: Select all
jmp 0x28:0x00000000Cheers,
Adam