Creating User Mode on Type-1 Hypervisor

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
valdect
Posts: 6
Joined: Fri Jul 09, 2021 12:58 pm

Creating User Mode on Type-1 Hypervisor

Post by valdect »

Hello there,
I'm trying to make a guest OS that can run on an existing type-1 hypervisor. I have reviewed many documents, but I could not come to any conclusion, so I wanted to ask here. The codes I wrote work on Ring 1. First of all, I made the GDT settings for the user code. Then I try to jump in ring 3 using iret, but I keep getting General Protection error.

Code: Select all

    my_gdt_table[us_cs].limitLow = 0xbfff;
    my_gdt_table[us_cs].baseLow = 0x0;     
    my_gdt_table[us_cs].baseMed = 0x0;    
    my_gdt_table[us_cs].access = 0xFA;     
    my_gdt_table[us_cs].limitHigh = 0xf;  
    my_gdt_table[us_cs].granularity = 0xc; 
    my_gdt_table[us_cs].baseHigh = 0x0;    

    my_gdt_table[us_ds].limitLow = 0xbfff;
    my_gdt_table[us_ds].baseLow = 0x0;
    my_gdt_table[us_ds].baseMed = 0x0;
    my_gdt_table[us_ds].access = 0xF2;
    my_gdt_table[us_ds].limitHigh = 0xf;
    my_gdt_table[us_ds].granularity = 0xc;
    my_gdt_table[us_ds].baseHigh = 0x0;


    update_hypercall(UPDATE_GDT, 0x3, &my_gdt_table[us_cs]); // 0x18
    update_hypercall(UPDATE_GDT, 0x4, &my_gdt_table[us_ds]); // 0x20
This is the function for jumping user level code.

Code: Select all

void jump_user(){
disable_cli_hypercall();
asm volatile("\
     mov $0x23, %ax; \
     mov %ax, %ds; \
     mov %ax, %es; \
     mov %ax, %fs; \
     mov %ax, %gs; \
     mov %esp, %eax; \
     pushl $0x23; \
     pushl %eax; \
     pushf; \
     pushl $0x1B; \
     push $1f; \
     iret; \n \
1:   \n \
     jmp 1; \
");
}
I couldn't understand if I am getting an error due to virtualization or if I have a more basic problem. I'll be happy if you can help.
Last edited by valdect on Tue Jul 13, 2021 3:28 am, edited 1 time in total.
Octocontrabass
Member
Member
Posts: 5568
Joined: Mon Mar 25, 2013 7:01 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by Octocontrabass »

valdect wrote:I'm trying to make a guest OS that can run on an existing type-1 hypervisor.
Which one?
valdect wrote:

Code: Select all

    my_gdt_table[us_cs].limitLow = 0xbfff;
How do you define my_gdt_table, us_cs, and us_ds? What are the values of us_cs and us_ds?
valdect
Posts: 6
Joined: Fri Jul 09, 2021 12:58 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by valdect »

Thanks for your reply, I'm trying to make Guest OS. Kernel code segment and data segment for Guest OS is already defined by hypervisor. They're placed in first and second entry of the GDT. With update_hypercall I can add GDT entries to table. So I'm adding 3rd and 4th entries of GDT with user_cs and user_ds.

Code: Select all

 
typedef struct
{
    xm_u32_t limitLow : 16, 
        baseLow : 16,       
        baseMed : 8,    
        access : 8,   
        limitHigh : 4,      
        granularity : 4,  
        baseHigh : 8;  
} desc_t;

desc_t my_gdt_table[2];
 
#define us_cs (0)
#define us_ds (1)

Octocontrabass
Member
Member
Posts: 5568
Joined: Mon Mar 25, 2013 7:01 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by Octocontrabass »

valdect wrote:I'm trying to make Guest OS.
I can see that. Which hypervisor?
valdect wrote:

Code: Select all

typedef struct
Bit fields are defined by the ABI. Are you sure your compiler will put these in the correct order?
valdect
Posts: 6
Joined: Fri Jul 09, 2021 12:58 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by valdect »

I'm using xtratum as hypervisor which is open source and I'm pretty sure about order because when I debug over Qemu I can see same entries in the table (on hypervisor side).
valdect
Posts: 6
Joined: Fri Jul 09, 2021 12:58 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by valdect »

Now I'm getting different error. When I'm debugging with GDB I can go over from IRET. This is my objdump output:

Code: Select all

 2000063:	68 69 00 00 02       	push   $0x2000069
 2000068:	cf                   	iret   
 2000069:	66 b8 ee 0b          	mov    $0xbee,%ax
 200006d:	e9 8f ff ff fd       	jmp    1 <vector-0xff>
 2000072:	c7 44 24 04 0e 00 00 	movl   $0xe,0x4(%esp)
GDB output.

Code: Select all

0x02000068 in switch_to_user_mode () at partition.c:82
82	   asm volatile("  \
-exec stepi
0x02000069 in switch_to_user_mode () at partition.c:82
82	   asm volatile("  \
-exec stepi
0xfc10882e in ?? ()
So in here I can go over from iret. Also, when I look the register values I can see cs is changed in a correct way. But after there is problem with SP I think.

Code: Select all

System PANIC [0xfc1b63d4:id(0)]:
[__FixStackPc] SS:ESP (0x0:0x0) invalid
[HM:236418] event 3: sys 0: Id 0
0x0 0x0 0x0
0x0 0x0
Octocontrabass
Member
Member
Posts: 5568
Joined: Mon Mar 25, 2013 7:01 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by Octocontrabass »

valdect wrote:

Code: Select all

 200006d:	e9 8f ff ff fd       	jmp    1 <vector-0xff>
Are you sure that's the right address? It kinda looks like a typo. Actually, hold on...
valdect wrote:

Code: Select all

1:   \n \
     jmp 1; \
Isn't that supposed to be "jmp 1b"?
valdect
Posts: 6
Joined: Fri Jul 09, 2021 12:58 pm

Re: Creating User Mode on Paravirtualized Hypervisor

Post by valdect »

Thanks for your response. I, also replaced loop with simple mov operation but I doesn't change anything,
Isn't that supposed to be "jmp 1b"?
I got same result.

Code: Select all

 
2000061:	cf                   	iret   
2000062:	eb fe                	jmp    2000062 <switch_to_user_mode+0x22>
2000064:	c7 44 24 04 0e 00 00 	movl   $0xe,0x4(%esp)

Code: Select all

0x02000062 in switch_to_user_mode () at partition.c:82
82	   asm volatile("  \
-exec stepi
0xfc10882e in ?? ()
-exec stepi
I also saw a post about
[__FixStackPc] SS:ESP (0x0:0x0) invalid
It looks like a same issue but I couldn't figure out: viewtopic.php?f=1&t=24148
Post Reply