Syscalls and privilege levels

[mr. x]

Hello.
I'm wondering, how are these syscalls working?
The only way for a user app to communicate with the kernel is through software interrupts.

Second, privilege levels. How do I set which level I want? How do I disable things like hlt?

[Pype.Clicker]

things like 'hlt' and 'cli' are automatically disabled at level>0.
You can 'select' the required PL by entering a code segment that has that PL in its descriptor.

In order to go to a more-priviledged segment, you need either to call an INT nn or to use a Call Gate ... to go to a less-priviledged segment, you need to fake a 'return' from one of the latter events ...

[Candy]

Hello.
I'm wondering, how are these syscalls working?
The only way for a user app to communicate with the kernel is through software interrupts.

On newer processors, try searching for SYSENTER / SYSCALL in the manuals. Allows fast calls within a certain environment.

[mr. x]

I've seen that I need a TSS to have two PL stacks, kernel stack and user stack.
I can't find any information about how to set a TSS up, does someone have a link to any?
A link to a page describing callgates would be nice too.

[Candy]

I've seen that I need a TSS to have two PL stacks, kernel stack and user stack.
I can't find any information about how to set a TSS up, does someone have a link to any?
A link to a page describing callgates would be nice too.

Intel Manuals, AMD Manuals both describe this. Look for "Hardware task switching" or "TSS" or under "LTR" for references.

[ineo]

I've read the intel docs about SYSENTER/SYSEXIT, but I can't figure how to define entry points. Do you have any experience of it ? How should I do it ? Do I have to use some kind of library that will be loaded at a given place ?
Furthermore do you know if it is easy to port to non-x86 architecture (I didn't find something similar on the ultrasparc, however I'm no expert) ?

[Candy]

I've read the intel docs about SYSENTER/SYSEXIT, but I can't figure how to define entry points. Do you have any experience of it ? How should I do it ? Do I have to use some kind of library that will be loaded at a given place ?

Unfortunately my TRAMP-module is in the fridge (it's not being worked on) so I can't say I have experience with it. The docs say though that you can use RDMSR and WRMSR on the three registers that it uses to define the segments and both the EIP and ESP entry values. You can try to run this on bochs, but as I've tried PAE (which is just as supported officially) I can tell you that there's a damn high chance that it still doesn't work. Real CPU's should work though.