Hello everyone,
I am stuck at one point because of lack of understanding in Genode, Actually I want to execute some assembly instruction in privileged mode in base-hw kernel from a user script.
So I need to know, How will I add a kernel module which will execute assembly instruction and how can I call this module from the user space.
And if there is already any such modules exist in Genode that will really help me to understand the flow mechanism, Let me know.
Cheers Franc
Hi Franc,
The easiest way to trigger privileged code from userland is by adding a new syscall to the base-hw kernel. To achieve this, you first have to adapt the kernel-interface description. Let me give you some background for this. There are two types of syscalls, public syscalls that can be called by everyone and core syscalls that can be called only by Genodes core process. For optimization purpose, the kernel expects the IDs of the syscalls to be this way:
public syscalls: 0, 1, ..., x core syscalls: x+1, x+2, x+y
So if you want to add a public syscall in base-hw/include/kernel/interface.h, you should always use the call ID that is one higher than the current maximum in this file. Additionally, you must increase all core-syscall IDs in base-hw/src/core/include/kernel/core_interface.h by one.
After that, you can implement the syscall back-end by adding a new method 'void Thread::_call_xxx()' in base-hw/src/core/kernel/thread.cc and adapting the 'void Thread::_call()' method in the same file accordingly. In this file you also find the implementation of all the other syscalls. They may serve you as inspiration on how to pass arguments and return values.
If you have further questions, please don't hesitate to ask ;)
Cheers, Martin
On 19.01.2015 11:04, Franc sylvester wrote:
Hello everyone,
I am stuck at one point because of lack of understanding in Genode, Actually I want to execute some assembly instruction in privileged mode in base-hw kernel from a user script.
So I need to know, How will I add a kernel module which will execute assembly instruction and how can I call this module from the user space.
And if there is already any such modules exist in Genode that will really help me to understand the flow mechanism, Let me know.
Cheers Franc
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hello Franc,
On Mon, Jan 19, 2015 at 03:34:06PM +0530, Franc sylvester wrote:
I am stuck at one point because of lack of understanding in Genode, Actually I want to execute some assembly instruction in privileged mode in base-hw kernel from a user script.
So I need to know, How will I add a kernel module which will execute assembly instruction and how can I call this module from the user space.
And if there is already any such modules exist in Genode that will really help me to understand the flow mechanism, Let me know.
The answer to your question heavily depends on the task you address.
From my point of view, it's better to stay away from any "general"
solution to load code into the kernel resp. execute arbitrary instructions in kernel mode. At last, base-hw is a microkernel and should stay that way.
To give an example, we extended base-hw for USB SOF interrupt filtering for the Raspberry Pi last autumn to highly reduce the impact on the system load. Therefore, we implemented a special case in the interrupt handling code
https://github.com/genodelabs/genode/commit/58a1e42201d2ad26eb1eee398fbf7926...
The feature does not affect the kernel integrity as it just moves one single aspect of the driver into the kernel: Filter high-frequency interrupts that do not have to be handled in user mode. The kernel interrupt handler drops all incoming interrupts of the DWC device while the incoming frame number is smaller than the frame number scheduled by the user-level device driver.
Could you provide us with more information about what you like to achieve? Is it really necessary to add a new system call? Would it be feasible to introduce an abstraction that solves the issue?
Regards
Hello Christian,
Thanks a lot for your reply. Essentially I want to demonstrate following TrustZone scenario over the imx53 QSB board.
Now, I want to switch the control from Normal world OS (Genode) back to the Secure world OS (Genode) by triggering(running a particular script in Normal world). So what could be the right approach to achieve this objective ?
To switch to the secure world you can trigger a 'smc' assembler instruction, which will end up as a hypercall in the VMM. The 'smc' instruction needs to be executed in privileged mode (pl1 or higher). Therefore, if you want to trigger it via a script from userland, you need to create some kernel module first that executes the 'smc'
instruction.
Regards Stefan
From the above discussion as much i understood, It requires to add a kernel
module which will execute smc instruction and next it should be triggered via a script from userland.
Regards, Franc
On Mon, Jan 19, 2015 at 4:18 PM, Christian Helmuth < christian.helmuth@...1...> wrote:
Hello Franc,
On Mon, Jan 19, 2015 at 03:34:06PM +0530, Franc sylvester wrote:
I am stuck at one point because of lack of understanding in Genode, Actually I want to execute some assembly instruction in privileged mode
in
base-hw kernel from a user script.
So I need to know, How will I add a kernel module which will execute assembly instruction and how can I call this module from the user space.
And if there is already any such modules exist in Genode that will really help me to understand the flow mechanism, Let me know.
The answer to your question heavily depends on the task you address. From my point of view, it's better to stay away from any "general" solution to load code into the kernel resp. execute arbitrary instructions in kernel mode. At last, base-hw is a microkernel and should stay that way.
To give an example, we extended base-hw for USB SOF interrupt filtering for the Raspberry Pi last autumn to highly reduce the impact on the system load. Therefore, we implemented a special case in the interrupt handling code
https://github.com/genodelabs/genode/commit/58a1e42201d2ad26eb1eee398fbf7926...
The feature does not affect the kernel integrity as it just moves one single aspect of the driver into the kernel: Filter high-frequency interrupts that do not have to be handled in user mode. The kernel interrupt handler drops all incoming interrupts of the DWC device while the incoming frame number is smaller than the frame number scheduled by the user-level device driver.
Could you provide us with more information about what you like to achieve? Is it really necessary to add a new system call? Would it be feasible to introduce an abstraction that solves the issue?
Regards
Christian Helmuth Genode Labs
http://www.genode-labs.com/ · http://genode.org/ https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hello Franc
On 01/19/2015 08:21 PM, Franc sylvester wrote:
Hello Christian,
Thanks a lot for your reply. Essentially I want to demonstrate following TrustZone scenario over the imx53 QSB board.
Now, I want to switch the control from Normal world OS (Genode) back to the Secure world OS (Genode) by triggering(running a particular script in Normal world). So what could be the right approach to achieve this objective ?
To switch to the secure world you can trigger a 'smc' assembler instruction, which will end up as a hypercall in the VMM. The 'smc' instruction needs to be executed in privileged mode (pl1 or higher). Therefore, if you want to trigger it via a script from userland, you need to create some kernel module first that executes the 'smc' instruction.
Regards Stefan
From the above discussion as much i understood, It requires to add a kernel module which will execute smc instruction and next it should be triggered via a script from userland.
Originally when giving above explanation, I implicitly assumed you want to run a Linux guest in the normal world. That's why I've talked about a "kernel module". If you really want to run Genode in the normal world as well as within the secure world, although I can't see a good reason for this, it is best to offer a new service for doing hypercalls within the core process. The core process itself can use a core-privileged syscall to the kernel, which triggers the actual world switch via a 'smc' instruction. The advantage of offering an explicit service for doing hypercalls is that you can use the normal policy mechanisms of Genode to restrict hypercall usage by userland components.
Just out of curiosity, can you explain why you want to run Genode beside Genode in both TrustZone worlds?
Best Regards Stefan
Regards, Franc
On Mon, Jan 19, 2015 at 4:18 PM, Christian Helmuth <christian.helmuth@...1... mailto:christian.helmuth@...1...> wrote:
Hello Franc, On Mon, Jan 19, 2015 at 03:34:06PM +0530, Franc sylvester wrote: > I am stuck at one point because of lack of understanding in Genode, > Actually I want to execute some assembly instruction in privileged mode in > base-hw kernel from a user script. > > So I need to know, How will I add a kernel module which will execute > assembly instruction and how can I call this module from the user space. > > And if there is already any such modules exist in Genode that will really > help me to understand the flow mechanism, Let me know. The answer to your question heavily depends on the task you address. >From my point of view, it's better to stay away from any "general" solution to load code into the kernel resp. execute arbitrary instructions in kernel mode. At last, base-hw is a microkernel and should stay that way. To give an example, we extended base-hw for USB SOF interrupt filtering for the Raspberry Pi last autumn to highly reduce the impact on the system load. Therefore, we implemented a special case in the interrupt handling code https://github.com/genodelabs/genode/commit/58a1e42201d2ad26eb1eee398fbf792683925bd8 The feature does not affect the kernel integrity as it just moves one single aspect of the driver into the kernel: Filter high-frequency interrupts that do not have to be handled in user mode. The kernel interrupt handler drops all incoming interrupts of the DWC device while the incoming frame number is smaller than the frame number scheduled by the user-level device driver. Could you provide us with more information about what you like to achieve? Is it really necessary to add a new system call? Would it be feasible to introduce an abstraction that solves the issue? Regards -- Christian Helmuth Genode Labs http://www.genode-labs.com/ · http://genode.org/ https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/ Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net <mailto:genode-main@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/genode-main
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hello Stefan,
yes, you are correct the ultimate Goal is to run linux and Anroid on the top of Genode. The purpose of running Genode beside Genode is just learning and having a good understanding in Genode with the a TrustZone ready prototype.
Regards, Franc
On Tue, Jan 20, 2015 at 12:58 PM, Stefan Kalkowski < stefan.kalkowski@...1...> wrote:
Hello Franc
On 01/19/2015 08:21 PM, Franc sylvester wrote:
Hello Christian,
Thanks a lot for your reply. Essentially I want to demonstrate following TrustZone scenario over the imx53 QSB board.
Now, I want to switch the control from Normal world OS (Genode) back to the Secure world OS (Genode) by triggering(running a particular script in Normal world). So what could be the right approach to achieve this objective ?
To switch to the secure world you can trigger a 'smc' assembler instruction, which will end up as a hypercall in the VMM. The 'smc' instruction needs to be executed in privileged mode (pl1 or higher). Therefore, if you want to trigger it via a script from userland, you need to create some kernel module first that executes the 'smc'
instruction.
Regards Stefan
From the above discussion as much i understood, It requires to add a kernel module which will execute smc instruction and next it should be triggered via a script from userland.
Originally when giving above explanation, I implicitly assumed you want to run a Linux guest in the normal world. That's why I've talked about a "kernel module". If you really want to run Genode in the normal world as well as within the secure world, although I can't see a good reason for this, it is best to offer a new service for doing hypercalls within the core process. The core process itself can use a core-privileged syscall to the kernel, which triggers the actual world switch via a 'smc' instruction. The advantage of offering an explicit service for doing hypercalls is that you can use the normal policy mechanisms of Genode to restrict hypercall usage by userland components.
Just out of curiosity, can you explain why you want to run Genode beside Genode in both TrustZone worlds?
Best Regards Stefan
Regards, Franc
On Mon, Jan 19, 2015 at 4:18 PM, Christian Helmuth <christian.helmuth@...1... mailto:christian.helmuth@...1...> wrote:
Hello Franc, On Mon, Jan 19, 2015 at 03:34:06PM +0530, Franc sylvester wrote: > I am stuck at one point because of lack of understanding in Genode, > Actually I want to execute some assembly instruction in privileged mode in > base-hw kernel from a user script. > > So I need to know, How will I add a kernel module which willexecute
> assembly instruction and how can I call this module from the user space. > > And if there is already any such modules exist in Genode that will really > help me to understand the flow mechanism, Let me know. The answer to your question heavily depends on the task you address. >From my point of view, it's better to stay away from any "general" solution to load code into the kernel resp. execute arbitrary instructions in kernel mode. At last, base-hw is a microkernel and should stay that way. To give an example, we extended base-hw for USB SOF interrupt filtering for the Raspberry Pi last autumn to highly reduce theimpact
on the system load. Therefore, we implemented a special case in the interrupt handling codehttps://github.com/genodelabs/genode/commit/58a1e42201d2ad26eb1eee398fbf7926...
The feature does not affect the kernel integrity as it just moves one single aspect of the driver into the kernel: Filter high-frequency interrupts that do not have to be handled in user mode. The kernel interrupt handler drops all incoming interrupts of the DWC device while the incoming frame number is smaller than the frame number scheduled by the user-level device driver. Could you provide us with more information about what you like to achieve? Is it really necessary to add a new system call? Would it be feasible to introduce an abstraction that solves the issue? Regards -- Christian Helmuth Genode Labs http://www.genode-labs.com/ · http://genode.org/ https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/ Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completelycompliant.
http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net <mailto:genode-main@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/genode-main
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
-- Stefan Kalkowski Genode Labs
http://www.genode-labs.com/ · http://genode.org/
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hello Martin,
I used this explanation to write a system call but i am not able to get user argument value inside the system call. Can you provide some more information to get argument value inside the system call.
Thanks in advance, Cheers, Franc
On Mon, Jan 19, 2015 at 4:05 PM, Martin Stein <martin.stein@...1...> wrote:
Hi Franc,
The easiest way to trigger privileged code from userland is by adding a new syscall to the base-hw kernel. To achieve this, you first have to adapt the kernel-interface description. Let me give you some background for this. There are two types of syscalls, public syscalls that can be called by everyone and core syscalls that can be called only by Genodes core process. For optimization purpose, the kernel expects the IDs of the syscalls to be this way:
public syscalls: 0, 1, ..., x core syscalls: x+1, x+2, x+y
So if you want to add a public syscall in base-hw/include/kernel/interface.h, you should always use the call ID that is one higher than the current maximum in this file. Additionally, you must increase all core-syscall IDs in base-hw/src/core/include/kernel/core_interface.h by one.
After that, you can implement the syscall back-end by adding a new method 'void Thread::_call_xxx()' in base-hw/src/core/kernel/thread.cc and adapting the 'void Thread::_call()' method in the same file accordingly. In this file you also find the implementation of all the other syscalls. They may serve you as inspiration on how to pass arguments and return values.
If you have further questions, please don't hesitate to ask ;)
Cheers, Martin
On 19.01.2015 11:04, Franc sylvester wrote:
Hello everyone,
I am stuck at one point because of lack of understanding in Genode, Actually I want to execute some assembly instruction in privileged mode in base-hw kernel from a user script.
So I need to know, How will I add a kernel module which will execute assembly instruction and how can I call this module from the user space.
And if there is already any such modules exist in Genode that will really help me to understand the flow mechanism, Let me know.
Cheers Franc
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant.http://p.sf.net/sfu/gigenet
genode-main mailing listgenode-main@...220...://lists.sourceforge.net/lists/listinfo/genode-main
New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi Franc,
On 16.04.2015 12:01, Franc sylvester wrote:
I used this explanation to write a system call but i am not able to get user argument value inside the system call. Can you provide some more information to get argument value inside the system call.
As you can see in the other system calls in [1] it should be sufficient in the userland to do:
ret = call(call_id_<NAME>(), (Call_arg)arg_0, (Call_arg)arg_1, ...);
This method can mangle up to 6 arguments into the appropriate registers (on ARM registers R0...R5, for details see [2]). In the kernel, you can then read these arguments by calling the following methods on the Kernel::Thread object of the user:
arg_0 = user_arg_0(); arg_1 = user_arg_1(); ...
To pass a return value to the user, call the following on the users Kernel::Thread object:
user_arg_0(ret);
The return value is then returned by the initially mentioned function in the userland.
Cheers, Martin
[1] base-hw/include/kernel/interface.h [2] base-hw/src/base/arm/kernel/interface.cc
Thanks Martin,
I have one more doubt regarding reading the general purpose register in Genode. I want to read the General purpose register value. Can you give me some clue on this
Regards, Franc
On Thu, Apr 16, 2015 at 5:13 PM, Martin Stein <martin.stein@...1...> wrote:
Hi Franc,
On 16.04.2015 12:01, Franc sylvester wrote:
I used this explanation to write a system call but i am not able to get user argument value inside the system call. Can you provide some more information to get argument value inside the system call.
As you can see in the other system calls in [1] it should be sufficient in the userland to do:
ret = call(call_id_<NAME>(), (Call_arg)arg_0, (Call_arg)arg_1, ...);
This method can mangle up to 6 arguments into the appropriate registers (on ARM registers R0...R5, for details see [2]). In the kernel, you can then read these arguments by calling the following methods on the Kernel::Thread object of the user:
arg_0 = user_arg_0(); arg_1 = user_arg_1(); ...
To pass a return value to the user, call the following on the users Kernel::Thread object:
user_arg_0(ret);
The return value is then returned by the initially mentioned function in the userland.
Cheers, Martin
[1] base-hw/include/kernel/interface.h [2] base-hw/src/base/arm/kernel/interface.cc
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi Franc,
On 16.04.2015 13:52, Franc sylvester wrote:
I have one more doubt regarding reading the general purpose register in Genode. I want to read the General purpose register value. Can you give me some clue on this
In which environment do you want to read whose general purpose register? Could you please give more details about your doubt?
Cheers, Martin
On Thu, Apr 16, 2015 at 5:34 PM, Martin Stein <martin.stein@...1...> wrote:
Hi Franc,
On 16.04.2015 13:52, Franc sylvester wrote:
I have one more doubt regarding reading the general purpose register in Genode. I want to read the General purpose register value. Can you give me some clue on this
In which environment do you want to read whose general purpose register? Could you please give more details about your doubt?
Currently, I am working on i.MX6 board. I just want to create a function
like dump() in tz_vmm as in another application which will print the state of the system without using vmm.
I tried to use cpu_sate.h in my application but when i tried to read the register r0 like vm_base.h it gives me the page fault error.
Cheers,
Martin
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi Franc,
On 16.04.2015 14:11, Franc sylvester wrote:
Currently, I am working on i.MX6 board. I just want to create a function like dump() in tz_vmm as in another application which will print the state of the system without using vmm.
I tried to use cpu_sate.h in my application but when i tried to read the register r0 like vm_base.h it gives me the page fault error.
Just to avoid misconceptions: The 'Vm_base' you mention above is a kernel object that stores the state of a VM subject. That said, this state information can be read-out only in the kernel and shows the state of a VM at the point in time it trapped into the kernel. It can't be read from any user application and shouldn't be read from core without special care.
Back to dump(). First of all, we need to know where exactly you are. Do you want to dump inside the kernel, core, or a user application? To determine that, it would be best if you send the source file and function you're in when calling dump().
Second, I'm not sure whose state do you want to print. If you like to, e.g., print R0 of the active CPU state, you don't have to read any state object. You can use inline assembly in this case (take care that the R0 state that you want to read isn't polluted by the compiler meanwhile). If you like to print the R0 state of any user thread from the point in time it entered the kernel lastly, you would have to be inside the kernel, lookup the appropriate 'Kernel::Thread' object, and print its member variable 'r0'.
Cheers, Martin
-
Christian Helmuth -
Franc sylvester -
Martin Stein -
Stefan Kalkowski