OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 2:56 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: New user-mode concept I thought of.
PostPosted: Fri Jan 27, 2017 10:00 am 
Offline
Member
Member

Joined: Fri Jun 17, 2016 11:29 pm
Posts: 58
The usual and common implementation of 'user-land' in today's kernels is(Maybe this is to- o x86 specific?):
- Create new page tables for the process.
- Load the process's memory(data, code, etc)
- Notify the CPU about the usage of these page tables.
- Change CPU ring, and jump to the entry point.

Page tables has regions that distinguish between 'supervisor' and 'user', i.e. you can't use 'supervisor' addresses in the page table,
if you're in a low-privileged ring. This whole concept is used for like what? 40 years?( =P~ )

A new concept i'm proposing is based on Intel''s virtualization technology, and the world's progression regarding virtualization
and virtual machines. Intel introduced a brand new CPU modes, called:
- VMX-ROOT: which is basically the 'regular' CPU mode you're all familiar with. No changes.
- VMX-NON-ROOT: a new CPU mode, which has the exact same privileges VMX-ROOT has, i mean, it can do ANYTHING. But wheres the catch?
You can actually trap this CPU with a whole lots of methods(trap with specific instructions, trap with interrupts...). By 'trapping', i mean when a certain
event occurs, you're code will begin to run. Just like interrupts.

So, why the heck shouldn't we use this concept and improve the current 'user-land' known concept?
The kernel will be loaded into 'VMX-ROOT' mode, and switch to 'VMX-NON-ROOT' whenever it chooses to. But how is memory seen by a code that is running in
'VMX-NON-ROOT' mode you're asking? Before Intel's new EPT technology, managing the memory for Virtual Machines was a living nightmare(Shadow page tables, i won't extend)

Intel introduced 'Extended page tables', which is basically a page-table that maps every linear address that is used in 'VMX-NON-ROOT' to an actual linear address;
much like the usual virtual-address to linear-address page tables.

This is a very basic introduction to the concept. Any thoughts?(This won't work, This will work...)


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Fri Jan 27, 2017 11:26 am 
Offline
Member
Member
User avatar

Joined: Fri Mar 07, 2008 5:36 pm
Posts: 2111
Location: Bucharest, Romania
I'm not sure what problem you're trying to solve. As far as I can tell, you're not arguing that the current solution should be replaced because it's outdated, you're arguing that it should be replaced because it's old. Do you want applications to embed their own drivers or something? Or are you trying to implement an exokernel, perhaps?

_________________
"Computers in the future may weigh no more than 1.5 tons.", Popular Mechanics (1949)
[ Project UDI ]


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Fri Jan 27, 2017 1:09 pm 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8561
Location: At his keyboard!
Hi,

Sourcer wrote:
So, why the heck shouldn't we use this concept and improve the current 'user-land' known concept?


Because you still end up with the exact same "user-space and kernel space", except that instead of using something that's actually designed to do this efficiently (normal paging) you're using something that is designed for a completely different purpose (and is slower, more complex and less portable), without having any benefits to justify all the disadvantages (other than "you can trap things that processes have never wanted to do and should never have been able to do, so that you can make sure they can't be done").


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Fri Jan 27, 2017 4:24 pm 
Offline
Member
Member

Joined: Mon Jul 05, 2010 4:15 pm
Posts: 595
Sourcer wrote:
- VMX-NON-ROOT: a new CPU mode, which has the exact same privileges VMX-ROOT has, i mean, it can do ANYTHING. But wheres the catch?
You can actually trap this CPU with a whole lots of methods(trap with specific instructions, trap with interrupts...). By 'trapping', i mean when a certain
event occurs, you're code will begin to run. Just like interrupts.


Isn't VMX-NON-ROOT supposed to be run by a kernel under the hypervisor or whatever. I haven't looked into this Intel virtualization very much but I have a feeling there are loopholes in VMX-NON-ROOT mode that makes it unsuitable for user space applications. I'm not sure what kind of functionality you are after but let's take an example as you mentioned page tables in the beginning. Perhaps you want the user program to control its own page tables.

I think you can trap writing to CR0 but a user program can't trap writes to the page table itself. You can trap the writes to a page table page but that has to be setup by the kernel in that case. A user program cannot write whatever it wants to a page table as that could compromise the system (or the virtual system). Hence you need a kernel to ensure that the user program behaves correctly regardless whatever solution you choose.


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Fri Jan 27, 2017 7:51 pm 
Offline
Member
Member
User avatar

Joined: Sun Dec 25, 2016 1:54 am
Posts: 204
Sourcer wrote:
The usual and common implementation of 'user-land' in today's kernels is(Maybe this is to- o x86 specific?):
- Create new page tables for the process.
- Load the process's memory(data, code, etc)
- Notify the CPU about the usage of these page tables.
- Change CPU ring, and jump to the entry point.

Page tables has regions that distinguish between 'supervisor' and 'user', i.e. you can't use 'supervisor' addresses in the page table,
if you're in a low-privileged ring. This whole concept is used for like what? 40 years?( =P~ )

A new concept i'm proposing is based on Intel''s virtualization technology, and the world's progression regarding virtualization
and virtual machines. Intel introduced a brand new CPU modes, called:
- VMX-ROOT: which is basically the 'regular' CPU mode you're all familiar with. No changes.
- VMX-NON-ROOT: a new CPU mode, which has the exact same privileges VMX-ROOT has, i mean, it can do ANYTHING. But wheres the catch?
You can actually trap this CPU with a whole lots of methods(trap with specific instructions, trap with interrupts...). By 'trapping', i mean when a certain
event occurs, you're code will begin to run. Just like interrupts.

So, why the heck shouldn't we use this concept and improve the current 'user-land' known concept?
The kernel will be loaded into 'VMX-ROOT' mode, and switch to 'VMX-NON-ROOT' whenever it chooses to. But how is memory seen by a code that is running in
'VMX-NON-ROOT' mode you're asking? Before Intel's new EPT technology, managing the memory for Virtual Machines was a living nightmare(Shadow page tables, i won't extend)

Intel introduced 'Extended page tables', which is basically a page-table that maps every linear address that is used in 'VMX-NON-ROOT' to an actual linear address;
much like the usual virtual-address to linear-address page tables.

This is a very basic introduction to the concept. Any thoughts?(This won't work, This will work...)



I am pretty sure this is called ring -1 and an example of trapping and monitoring calls is Intel's Kernel Guard Technology --- see here for Apache Licensed UEFI compatible hypervisor which can trap all the stuff your describe --- https://github.com/01org/ikgt-core

_________________
Plagiarize. Plagiarize. Let not one line escape thine eyes...


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Sat Jan 28, 2017 3:43 pm 
Offline
Member
Member

Joined: Mon Jul 05, 2010 4:15 pm
Posts: 595
Not really sure what TS wants but aren't there loopholes in the VMX-NON-ROOT mode that makes it unsuitable for user space programs?

Let's take an example, I'm not sure what TS wants but as he mentioned the page table let's assume user program should manage their own page tables. We know that we can trap writes to CR0 but we can't trap writes to page table entries themselves unless we set those pages to be write protected but who is going to do that, the user program itself? Who ensures that those pages gets trapped and ensure that the entries are valid? If they are invalid it can compromise the host system (or the virtual system it runs under). In practice we need some kind of kernel under virtualized system that ensures the functionality that the user space programs behave.

I haven't studied the Intel virtualization in detail so I haven't really a solution to this. Do you know how the example above could be solved?

Also, I see not much benefit to transfer much of the system control to user space programs. The kernel would basically be replaced by a runtime and you have "kernel" again. What are the benefits here?


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Sat Jan 28, 2017 8:45 pm 
Offline
Member
Member
User avatar

Joined: Sun Dec 25, 2016 1:54 am
Posts: 204
OSwhatever wrote:
Not really sure what TS wants but aren't there loopholes in the VMX-NON-ROOT mode that makes it unsuitable for user space programs?

Let's take an example, I'm not sure what TS wants but as he mentioned the page table let's assume user program should manage their own page tables. We know that we can trap writes to CR0 but we can't trap writes to page table entries themselves unless we set those pages to be write protected but who is going to do that, the user program itself? Who ensures that those pages gets trapped and ensure that the entries are valid? If they are invalid it can compromise the host system (or the virtual system it runs under). In practice we need some kind of kernel under virtualized system that ensures the functionality that the user space programs behave.

I haven't studied the Intel virtualization in detail so I haven't really a solution to this. Do you know how the example above could be solved?

Also, I see not much benefit to transfer much of the system control to user space programs. The kernel would basically be replaced by a runtime and you have "kernel" again. What are the benefits here?



ikgt mentioned above has an interface for writing filters which should be able to catch all of said examples.

however - this would imply a microkernel acting as a trusted root sending events it catches back to the virtualized user space... so really the question is not inter-vm security but microkernel api security and that sure worked out nice for android's secure storage didn't it...

_________________
Plagiarize. Plagiarize. Let not one line escape thine eyes...


Top
 Profile  
 
 Post subject: Re: New user-mode concept I thought of.
PostPosted: Sun Jan 29, 2017 5:26 am 
Offline
Member
Member
User avatar

Joined: Thu Jul 12, 2012 7:29 am
Posts: 723
Location: Tallinn, Estonia
dchapiesky wrote:
so really the question is not inter-vm security but microkernel api security and that sure worked out nice for android's secure storage didn't it...


How is that even related? Android has no microkernel (except the OKL4/Android version), and no hypervisor.

_________________
Learn to read.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 20 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group