how to add a hypercall in xen 4.13.0 - xen

I tried to follow tutorials to add a new hypercall for xen, however all of them cannot work because there is no ENTRY(hypercall_table) in entry.S, how to add a new hypercall in recent version of xen?

The easy way to create a custom hypercall is to watch how a simple one is declared and try to mimic the behavior. I did this and was able to successfully write one.
The following steps were reproduced in Xen 4.13
Let's assume that I want to create an attack hypercall that will mimic some malicious behaviors inside Xen.
1 - Define the HC entry
xen/include/public/xen.h
#define __HYPERVISOR_arch_6 54
#define __HYPERVISOR_arch_7 55
/* Attack Emulation hypercall */
#define __HYPERVISOR_attack 56
2- Define its signature
/xen/include/xen/hypercall.h
extern long
do_attack(
int cmd,
XEN_GUEST_HANDLE_PARAM(void) arg);
3- Declare its page in the assembly source
/xen/arch/x86/guest/hypercall_page.S
DECLARE_HYPERCALL(attack)
4- Declare it for the HVM mode
/xen/arch/x86/hvm/hypercall.c
HYPERCALL(arch_1),
HYPERCALL(attack)
};
5- Declare the number of parameters that it would have
xen/arch/x86/hypercall.c
ARGS(arch_1, 1),
ARGS(attack, 2),
};
6- Declare its body:
/xen/common/kernel.c
DO(attack)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)`
{
printk("Entering Attack Hypercall:\t%d\n", cmd);
return 0;
}

Related

NIOSII Softcore UART Interrupt

I try to get an UART IP core in combination with the NIOS2 (softcore) running on the Cyclone 10 LP evaluation board.
So far everything works fine in polling mode. However, I cannot manage to get the interrupts running on the softcore.
The FPGA is configured in the following way.
From the picture it can be seen, that the interrupt line is connected to the NIOS2 softcore processor.
The following picture shows that the Altera UART driver is available.
The initalization code provided by Altera looks like the following.
/*
* Initialize the interrupt controller devices
* and then enable interrupts in the CPU.
* Called before alt_sys_init().
* The "base" parameter is ignored and only
* present for backwards-compatibility.
*/
void alt_irq_init ( const void* base )
{
ALTERA_NIOS2_GEN2_IRQ_INIT ( NIOS2E, nios2e);
alt_irq_cpu_enable_interrupts();
}
/*
* Initialize the non-interrupt controller devices.
* Called after alt_irq_init().
*/
void alt_sys_init( void )
{
ALTERA_AVALON_JTAG_UART_INIT ( JTAG_UART, jtag_uart);
ALTERA_AVALON_UART_INIT ( UART_0, uart_0);
ALTERA_REMOTE_UPDATE_INIT ( REMOTE_UPDATE_0, remote_update_0);
}
To enable interrupts you have to disable the reduced drivers in the BSP Editor of NIOS2. One might assume, that if you connect the interrupt line in Quartus Prime this will be considered in the NIOS2EDS Project. Unfortunately this is not the case.

Reading Armv8-A registers with devmem from GNU/Linux shell

I want to read the values of some Cortex-A53 registers, such as
D_AA64ISAR0_EL1 (AArch64)
ID_ISAR5 (Aarch32)
ID_ISAR5_EL1 (Aarch64)
Unfortunately, I lack a little embedded/assembly experience. The documentation reveals
To access the ID_AA64ISAR0_EL1:
MRS , ID_AA64ISAR0_EL1 ; Read ID_AA64ISAR0_EL1 into Xt
ID_AA64ISAR0_EL1[31:0] can be accessed through the internal memory-mapped interface
and the external debug interface, offset 0xD30.
I decided to utilize devmem2 on my target (since busybox does not include the devmem applet). Is the following procecure correct to read the register?
devmem2 0xD30
The part which I am unsure about is using the "offset" as a direct physical address. If it is the actual address, why call if "offset" and not "address". If it's an offset, what is the base address? I am 99% certain this is not the correct procedure, but how do I know the base address to add the offset to? I have searched the Armv8 technical reference manual and A53 MPCore documents to no avail. The explain the register contents in detail but seem to assume you read them from ASM using the label ID_AA64ISAR0_EL1.
Update:
I found this:
Configuration Base Address Register, EL1
The CBAR_EL1 characteristics are:
Purpose Holds the physical base address of the memory-mapped GIC CPU
interface registers.
But it simply duplicates my problem, how to read this other register?
Update 2:
The first update seems relevant only for GIC and not for configuration registers I am trying to read (I misunderstood the information I think).
For the specific problem at hand (checking crypto extension availability) one may simply cat /proc/cpuinfo and look for aes/sha etc.
Update 3:
I am now investigating http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dai0176c/ar01s04s01.html, as well as the base address being SoC specific and thus may be found in the reference manual of the SoC.
Update 4:
Thanks to the great answer I seem to be able to read data via my kernel module:
[ 4943.461948] ID_AA64ISA_EL1 : 0x11120
[ 4943.465775] ID_ISAR5_EL1 : 0x11121
P.S.: This was very insightful, thank you again!
Update 5:
Source code as per request:
/******************************************************************************
*
* Copyright (C) 2011 Intel Corporation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
* the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*****************************************************************************/
#include <linux/module.h>
#include <linux/types.h>
/*****************************************************************************/
// read system register value ID_AA64ISAR0_EL1 (s3_0_c0_c6_0).
static inline uint64_t system_read_ID_AA64ISAR0_EL1(void)
{
uint64_t val;
asm volatile("mrs %0, ID_AA64ISAR0_EL1" : "=r" (val));
return val;
}
// read system register value ID_ISAR5_EL1 (s3_0_c0_c2_5).
static inline uint64_t system_read_ID_ISAR5_EL1(void)
{
uint64_t val;
asm volatile("mrs %0, s3_0_c0_c2_5" : "=r" (val));
return val;
}
/*****************************************************************************/
int init_module(void)
{
printk("ramdump Hello World!\n");
printk("ID_AA64ISAR0_EL1 : 0x%llX\n", system_read_ID_AA64ISAR0_EL1());
printk("ID_ISAR5_EL1 : 0x%llX\n", system_read_ID_ISAR5_EL1());
return 0;
}
void cleanup_module(void)
{
printk("ramdump Goodbye Cruel World!\n");
}
MODULE_LICENSE("GPL");
Disclaimer: I am not an Aarch64 expert, but I am currently learning about the architecture and have read a bit.
You cannot read ID_AA64ISAR0_EL1, ID_ISAR5_EL1 nor ID_ISAR5 from a user-mode application running at EL0: the _EL1 suffix means than running at least at EL1 is required in order to be allowed to read those two registers.
You may find helpful to read the pseudo-code in the arm documentation here and here.
In the case of ID_ISAR5 for example, the pseudo-code is very explicit:
if PSTATE.EL == EL0 then
UNDEFINED;
elsif PSTATE.EL == EL1 then
if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T0 == '1' then
AArch64.AArch32SystemAccessTrap(EL2, 0x03);
elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T0 == '1' then
AArch32.TakeHypTrapException(0x03);
elsif EL2Enabled() && !ELUsingAArch32(EL2) && HCR_EL2.TID3 == '1' then
AArch64.AArch32SystemAccessTrap(EL2, 0x03);
elsif EL2Enabled() && ELUsingAArch32(EL2) && HCR.TID3 == '1' then
AArch32.TakeHypTrapException(0x03);
else
return ID_ISAR5;
elsif PSTATE.EL == EL2 then
return ID_ISAR5;
elsif PSTATE.EL == EL3 then
return ID_ISAR5;
One easy way to read those register would be to write a tiny loadable kernel module you could call from your user-mode application: Since the Linux kernel is running at EL1, it is perfectly able to read those three registers.
See for example this article for a nice introduction to Linux loadable kernel modules.
And this is likely that an application running at EL0 cannot access memory-mapped registers accessible only from EL1, since this would obviously break the protection scheme.
The C code snippets required to read those registers in Aarch64 state would be (tested with gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu) :
#include <stdint.h>
// read system register value ID_AA64ISAR0_EL1 (s3_0_c0_c6_0).
static inline uint64_t system_read_ID_AA64ISAR0_EL1(void)
{
uint64_t val;
asm volatile("mrs %0, s3_0_c0_c6_0" : "=r" (val));
return val;
}
// read system register value ID_ISAR5_EL1 (s3_0_c0_c2_5).
static inline uint64_t system_read_ID_ISAR5_EL1(void)
{
uint64_t val;
asm volatile("mrs %0, s3_0_c0_c2_5" : "=r" (val));
return val;
}
Update #1:
The GCC toolchain does not understand all arm system register names, but can nevertheless properly encode system registers access instructions if specified which exact values of the coproc, opc1, CRn, CRm, and opc2 fields are associated to this register.
In the case of ID_AA64ISAR0_EL1, the values specified in the ArmĀ® Architecture Registers Armv8, for Armv8-A architecture profile document are:
coproc=0b11, opc1=0b000, CRn=0b0000, CRm=0b0110, opc2=0b000
The system register alias would then be s[coproc]_[opc1]_c[CRn]_c[CRm]_[opc2], that is s3_0_c0_c6_0 in the case of ID_AA64ISAR0_EL1.
I see this tool maybe meets your need:
system-register-tools
It just provides reading and writing system registers function for arm64, likes MSR-tools in x86.

How to start Go's main function from within the NSApplication event loop?

I'm trying to add Sparkle into my Qt (binding for Go) app to make it can be updated automatically.
Problem: there is no popup dialog when running the latest version
Here's the code: https://github.com/sparkle-project/Sparkle/blob/master/Sparkle/SUUIBasedUpdateDriver.m#L104
The reason as the author pointed out is NSAlert needs a run loop to work.
I found some docs:
https://wiki.qt.io/Application_Start-up_Patterns
https://developer.apple.com/documentation/appkit/nsapplication
So, as I understand, we have to instantiate NSApplication before creating a QApplication.
void NSApplicationMain(int argc, char *argv[]) {
[NSApplication sharedApplication];
[NSBundle loadNibNamed:#"myMain" owner:NSApp];
[NSApp run];
}
My Go's main function is something like this:
func main() {
widgets.NewQApplication(len(os.Args), os.Args)
...
action := widgets.NewQMenuBar(nil).AddMenu2("").AddAction("Check for Updates...")
// http://doc.qt.io/qt-5/qaction.html#MenuRole-enum
action.SetMenuRole(widgets.QAction__ApplicationSpecificRole)
action.ConnectTriggered(func(bool) { sparkle_checkUpdates() })
...
widgets.QApplication_Exec()
}
Question: how can I start Go's main function from within the NSApplicationMain event loop?
Using QApplication together with a Runloop
Regarding your question how to use your QApplication together with a NSRunloop: you are doing it already.
Since you are using QApplication (and not QCoreApplication) you already have a Runloop running,
see http://code.qt.io/cgit/qt/qt.git/plain/src/gui/kernel/qeventdispatcher_mac.mm and http://code.qt.io/cgit/qt/qt.git/plain/src/plugins/platforms/cocoa/qcocoaeventloopintegration.mm
Proof
A NSTimer needs a run loop to work. So we could add quick test with an existing example Qt app called 'widget' from the repository you referenced in your question.
Adding a small Objective-C test class TimerRunloopTest with a C function wrapper that can be called from GO:
#import <Foundation/Foundation.h>
#include <os/log.h>
#interface TimerRunloopTest : NSObject
- (void)run;
#end
void runTimerRunloopTest() {
[[TimerRunloopTest new] run];
}
#implementation TimerRunloopTest
- (void)run {
os_log_t log = os_log_create("widget.example", "RunloopTest");
os_log(log, "setup happening at %f", NSDate.timeIntervalSinceReferenceDate);
[NSTimer scheduledTimerWithTimeInterval:1.0
target:self
selector:#selector(timerTick:)
userInfo:nil
repeats:YES];
}
- (void)timerTick:(NSTimer *)timer {
os_log_t log = os_log_create("widget.example", "RunloopTest");
os_log(log, "timer tick %f", NSDate.timeIntervalSinceReferenceDate);
}
#end
GO counterpart timerrunlooptest.go
package main
/*
#cgo LDFLAGS: -framework Foundation
void runTimerRunloopTest();
*/
import "C"
func runTimerRunloopTest() { C.runTimerRunloopTest() }
Change in main.go
At the end before app.Exec() add this line:
runTimerRunloopTest()
Build and Run it
Switch loggin on for our logging messages:
sudo log config --subsystem widget.example --mode level:debug
Afterwards build an run it:
$(go env GOPATH)/bin/qtdeploy test desktop examples/basic/widgets
Test
In the macOS Console uitlity we can now see, that the timer ticks are shown, proofing that a run-loop is running
NSAlert
Then you cited in your question, that NSAlert needs a run loop to work. We already proofed that we have one, but testing it explicitely makes sense.
So we can modify timerrunlooptest.go to inform it, that we want to link agains Cocoa also, not only Foundation:
package main
/*
#cgo LDFLAGS: -framework Foundation
#cgo LDFLAGS: -framework Cocoa
void runTimerRunloopTest();
*/
import "C"
func runTimerRunloopTest() { C.runTimerRunloopTest() }
Then we could add the following code to the run method of TimerRunLoopTest:
#import <Cocoa/Cocoa.h>
...
NSAlert *alert = [[NSAlert alloc] init];
alert.messageText = #"Message";
alert.informativeText = #"Info";
[alert addButtonWithTitle:#"OK"];
[alert runModal];
Result
After doing a
$(go env GOPATH)/bin/qtdeploy test desktop examples/basic/widgets
the native Alert is shown from the GO/QT application as expected:
Mixing Qt with Native Code
Although we seem to be able to display native alerts in the way described above, there is this hint in the QT documents that may or may not be useful:
Qt's event dispatcher is more flexible than what Cocoa offers, and lets the user spin the event dispatcher (and running QEventLoop::exec) without having to think about whether or not modal dialogs are showing on screen (which is a difference compared to Cocoa). Therefore, we need to do extra management in Qt to handle this correctly, which unfortunately makes mixing native panels hard. The best way at the moment to do this, is to follow the pattern below, where we post the call to the function with native code rather than calling it directly. Then we know that Qt has cleanly updated any pending event loop recursions before the native panel is shown.
see https://doc.qt.io/qt-5/macos-issues.html#using-native-cocoa-panels
There is also a small code example for this.

sigset_t unix using sigprocmask()

I am trying to print sigset using printf. In this program, I have used sigprocmask to block SIGHUP and SIGTERM. After initializing set and oset to empty sets, they are giving some random hex strings as output. How should I solve this problem??
Also, I have a doubt regarding the expected output of this program if I press Ctrl-C after execution. Does the catcher function also inherit the present signal set and should print the same as set??
#include<stdio.h>
#include<unistd.h>
#include<signal.h>
#include<bits/sigset.h>
void catcher(int sig){
sigset_t set;
sigprocmask(SIG_SETMASK, NULL, &set);
printf("%x inside function\n",set);
}
int main()
{
sigset_t set,oset;
signal(SIGINT,catcher);
sigemptyset(&set);
sigemptyset(&oset);
printf("%x\n",oset);
printf("%x\n",set);
sigaddset(&set,SIGHUP);
sigaddset(&set,SIGTERM);
sigprocmask(SIG_SETMASK,NULL,&oset);
printf("%x\n",oset);
printf("%x\n",set);
sigprocmask(SIG_BLOCK,&set,&oset);
pause();
sigprocmask(SIG_SETMASK,&oset,&set);
printf("%x\n",set);
}
Manual says :
The sigprocmask() function examines and/or changes the current signal
mask (those signals
that are blocked from delivery). Signals are blocked if they are members of the current
signal mask set.
This mask is for the whole process, and is used to block some signals for delivery. There is no inheritence here. There is a mask that describe at each execution point the set of blocked signals.
What you should know is that by default when a signal is catched, it is automatically added to the set of blocked signals (to prevent reentrance to the catching routine), and removed at the end of it.
An execution of your code on my machine gives :
0 // empty set
0 // empty oset
0 // empty oset
4001 // set = { HUP, TERM }
^C4003 // in catcher, signal is automatically blocked set={HUP, INT, TERM}
4001 // after catcher back in old state set={HUP,TERM}
That means that bit 0 and 14 are used for SIGHUP and SIGTERM, and bit 1 for SIGINT, which is exactly what I found in my system header file :
#define SIGHUP 1 /* hangup */
#define SIGINT 2 /* interrupt */
#define SIGTERM 15 /* software termination signal from kill */

nacl_io bind fails with EPERM

I wrote some demo app, that uses nacl_io sockets,
but bind fails with errno == EPERM
building with pepper_37,
Google Chrome 39.0.2171.95 (m)
OS Windows 7 or Server 2008 R2 SP1 64 bit
PNaCl translator version 0.1.0.13769
chrome flags:
--allow-nacl-socket-api=localhost --no-sandbox --enable-nacl
class ProxyTesterInstance : public pp::Instance
{
public:
explicit ProxyTesterInstance(PP_Instance instance, PPB_GetInterface get_interface) : pp::Instance(instance)
{
nacl_io_init_ppapi(instance, get_interface);
}
virtual ~ProxyTesterInstance() {}
virtual void HandleMessage(const pp::Var& var_message)
{
if (!var_message.is_string())
return;
std::string message = var_message.AsString();
if (message == kStartString)
{
reply(kReplyStartString);
int fd = socket( PF_INET, SOCK_STREAM, 0);
struct sockaddr_in myaddr;
myaddr.sin_family = PF_INET;
myaddr.sin_port = htons(50000);
inet_aton("0.0.0.0", &myaddr.sin_addr );
int res = bind(fd, (struct sockaddr*)&myaddr, sizeof(myaddr)); //returns -1
myaddr.sin_port = htons(80);
inet_aton("173.194.113.2", &myaddr.sin_addr );
res = connect(fd, (struct sockaddr*)&myaddr, sizeof(myaddr)); //returns 0
}
nacl_io assumes that it is being run on a worker thread, not the main thread. This is because many socket functions are blocking, but it is illegal to block the main thread in a NaCl application. Unfortunately, the error messages are not very clear explaining this constraint.
The easiest way to make this code work is to use the ppapi_simple library. It will initialize nacl_io for you and start running your code on a worker thread. At this point, you'll be able to make blocking calls (such as bind). It also gives you a main-like entry point instead of having to create a pp::Instance.
Take a look at some of the demos in the NaCl SDK (e.g. examples/demo/earth, examples/demo/pi_generator) for how to use ppapi_simple.

Resources