1

Recently, I am doing homework about Virtualization. My question is, how VMM transfer control to the guest kernel and run that code in Ring 1?

Type-1 VMM: This is the classical trap-and-emulate VMM. The VMM runs directly on hardware, acts as a "host operating system" in Ring 0. Guest kernel and guest applications run upon VMM, in Ring 1 and Ring 3 respectively.

  1. When Guest applications make a syscall, it will trap to Ring 0 VMM, (CPU is designed to do this).

  2. VMM will then detect that this is a syscall, and then transfer control to the guest kernel syscal handler and execute it in Ring 1.

  3. When it is done, the guest kernel performs syscall-return, this is a privileged call, which will trap again into VMM.

  4. VMM then do a real return to the guest user space in ring 3. (CPU is also designed to do this.)

My question is about step 2. How does the VMM transfer control to guest kernel and force the CPU to ring 1? It couldn't be a simple "call" since then the guest kernel code will run in ring 0. It must be some kind of "syscall-return" or some special context switch instructions.

Do you have some idea? Thank you!

Steinway Wu
  • 1,288
  • 1
  • 12
  • 18

2 Answers2

1

Simply running the guest OS with a CS selector with RPL=1 (on x86 though). Returning from more privileged ring to lower one is generally done using iret.

answer
  • 11
  • 1
0

Xen is one of the VMMs that run guest OSes in ring 1. In Xen, instructions such as the HLT instruction, (the instruction in ring 1 where the guest OSes run) is replaced by a hyper-call. In this case, instead of calling the HLT instruction, as is done eventually in the Linux kernel, the xen_idle() method is called. It performs a hypercall instead, namely, the HYPERVISOR_sched_op(SCHEDOP_block, 0) hypercall that manages the privilege ring switching. For more info see:

http://www.linuxjournal.com/article/8909

TonySalimi
  • 8,257
  • 4
  • 33
  • 62