/* * Copyright (C) 2015-2016, Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the copyright holder nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include "gdt.h" #include "helpers.h" #include "idt.h" #include "prot-domains.h" #include "stacks.h" #include "syscalls.h" #include "tss.h" uint32_t prot_domains_main_esp; syscalls_entrypoint_t ATTR_KERN_ADDR_SPACE *prot_domains_syscall; /*---------------------------------------------------------------------------*/ void app_main(void); void prot_domains_reg(dom_client_data_t ATTR_KERN_ADDR_SPACE *dcd, uintptr_t mmio, size_t mmio_sz, uintptr_t meta, size_t meta_sz, bool pio) { segment_desc_t desc; uint32_t eflags; dom_id_t dom_id; volatile struct dom_kern_data ATTR_KERN_ADDR_SPACE *dkd; KERN_READL(dom_id, dcd->dom_id); dkd = prot_domains_kern_data + dom_id; prot_domains_reg_multi_seg(dkd, mmio, mmio_sz, meta, meta_sz); /* Only the kernel protection domain requires port I/O access outside of the * interrupt handlers. */ eflags = EFLAGS_IOPL(pio ? PRIV_LVL_USER : PRIV_LVL_INT); if(dom_id == DOM_ID_app) { eflags |= EFLAGS_IF; } /* Keep this initialization in sync with the register definitions in * tss-prot-domains-asm.S. */ KERN_WRITEL(dkd->tss.ebp, 0); KERN_WRITEL(dkd->tss.ebx, 0); KERN_WRITEL(dkd->tss.esi, BIT(dom_id)); KERN_WRITEL(dkd->tss.eip, (dom_id == DOM_ID_app) ? (uint32_t)app_main : (uint32_t)prot_domains_syscall_dispatcher); KERN_WRITEL(dkd->tss.cs, GDT_SEL_CODE); KERN_WRITEL(dkd->tss.ds, GDT_SEL_DATA); KERN_WRITEL(dkd->tss.es, GDT_SEL_DATA); KERN_WRITEL(dkd->tss.fs, LDT_SEL_KERN); KERN_WRITEL(dkd->tss.gs, (meta_sz == 0) ? GDT_SEL_NULL : LDT_SEL_META); KERN_WRITEL(dkd->tss.ss, GDT_SEL_STK); /* This stack pointer is only actually used in application protection domain. * Other domains enter at system call dispatcher, which switches to main * stack. */ KERN_WRITEL(dkd->tss.esp, /* Two return addresses have been consumed: */ STACKS_INIT_TOP + (2 * sizeof(uintptr_t))); KERN_WRITEL(dkd->tss.eflags, eflags); KERN_WRITEL(dkd->tss.ldt, GDT_SEL_LDT(dom_id)); KERN_WRITEL(dkd->tss.esp2, STACKS_SIZE_MAIN + STACKS_SIZE_INT); KERN_WRITEL(dkd->tss.ss2, GDT_SEL_STK_INT); KERN_WRITEL(dkd->tss.esp0, STACKS_SIZE_MAIN + STACKS_SIZE_INT + STACKS_SIZE_EXC); KERN_WRITEL(dkd->tss.ss0, GDT_SEL_STK_EXC); KERN_WRITEW(dkd->tss.t, 0); KERN_WRITEW(dkd->tss.iomap_base, sizeof(tss_t)); KERN_WRITEL(dkd->tss.cr3, 0); segment_desc_init(&desc, KERN_DATA_OFF_TO_PHYS_ADDR((uint32_t)&(dkd->tss)), sizeof(dkd->tss), /* It should be possible for code at any privilege level to invoke the task's * system call dispatcher. */ SEG_FLAG(DPL, PRIV_LVL_USER) | SEG_TYPE_TSS32_AVAIL); gdt_insert(GDT_IDX_TSS(dom_id), desc); KERN_WRITEW(dcd->tss_sel, GDT_SEL(GDT_IDX_TSS(dom_id), PRIV_LVL_USER)); } /*---------------------------------------------------------------------------*/ void dev_not_avail_isr(void); void prot_domains_impl_init(void) { __asm__ __volatile__ ("ltr %0" :: "r" ((uint16_t)GDT_SEL_TSS(DOM_ID_kern))); __asm__ __volatile__ ("lldt %0" :: "r" ((uint16_t)GDT_SEL_LDT(DOM_ID_kern))); idt_set_intr_gate_desc(7, (uint32_t)dev_not_avail_isr, GDT_SEL_CODE_EXC, PRIV_LVL_EXC); } /*---------------------------------------------------------------------------*/ int main(); void prot_domains_launch_kernel(void) { multi_segment_launch_kernel(); /* Activate kernel protection domain, entering the kernel at main. */ __asm__ __volatile__ ( "pushl %[_ss_]\n\t" "pushl %[_top_of_stk_]\n\t" "pushl %[_eflags_]\n\t" "pushl %[_cs_]\n\t" "pushl %[_kern_start_]\n\t" "iretl\n\t" : : [_ss_] "g" (GDT_SEL_STK), [_eflags_] "g" (EFLAGS_IOPL(PRIV_LVL_USER)), [_cs_] "g" (GDT_SEL_CODE), [_kern_start_] "g" (main), /* one address has already been consumed */ [_top_of_stk_] "g" (STACKS_INIT_TOP + sizeof(uint32_t)) ); } /*---------------------------------------------------------------------------*/ void prot_domains_launch_app() { far_pointer_t app_ptr = { 0, GDT_SEL_TSS(DOM_ID_app) }; __asm__ __volatile__ ("ljmp *%0" :: "m" (app_ptr)); } /*---------------------------------------------------------------------------*/