Xen devel - Dec 2008 - Replacing IRET by a hypercall

Hello,
I am trying to implement a security system using Xen, in which i need to
replace the *iret* instruction by a hypercall so that the control comes to
xen before going back to user-space process so that i can perform some
security checks.

I am trying to replace each *iret* in
linux-2.6.18-xen.hg/arch/i386/kernel/entry-xen.S with my hypercall. I check
the *cs* for privilege level of return code. If it is ring 2/3 then i
execute my hypercall else normal *iret *instruction is executed.
* 1:*      *pushl %eax
          movl $0,%eax
          movw 8(%esp),%ax
          testl $2,%eax
          jz 678f
          testl $1,vmcloak_on
           jz 678f

           jmp  hypercall_page + (__HYPERVISOR_debug_iret * 32)*
*
678:    popl %eax
           iret*
This code is added at all four places just before *iret *is called in
entry-xen.S

In the file *xen-3.3.0/xen/arch/x86/x86_32/entry.S* at the point *
ENTRY(hypercall)*,  I check the contents of *%eax *with my hypercall number
which is *38*. If my hypercall is made, I replace the stack contents of ring
0 with those of ring 1 so that hardware performs normal *iret *i.e. control
goes back normally to the user mode process had the hypercall not been made.

I am assuming the stack contents of ring 1 to be as follows:
________
| ss        |
| esp      |
| eflags  |
| cs        |
| eip      |
| eax     |  ** This is pushed so that the value of eax is preserved across
hypercall.
Ring 1 stack

I am assuming the stack contents of ring 0 to be as follows:
________
| ss        |
| esp      |
| eflags  |
| cs        |
| eip      |
Ring 0 stack

The code added in entry.S after *ENTRY(hypercall) *is as follows:*
    cli
    cmpl $38,%eax
    jne 679f

   movw 16(%esp),%gs
   movl 12(%esp),%esi

/************************   Moving EIP
***********************************/
movl %gs:4(%esi),%eax
movl %eax,(%esp)

/************************  CS  *******************************************/
movl %gs:8(%esi),%eax
movl %eax,4(%esp)

/***********************   EFLAGS   *************************************/
movl %gs:12(%esi),%eax
movl %eax,8(%esp)

/***********************   ESP    *************************************/
movl %gs:16(%esi),%eax
movl %eax,12(%esp)

/***********************   SS    **************************************/
movl %gs:20(%esi),%eax
movl %eax,16(%esp)

/************************Restoring eax*****************************/
movl %gs:(%esi),%eax
iret

679: // remaining code of ENTRY(hypercall)*

Are my assumptions correct? I am unable to understand whether this code is
correct. Can you please tell me the mistakes that I might be making.

Please help me,

Furquan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel