[Qemu-devel] Host API escape

[Qemu-devel] Host API escape

[Derek Fawcus]

On Mon, Sep 13, 2004 at 11:16:14PM +0200, Fabrice Bellard wrote:
> Derek Fawcus wrote:
> > I was adding a fake instruction

So will you at all interested in this bit,  want to wait for it to
cook some more first,  or not interested?

It's basically a "new" instruction,  using opcodes that should normally
generate undefined/illegal opcode traps,  hence it should still be usable
(in some form) if/when doing fast/native x86-on-x86.  The point being to
provide a a controlled escape to talk with the host - therefore it's
called "hostapi"...

At the moment I've defined a hidden "address register" which can be loaded
with an immediate value 16/32 bit offset from a specified segment register,
the address register getting the equivalent linear address and causing the
emulation to break ala a trap/debug.

>From there I then treat the address as a pointer to an argument block in
memory specifying what the request is;  service the request and return.

No real target registers are altered,  but arbitrary modifications to
target memory can be performed.  What I suspect I'll want at somepoint
is the ability to convert a set of virtual region descriptions into
scatter-gather physical descriptions,  such that they can be passed
to an external process which happens to mmap the target physical memory
file.

I've got it going well enought that I'm now working on the target and host
code which are communicating,  and seeing what if anything needs to alter
in the hostapi stuff.

I said I was working on a more complex form of file access...

My plan at the moment is DOS REDIR access (8.3 filenames) which should be
usable in all DOS derivatives (inc Win 3.1/WFW 3.11/w95/w98/wMe).

Other stuff,  say cut through video/mouse/kbd support,  LFN support,
virtual network (winsocks) can be done later,  but maybe not by me :-)
Once I started on this I realised that the ultimate progression is
effectivly the same as Win4Lin.  Hmm...

DF

re: [Qemu-devel] Host API escape

[EricNorthup]

On Mon, 13 Sep 2004 23:45:07 +0100, Derek Fawcus wrote:

>On Mon, Sep 13, 2004 at 11:16:14PM +0200, Fabrice Bellard wrote:
>> Derek Fawcus wrote:
>> > I was adding a fake instruction
>
>So will you at all interested in this bit,  want to wait for it to
>cook some more first,  or not interested?
>
>It's basically a "new" instruction,  using opcodes that should normally
>generate undefined/illegal opcode traps,  hence it should still be
>usable
>(in some form) if/when doing fast/native x86-on-x86.  The point
> being to provide a a controlled escape to talk with the host -
therefore it's
> called "hostapi"...
[. . .]

Ok, I think the things you can achieve with this mechanism are very
exciting.  But please, *please* do not make another fork in x86!

What if you use the WRMSR instructions instead?  Then you can define
MSRs which have certain behavior when written to / read from.  The whole
point of MSRs is that they are model-specific, and that is the way to do
this compatibly.

Just a suggestion

--Eric

Re: [Qemu-devel] Host API escape

[Derek Fawcus]

On Mon, Sep 13, 2004 at 10:43:00PM -0400, EricNorthup wrote:
> Ok, I think the things you can achieve with this mechanism are very
> exciting.  But please, *please* do not make another fork in x86!

Huh?  What do you mean by "another fork in x86"?  Or are you simply
referring to the fact that I've (re)defined a special instruction?

> What if you use the WRMSR instructions instead?  Then you can define
> MSRs which have certain behavior when written to / read from.  The whole
> point of MSRs is that they are model-specific, and that is the way to do
> this compatibly.

Hmm - a possibility.

I can look at changing to that once I've got the redir stuff working.
My initial concern was actually not to use / change any target visible
register,  so that I can inject this anywhere as a debug hook - where
it's currently quite useful.

DF

[Qemu-devel] Re: Host API escape

[Ben Pfaff]

Derek Fawcus <dfawcus@cisco.com> writes:

> On Mon, Sep 13, 2004 at 10:43:00PM -0400, EricNorthup wrote:
>> What if you use the WRMSR instructions instead?  Then you can define
>> MSRs which have certain behavior when written to / read from.  The whole
>> point of MSRs is that they are model-specific, and that is the way to do
>> this compatibly.
>
> Hmm - a possibility.

For what it's worth, VMware products use a magic I/O port for
guest<->host communication according to
http://chitchat.at.infoseek.co.jp/vmware/backdoor.html
-- 
Ben Pfaff 
email: blp@cs.stanford.edu
web: http://benpfaff.org

Re: [Qemu-devel] Host API escape

[Gwenole Beauchesne]

On Mon, 13 Sep 2004, Derek Fawcus wrote:

> Other stuff,  say cut through video/mouse/kbd support,  LFN support,
> virtual network (winsocks) can be done later,  but maybe not by me :-)

Exactly. In BasiliskII/SheepShaver jargon, that's called an "EmulOp". And
purposes cover native driver hooks (e.g. audio, ethernet), copy/paste,
Native QuickDraw acceleration, host file system access, etc.

However, this kind of optimization is specific to certain systems as you
would need to either run-time patch the OS, or provide necessary drivers
with those hooks compiled in (MoL).

The problem on x86 side is to find out a particular instruction sequence
that is not (and won't be) meaningful.

Re: [Qemu-devel] Host API escape

[Derek Fawcus]

On Tue, Sep 14, 2004 at 09:54:29AM +0200, Gwenole Beauchesne wrote:
> However, this kind of optimization is specific to certain systems as you
> would need to either run-time patch the OS, or provide necessary drivers
> with those hooks compiled in (MoL).

Yeah - well I see the qemu core having a number of potential uses.

One is the simple "virtual PC" type of scenario,  whereby it's useful
for running (together with debug and test of) complete systems;  another
for specific OS optimised hosting (i.e. Win4Lin type stuff);  and a
third being as a soft ICE type of environment,  allowing all sorts of
interesting fun.

DF