[Qemu-devel] How does a system call work on QEMU?

[Qemu-devel] How does a system call work on QEMU?

[helicoterus-elih]

Paravirtualized Xen guest kernel is on ring1 so Xen must forward system calls to it and then guest kernel replies with a hypercall to Xen.
How does a system call work on QEMU? 
When a guest kernel wants to directly access to device or perform a sensitive but not privilege instruction, what's happened?

Thanks

Re: [Qemu-devel] How does a system call work on QEMU?

[Mulyadi Santosa]

On 5/14/09, helicoterus-elih@yahoo.it <helicoterus-elih@yahoo.it> wrote:
>
> Paravirtualized Xen guest kernel is on ring1 so Xen must forward system
> calls to it and then guest kernel replies with a hypercall to Xen.
> How does a system call work on QEMU?
> When a guest kernel wants to directly access to device or perform a
> sensitive but not privilege instruction, what's happened?

Which mode of Qemu operations do you refer to? if you refer to full
MMU emulation (no KVM or kqemu involved then), then intercepting
syscall is basically intercepting interrupt 80 hex or SYSENTER/SYSCALL
into host user mode instruction during code translation.

Using KVM, it behaves more or less the same like Xen. KVM hypervisor
sits in ring zero root mode (sometimes I am confused about root and
non root mode, so guys CMIIW), while  guest kernel sits in ring 0 non
root mode. Non privileged instruction is directly handled by CPU,
while privileged one make CPU exits to root mode. CPU will trap such
instructions and redirect them to KVM entry points.

And last, if you're refererring linux-user mode, it's using same code
translation. It just don't produce user mode code, but instead calling
syscall() C function.

That's all I can recall, CMIIW people.

regards,

Mulyadi.

Re: [Qemu-devel] How does a system call work on QEMU?

[helicoterus-elih]

> Which mode of Qemu operations do you refer to? if you refer to full
> MMU emulation (no KVM or kqemu involved then), then intercepting
> syscall is basically intercepting interrupt 80 hex or SYSENTER/SYSCALL
> into host user mode instruction during code translation.

Ok, I refer to full emulation.
When QEMU intercepts a system call what does it do? What type of translation or modification does it perform?

Re: [Qemu-devel] How does a system call work on QEMU?

[Paul Brook]

[-- Attachment #1: Type: text/plain, Size: 535 bytes --]

On Thursday 14 May 2009, helicoterus-elih@yahoo.it wrote:
> > Which mode of Qemu operations do you refer to? if you refer to full
> > MMU emulation (no KVM or kqemu involved then), then intercepting
> > syscall is basically intercepting interrupt 80 hex or SYSENTER/SYSCALL
> > into host user mode instruction during code translation.
>
> Ok, I refer to full emulation.
> When QEMU intercepts a system call what does it do? What type of
> translation or modification does it perform?

It does exactly the same as real hardware.

Paul


[-- Attachment #2: Type: text/html, Size: 1440 bytes --]

Re: [Qemu-devel] How does a system call work on QEMU?

[Heli]

Paul Brook wrote:
> On Thursday 14 May 2009, helicoterus-elih@yahoo.it wrote:
>  > > Which mode of Qemu operations do you refer to? if you refer to full
>  > > MMU emulation (no KVM or kqemu involved then), then intercepting
>  > > syscall is basically intercepting interrupt 80 hex or SYSENTER/SYSCALL
>  > > into host user mode instruction during code translation.
>  >
>  > Ok, I refer to full emulation.
>  > When QEMU intercepts a system call what does it do? What type of
>  > translation or modification does it perform?
> 
> 
> It does exactly the same as real hardware.
> 
> 
> Paul
> 
> 
Does QEMU generate a system call that goes to libc library and the to 
the kernel?
Then the kernel run it on hardware, kernel replies to libc and libc 
notifies to QEMU. QEMU replies to guest O.S, is it true?
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com 

Re: [Qemu-devel] How does a system call work on QEMU?

[Avi Kivity]

Heli wrote:
> Does QEMU generate a system call that goes to libc library and the to 
> the kernel?
> Then the kernel run it on hardware, kernel replies to libc and libc 
> notifies to QEMU. QEMU replies to guest O.S, is it true?

No.  Look at target-i386/translate.c, case 0x105 for syscall emulation.  
Eventually it ends up calling helper_syscall().

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] How does a system call work on QEMU?

[grisu46]

Avi Kivity ha scritto:
> Heli wrote:
>> Does QEMU generate a system call that goes to libc library and the to 
>> the kernel?
>> Then the kernel run it on hardware, kernel replies to libc and libc 
>> notifies to QEMU. QEMU replies to guest O.S, is it true?
> 
> No.  Look at target-i386/translate.c, case 0x105 for syscall emulation.  
> Eventually it ends up calling helper_syscall().
> 

Simplify?
I am a newbie.

Thanks you all for your rapid answers.
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com 

Re: [Qemu-devel] How does a system call work on QEMU?

[Avi Kivity]

grisu46 wrote:
>> No.  Look at target-i386/translate.c, case 0x105 for syscall 
>> emulation.  Eventually it ends up calling helper_syscall().
>>
>
> Simplify?
> I am a newbie.

Sorry, you're on your own.  I can give you pointers but it's up to you 
to follow them.  If you're serious about understanding qemu you should 
be prepared a lot of time reading the source code and processor 
documentation.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

Re: [Qemu-devel] How does a system call work on QEMU?

[grisu46]

Avi Kivity ha scritto:
> grisu46 wrote:
>>> No.  Look at target-i386/translate.c, case 0x105 for syscall 
>>> emulation.  Eventually it ends up calling helper_syscall().
>>>
>>
>> Simplify?
>> I am a newbie.
> 
> Sorry, you're on your own.  I can give you pointers but it's up to you 
> to follow them.  If you're serious about understanding qemu you should 
> be prepared a lot of time reading the source code and processor 
> documentation.
> 
I would like to know how a virtualization program can perform a 
sensitive but not privileged operation. I learn about Xen and I like to 
understand (no deep details need) differences between Xen 
paravirtualization and QEMU emulator.

Thanks
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com 

Re: [Qemu-devel] How does a system call work on QEMU?

[Glauber Costa]

On Thu, May 14, 2009 at 3:00 PM, grisu46 <grisu46@yahoo.it> wrote:
> Avi Kivity ha scritto:
>>
>> grisu46 wrote:
>>>>
>>>> No.  Look at target-i386/translate.c, case 0x105 for syscall emulation.
>>>>  Eventually it ends up calling helper_syscall().
>>>>
>>>
>>> Simplify?
>>> I am a newbie.
>>
>> Sorry, you're on your own.  I can give you pointers but it's up to you to
>> follow them.  If you're serious about understanding qemu you should be
>> prepared a lot of time reading the source code and processor documentation.
>>
> I would like to know how a virtualization program can perform a sensitive
> but not privileged operation. I learn about Xen and I like to understand (no
> deep details need) differences between Xen paravirtualization and QEMU
> emulator.
>
As the name suggests, qemu (in this case) is a processor _emulator_. You're not
doing any kind of sensitive operations on your host processor here.
You are emulating
a processor, an all state change happens in the emulated processor.

* qemu reads the instruction.
* qemu updates its internal state accordingly.
* qemu reads next instruction.

No big secret here.

-- 
Glauber  Costa.
"Free as in Freedom"
http://glommer.net

"The less confident you are, the more serious you have to act."

Re: [Qemu-devel] How does a system call work on QEMU?

[Heli]

Avi Kivity ha scritto:
> grisu46 wrote:
>>> No.  Look at target-i386/translate.c, case 0x105 for syscall 
>>> emulation.  Eventually it ends up calling helper_syscall().
>>>
>>
>> Simplify?
>> I am a newbie.
> 
> Sorry, you're on your own.  I can give you pointers but it's up to you 
> to follow them.  If you're serious about understanding qemu you should 
> be prepared a lot of time reading the source code and processor 
> documentation.
> 
So it this the architecture of qemu, emulator version?
QEMU is a process that gives to o.s.guest a virtual hw
layer.
Every guest will be run by a QEMU instance.

See picture schema I prepaired: http://yfrog.com/7gqemulayersj

So system calls go from a guest application to its
operating system that communicates with its virtual
hardware. QEMU receives a system call and software emulator
QEMU performs a system call in O.S. host.
It is right?

Thanks
Chiacchiera con i tuoi amici in tempo reale! 
 http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com 

Re: [Qemu-devel] How does a system call work on QEMU?

[Avi Kivity]

Heli wrote:
>>
> So it this the architecture of qemu, emulator version?
> QEMU is a process that gives to o.s.guest a virtual hw
> layer.
> Every guest will be run by a QEMU instance.
>
> See picture schema I prepaired: http://yfrog.com/7gqemulayersj
>
> So system calls go from a guest application to its
> operating system that communicates with its virtual
> hardware. 

Yes.

> QEMU receives a system call and software emulator
> QEMU performs a system call in O.S. host.
> It is right? 

No, guest system calls are handled by the guest OS.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] How does a system call work on QEMU?

[Fernando Carrijo]

On Sun, 2009-05-17 at 10:46 +0200, Heli wrote:
> So it this the architecture of qemu, emulator version?
> QEMU is a process that gives to o.s.guest a virtual hw
> layer.
> Every guest will be run by a QEMU instance.
> 
> See picture schema I prepaired: http://yfrog.com/7gqemulayersj
> 
> So system calls go from a guest application to its
> operating system that communicates with its virtual
> hardware. QEMU receives a system call and software emulator
> QEMU performs a system call in O.S. host.
> It is right?

I'm not a virtualization person myself, so other people might offer you
more convenient sugestions but, with the due respect, I think you might
be better served by an introductory text on operating systems. The 3rd
edition of Andrew Tanenbaum's Modern Operating Systems, for instance,
has a short section specifically devoted to virtualization which is
clear enough to non-experienced readers and, I guess, answers most of
your questions.

Fernando Carrijo.

Re: [Qemu-devel] How does a system call work on QEMU?

[Mulyadi Santosa]

On Thu, May 14, 2009 at 1:50 PM,  <helicoterus-elih@yahoo.it> wrote:
>
>
>> Which mode of Qemu operations do you refer to? if you refer to full
>> MMU emulation (no KVM or kqemu involved then), then intercepting
>> syscall is basically intercepting interrupt 80 hex or SYSENTER/SYSCALL
>> into host user mode instruction during code translation.
>
> Ok, I refer to full emulation.
> When QEMU intercepts a system call what does it do? What type of translation or modification does it perform?

OK then, just like Paul said, it's done exactly like normal hardware
does. Emulated APIC will intercept it and Qemu will jump executing the
handler.

IMHO, translation is done when Qemu executes the guest codes, be it in
user mode or kernel mode. Refer to Fabrice's paper on how translation
is done (mind you, it's using pre TCG method). On special case, where
qemu emulates the same type of machine (e.g x86 32 bit on x86 32 bit),
AFAIK Qemu does few code copy tricks, so no all codes must be
translated.

More knowledgeable people in this mailing list could give you better
explanation... so pardon me if I can not answer all of your doubt.

regards,

Mulyadi

Re: [Qemu-devel] How does a system call work on QEMU?

[helicoterus-elih]

> > > Which mode of Qemu operations do you refer to? if
> you
> > refer to full
> > > MMU emulation (no KVM or kqemu involved then),
> then
> > intercepting
> > > syscall is basically intercepting interrupt 80
> hex or
> > SYSENTER/SYSCALL
> > > into host user mode instruction during code
> > translation.
> > 
> > Ok, I refer to full emulation.
> > When QEMU intercepts a system call what does it do?
> What
> > type of translation or modification does it perform?
> > 
So it this the architecture of qemu, emulator version?
QEMU is a process that gives to o.s.guest a virtual hw
layer.
Every guest will be run by a QEMU instance.

See picture schema I prepaired: http://yfrog.com/7gqemulayersj

So system calls go from a guest application to its
operating system that communicates with its virtual
hardware. QEMU receives a system call and software emulator
QEMU performs a system call in O.S. host. 
It is right?

Thanks