How to execute code in Hypervisor mode?

[yugo]

Hey,

I am now able to develop kernel modules for the R9000, thanks to Voxel

ARM defines multiple operating modes: User, Supervisor, Hypervisor, Secure Monitor.

Every kernel module is being executed in Supervisor mode, but my goal is to execute code in Hypervisor mode. Later I would like to write my own hypervisor and place it on the R9000, but for now I only want to get into the mode.

Entering Hypervisor Mode is being done through the hvc call ("hvc #0"), but it has some prerequisites(see ARMv7-manual (B9-1983):

Everything is given (Virtualization Extensions, Not Secure, Supervisor Mode), except for the HCE bit being not 1. Modifying the HCE bit is only possible in secure world.
The big question is now, how can I get into the secure world, set the HCE bit to 1 and return?

I know that there is the smc call for changing betweens the worlds, and I also found code for changing the bit, but I think you would need to modify the monitor handler and I don't how to do this.

Could someone please help me? Is there maybe another way to get into Hypervisor mode?

 

[sfx2000]

Can't enter hypervisor from the kernel, you must be in secure first, so this needs to happen in the bootloader before the kernel is initialized and running.

 

[yugo]

Can't enter hypervisor from the kernel, you must be in secure first, so this needs to happen in the bootloader before the kernel is initialized and running.

Thank you very much for answering sfx2000!

Do you know any way how I could modify the bootloader for the installed stock firmware?

// EDIT

I found the function kvm_call_hyp(*myFuntion), which should let me enter Hyp mode from SVC mode and execute "myFunction". kvm_call_hyp is not exported, but I found the address of it in /proc/kallsyms and can call it by the address. Unfortunately the board hangs if I a pass a simple function, which prints a string.

 

[sfx2000]

Do you know any way how I could modify the bootloader for the installed stock firmware?

Depends on the bootloader - I'm assuming uBoot, but I could be wrong - I haven't done anything with the R9000...

In any event, while it might be a fun science project, keep in mind that para-virtualizing on ARM is a bit expensive for resources in ARMv7A profiles... yes A15 and A7 can do it - but this kinda falls in the bucket of should it be considered? And if the answer is yes, what is the cost one is willing to pay for the resources.

With ARMv7a - the context switches between host and guest is going to take a toll on overall performance.

ARMv8 and aarch64 take things quite a ways further down the path there.

 

[sfx2000]

Thank you very much for answering sfx2000!

Do you know any way how I could modify the bootloader for the installed stock firmware?

// EDIT

I found the function kvm_call_hyp(*myFuntion), which should let me enter Hyp mode from SVC mode and execute "myFunction". kvm_call_hyp is not exported, but I found the address of it in /proc/kallsyms and can call it by the address. Unfortunately the board hangs if I a pass a simple function, which prints a string.

You need to bring up things in HYP or Secure -- one can always "jump" down into supervisor (or user for that matter), but because of the ARM trust model, one cannot jump up within the kernel. So mode must be set before the kernel runs, hence the comment about bootloader and init.

The trust/privilege model is different with ARM compared to x86/amd64...

Xen has been doing some work with a couple of ARM devices...

https://blog.xenproject.org/2013/05...ook-and-the-arndale-board-the-journey-so-far/