3

I started a course for writing my own tiny OS for x86_64.

I would like to understand exactly what happens when I execute the instruction int 0x10 on a binary running with Qemu? How does qemu intercept the interrupt?

Does it run on a different ring level? I read this is how virtualization used to be implemented. Is this still the case? Does qemu install somehow an interrupt handler?

Thanks a lot for any pointer!

emitrax
  • 394
  • 1
  • 4
  • 12
  • 1
    If you call the ROM-BIOS service interrupt 10h (video services) in Real or Virtual 86 Mode then qemu's ROM-BIOS gets control from your running the `int 10h` software interrupt call. It will have set up a far pointer (16-bit segment + 16-bit offset) in the Interrupt Vector Table's entry 10h (at address 0:40h) which points to its service handler that qemu installed. In 86 Mode an interrupt handler does not have a different ring level than its caller. – ecm Feb 26 '21 at 09:28
  • 1
    QEMU emulates (or with KVM, virtualizes) a full system, including interrupt handlers running inside the guest. Not like MARS for example, where syscalls trap directly into the emulator's Java handler, instead of (QEMU) into more machine code that eventually does a hardware access which the emulator will have to handle. – Peter Cordes Feb 26 '21 at 10:03
  • OK, after posting this I found out that qemu works as a binary translator. It has this component called TCG (Tiny Code Generator) and it translate input instruction to output instruction, which can be even C code. I would expect then that the `int 0x10` in Real Mode (yes I omitted this detail) is translated to a C function call which would be the BIOS implemented by QEMU. Does it make sense? – emitrax Feb 26 '21 at 20:41
  • It makes sense as a coherent way an emulator *could* work, but you're still assuming that QEMU treats `int 0x10` as "special". Like I said, it faithfully emulates the x86 semantics for the IVT or IDT to find more x86 machine code to run. QEMU comes with a "BIOS" that's actual x86 machine code, not QEMU internals. QEMU only gets involved when that BIOS code (or any other guest code) accesses virtual hardware, like video memory or a keyboard controller. – Peter Cordes Feb 27 '21 at 01:05
  • OK, I think I understand. An `interrupt instruction`, like `int 0x10`, `int 0x80` (or `syscall`) are emulated by QEMU and not treat differently. On real hardware such instructions would cause a change of ring level and a jump to the IDT where more code to execute would be found, and that's what QEMU does. Correct? I'm struggling to find documentation/books that explains all of this in great details. Any reference (apart QEMU source code)? Thanks. – emitrax Feb 27 '21 at 07:31
  • @emitrax does my answer on [virtualisation vs emulation](https://stackoverflow.com/questions/6044978/full-emulation-vs-full-virtualization/58611521#58611521) help you? I know I need to improve / correct this answer at some point. QEMU can also use KVM to accelerate – Lewis Kelsey Feb 27 '21 at 22:36
  • @LewisKelsey thanks for that link. Your answer was a bit lengthy :-) But I found the thread useful. I read about KVM, its API, Intel VMX extension and things are starting to make sense. It sounds like fully emulation is A LOT of work. – emitrax Mar 01 '21 at 14:00
  • 1
    @emitrax there are people who say that an emulator is not a form of type 2 hypervisor and i'm considering changing it; I need to think about that one. Furthermore, I need to check the other details accuracy as well to my current knowledge. I also need to include more about how virtualbox GUI process works and starts up the virtual machine, how it communicates with the driver, the process structure, the window messages, specifics of the IO virtualisation and also more on APICv and more on QEMU and KMV, and more on Hyper-V. On an emulator though, INT is interpreted like a VM running bytecode – Lewis Kelsey Mar 01 '21 at 14:05

0 Answers0