memN0ps
diff --git a/‎driver/src/main.rs
+32-2 b/‎driver/src/main.rs
+32-2
diff --git a/‎driver/src/virtualize.rs
+13-9 b/‎driver/src/virtualize.rs
+13-9
diff --git a/‎hypervisor/Cargo.toml
+2-1 b/‎hypervisor/Cargo.toml
+2-1
diff --git a/‎hypervisor/src/error.rs
+4-2 b/‎hypervisor/src/error.rs
+4-2
diff --git a/‎hypervisor/src/intel/descriptor.rs
+117-86 b/‎hypervisor/src/intel/descriptor.rs
+117-86
@@ -1,3 +1,4 @@
+#![feature(new_uninit)]
 #![no_main]
 #![no_std]
 
@@ -6,8 +7,17 @@ extern crate alloc;
 use {
     log::*,
     uefi::prelude::*,
-    hypervisor::{vmm::is_hypervisor_present, intel::capture::{capture_registers, GuestRegisters}},
+    hypervisor::{
+        vmm::is_hypervisor_present,
+        intel::{
+            capture::{capture_registers, GuestRegisters},
+            ept::paging::{AccessType, Ept},
+            shared_data::SharedData,
+        },
+        error::HypervisorError
+    },
     crate::virtualize::virtualize_system,
+    alloc::boxed::Box,
 };
 
 pub mod virtualize;
@@ -21,6 +31,11 @@ fn main(_image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
 
     info!("The Matrix is an illusion");
 
+    let mut shared_data = match setup_ept() {
+        Ok(shared_data) => shared_data,
+        Err(e) => panic!("Failed to setup EPT: {:?}", e),
+    };
+
     // Capture the register values to be used as an initial state of the VM.
     let mut regs = GuestRegisters::default();
     unsafe { capture_registers(&mut regs) }
@@ -30,7 +45,7 @@ fn main(_image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
     // installing the hypervisor.
     if !is_hypervisor_present() {
         debug!("Virtualizing the system");
-        virtualize_system(&regs, &system_table);
+        virtualize_system(&regs, &mut shared_data, &system_table);
     }
 
     info!("The hypervisor has been installed successfully!");
@@ -39,3 +54,18 @@ fn main(_image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
 
     Status::SUCCESS
 }
+
+pub fn setup_ept() -> Result<Box<SharedData>, HypervisorError> {
+    let mut primary_ept: Box<Ept> = unsafe { Box::new_zeroed().assume_init() };
+    let mut secondary_ept: Box<Ept> = unsafe { Box::new_zeroed().assume_init() };
+
+    debug!("Creating Primary EPT");
+    primary_ept.identity_2mb(AccessType::READ_WRITE_EXECUTE)?;
+
+    debug!("Creating Secondary EPT");
+    secondary_ept.identity_2mb(AccessType::READ_WRITE_EXECUTE)?;
+
+    let shared_data = SharedData::new(primary_ept, secondary_ept);
+
+    shared_data
+}
@@ -3,18 +3,22 @@ use {
     core::{alloc::Layout, arch::global_asm},
     hypervisor::{
         intel::{
-            capture::GuestRegisters, page::Page
+            capture::GuestRegisters, page::Page,
+            ept::paging::{Ept, AccessType},
+            shared_data::SharedData,
         },
-        vmm::start_hypervisor
+        vmm::start_hypervisor,
+        error::HypervisorError,
     },
     log::debug,
     uefi::{
         proto::loaded_image::LoadedImage,
         table::{Boot, SystemTable},
     },
+    alloc::boxed::Box,
 };
 
-pub fn virtualize_system(regs: &GuestRegisters, system_table: &SystemTable<Boot>) {
+pub fn virtualize_system(guest_registers: &GuestRegisters, shared_data: &mut SharedData, system_table: &SystemTable<Boot>) {
     let boot_service = system_table.boot_services();
 
     // Open the loaded image protocol to get the current image base and image size.
@@ -55,23 +59,23 @@ pub fn virtualize_system(regs: &GuestRegisters, system_table: &SystemTable<Boot>
     let stack_base = stack as u64 + layout.size() as u64 - 0x10;
     debug!("Stack range: {:#x?}", stack_base..stack as u64);
 
-    unsafe { switch_stack(regs, start_hypervisor as usize, stack_base) };
+    unsafe { switch_stack(guest_registers, shared_data, start_hypervisor as usize, stack_base) };
 }
 
 extern "efiapi" {
     /// Jumps to the landing code with the new stack pointer.
-    fn switch_stack(regs: &GuestRegisters, landing_code: usize, stack_base: u64) -> !;
+    fn switch_stack(guest_registers: &GuestRegisters, shared_data: &mut SharedData, landing_code: usize, stack_base: u64) -> !;
 }
 
 global_asm!(r#"
 // The module containing the `switch_stack` function.
 
 // Jumps to the landing code with the new stack pointer.
 //
-// fn switch_stack(regs: &GuestRegisters, landing_code: usize, stack_base: u64) -> !
+// fn switch_stack(guest_registers: &GuestRegisters, shared_data: &mut SharedData, landing_code: usize, stack_base: u64) -> !
 .global switch_stack
 switch_stack:
     xchg    bx, bx
-    mov     rsp, r8
-    jmp     rdx
-"#);
+    mov     rsp, r9
+    jmp     r8
+"#);
@@ -24,4 +24,5 @@ static_assertions = "1.1.0" # https://crates.io/crates/static_assertions
 log = "0.4.20" # https://crates.io/crates/log
 com_logger = "0.1.1" # https://crates.io/crates/com_logger
 iced-x86 = { version = "1.20.0", default-features = false, features = ["no_std", "decoder", "block_encoder", "instr_info", "no_d3now", "no_evex", "no_vex", "no_xop"] } # https://crates.io/crates/iced-x86
-bstr = { version = "1.9.0", default-features = false}
+bstr = { version = "1.9.0", default-features = false}
+derivative = { version = "2.2.0", features = ["use_core"]} # https://crates.io/crates/derivative
@@ -1,5 +1,7 @@
-use alloc::ffi::NulError;
-use thiserror_no_std::Error;
+use {
+    alloc::ffi::NulError,
+    thiserror_no_std::Error,
+};
 
 #[derive(Error, Debug)]
 pub enum HypervisorError {
 
@@ -1,110 +1,115 @@
-//! This module defines and manages the descriptor tables (GDT and IDT) for both the host and guest.
-//! It provides utilities to capture, initialize, and manage these tables.
-
 use {
-    crate::{
-        error::HypervisorError,
+    x86::{
+        dtables::DescriptorTablePointer,
+        segmentation::{
+            cs, BuildDescriptor, CodeSegmentType, Descriptor, DescriptorBuilder, GateDescriptorBuilder,
+            SegmentDescriptorBuilder, SegmentSelector,
+        },
     },
     alloc::{boxed::Box, vec::Vec},
-    x86::dtables::DescriptorTablePointer,
+    crate::intel::support::sgdt,
 };
-use crate::intel::support::{sgdt, sidt};
-
-/// Represents the descriptor tables (GDT and IDT) for the host.
-/// Contains the GDT and IDT along with their respective register pointers.
-#[repr(C, align(4096))]
-pub struct DescriptorTables {
-    /// Global Descriptor Table (GDT) for the host.
-    /// Reference: Intel® 64 and IA-32 Architectures Software Developer's Manual: 3.5.1 Segment Descriptor Tables
-    pub global_descriptor_table: Vec<u64>,
-
-    /// GDTR holds the address and size of the GDT.
-    /// Reference: Intel® 64 and IA-32 Architectures Software Developer's Manual: 2.4.1 Global Descriptor Table Register (GDTR)
-    pub gdtr: DescriptorTablePointer<u64>,
 
-    /// Interrupt Descriptor Table (IDT) for the host.
-    /// Reference: Intel® 64 and IA-32 Architectures Software Developer's Manual: 6.10 INTERRUPT DESCRIPTOR TABLE (IDT)
-    pub interrupt_descriptor_table: Vec<u64>,
-
-    /// IDTR holds the address and size of the IDT.
-    /// Reference: Intel® 64 and IA-32 Architectures Software Developer's Manual: 2.4.3 IDTR Interrupt Descriptor Table Register
-    pub idtr: DescriptorTablePointer<u64>,
+// UEFI does not set TSS in the GDT. This is incompatible to be both as VM and
+// hypervisor states. This struct supports creating a new GDT that does contain
+// the TSS.
+//
+// See: 27.2.3 Checks on Host Segment and Descriptor-Table Registers
+// See: 27.3.1.2 Checks on Guest Segment Registers
+pub struct Descriptors {
+    gdt: Vec<u64>,
+    pub gdtr: DescriptorTablePointer<u64>,
+    pub cs: SegmentSelector,
+    pub tr: SegmentSelector,
+    pub tss: TaskStateSegment,
 }
+impl Default for Descriptors {
+    fn default() -> Self {
+        Self {
+            gdt: Vec::new(),
+            gdtr: DescriptorTablePointer::<u64>::default(),
+            cs: SegmentSelector::from_raw(0),
+            tr: SegmentSelector::from_raw(0),
+            tss: TaskStateSegment::default(),
+        }
+    }
+}
+impl Descriptors {
+    /// Creates a new GDT with TSS based on the current GDT.
+    pub fn new_from_current() -> Self {
+        log::debug!("Creating a new GDT with TSS for guest");
 
-impl DescriptorTables {
-    /// Captures the currently loaded GDT and IDT for the guest.
-    pub fn initialize_for_guest(
-        descriptor_tables: &mut Box<DescriptorTables>,
-    ) -> Result<(), HypervisorError> {
-        log::trace!("Capturing current Global Descriptor Table (GDT) and Interrupt Descriptor Table (IDT) for guest");
-
-        // Capture the current GDT and IDT.
-        descriptor_tables.gdtr = sgdt();
-        descriptor_tables.idtr = sidt();
-
-        // Note: We don't need to create new tables for the guest;
-        // we just capture the current ones.
+        // Get the current GDT.
+        let current_gdtr = sgdt();
+        let current_gdt = unsafe {
+            core::slice::from_raw_parts(
+                current_gdtr.base.cast::<u64>(),
+                usize::from(current_gdtr.limit + 1) / 8,
+            )
+        };
 
-        log::trace!("Captured GDT and IDT for guest successfully!");
+        // Copy the current GDT.
+        let mut descriptors = Self {
+            gdt: current_gdt.to_vec(),
+            ..Default::default()
+        };
 
-        Ok(())
-    }
+        // Append the TSS descriptor. Push extra 0 as it is 16 bytes.
+        // See: 3.5.2 Segment Descriptor Tables in IA-32e Mode
+        let tr_index = descriptors.gdt.len() as u16;
+        descriptors
+            .gdt
+            .push(Self::task_segment_descriptor(&descriptors.tss).as_u64());
+        descriptors.gdt.push(0);
 
-    /// Initializes and returns the descriptor tables (GDT and IDT) for the host.
-    pub fn initialize_for_host(
-        descriptor_tables: &mut Box<DescriptorTables>,
-    ) -> Result<(), HypervisorError> {
-        log::trace!("Initializing descriptor tables for host");
+        descriptors.gdtr = DescriptorTablePointer::new_from_slice(&descriptors.gdt);
+        descriptors.cs = cs();
+        descriptors.tr = SegmentSelector::new(tr_index, x86::Ring::Ring0);
 
-        descriptor_tables.copy_current_gdt();
-        descriptor_tables.copy_current_idt();
+        log::debug!("New GDT with TSS created for guest successfully!");
 
-        log::trace!("Initialized descriptor tables for host");
-        Ok(())
+        descriptors
     }
 
-    /// Copies the current GDT.
-    fn copy_current_gdt(&mut self) {
-        log::trace!("Copying current GDT");
+    /// Creates a new GDT with TSS from scratch for the host.
+    pub fn new_for_host() -> Self {
+        log::debug!("Creating a new GDT with TSS for host");
 
-        // Get the current GDTR
-        let current_gdtr = sgdt();
+        let mut descriptors = Self::default();
 
-        // Create a slice from the current GDT entries.
-        let current_gdt = Self::from_pointer(&current_gdtr);
+        descriptors.gdt.push(0);
+        descriptors
+            .gdt
+            .push(Self::code_segment_descriptor().as_u64());
+        descriptors
+            .gdt
+            .push(Self::task_segment_descriptor(&descriptors.tss).as_u64());
+        descriptors.gdt.push(0);
 
-        // Create a new GDT from the slice.
-        let new_gdt = current_gdt.to_vec();
+        descriptors.gdtr = DescriptorTablePointer::new_from_slice(&descriptors.gdt);
+        descriptors.cs = SegmentSelector::new(1, x86::Ring::Ring0);
+        descriptors.tr = SegmentSelector::new(2, x86::Ring::Ring0);
 
-        // Create a new GDTR from the new GDT.
-        let new_gdtr = DescriptorTablePointer::new_from_slice(new_gdt.as_slice());
+        log::debug!("New GDT with TSS created for host successfully!");
 
-        // Store the new GDT in the DescriptorTables structure
-        self.global_descriptor_table = new_gdt;
-        self.gdtr = new_gdtr;
-        log::trace!("Copied current GDT");
+        descriptors
     }
 
-    /// Copies the current IDT.
-    fn copy_current_idt(&mut self) {
-        log::trace!("Copying current IDT");
-
-        // Get the current IDTR
-        let current_idtr = sidt();
-
-        // Create a slice from the current IDT entries.
-        let current_idt = Self::from_pointer(&current_idtr);
-
-        // Create a new IDT from the slice.
-        let new_idt = current_idt.to_vec();
-
-        // Create a new IDTR from the new IDT.
-        let new_idtr = DescriptorTablePointer::new_from_slice(new_idt.as_slice());
+    /// Builds a segment descriptor from the task state segment.
+    fn task_segment_descriptor(tss: &TaskStateSegment) -> Descriptor {
+        <DescriptorBuilder as GateDescriptorBuilder<u32>>::tss_descriptor(tss.base, tss.limit, true)
+            .present()
+            .dpl(x86::Ring::Ring0)
+            .finish()
+    }
 
-        // Store the new IDT in the DescriptorTables structure
-        self.interrupt_descriptor_table = new_idt;
-        self.idtr = new_idtr; // Use the same IDTR as it points to the correct base and limit
-        log::trace!("Copied current IDT");
+    fn code_segment_descriptor() -> Descriptor {
+        DescriptorBuilder::code_descriptor(0, u32::MAX, CodeSegmentType::ExecuteAccessed)
+            .present()
+            .dpl(x86::Ring::Ring0)
+            .limit_granularity_4kb()
+            .l()
+            .finish()
     }
 
     /// Gets the table as a slice from the pointer.
@@ -116,4 +121,30 @@ impl DescriptorTables {
             )
         }
     }
-}
+}
+
+#[derive(derivative::Derivative)]
+#[derivative(Debug)]
+pub struct TaskStateSegment {
+    pub base: u64,
+    pub limit: u64,
+    pub ar: u32,
+    #[allow(dead_code)]
+    #[derivative(Debug = "ignore")]
+    segment: Box<TaskStateSegmentRaw>,
+}
+impl Default for TaskStateSegment {
+    fn default() -> Self {
+        let segment = Box::new(TaskStateSegmentRaw([0; 104]));
+        Self {
+            base: segment.as_ref() as *const _ as u64,
+            limit: core::mem::size_of_val(segment.as_ref()) as u64 - 1,
+            ar: 0x8b00,
+            segment,
+        }
+    }
+}
+
+/// See: Figure 8-11. 64-Bit TSS Format
+
+struct TaskStateSegmentRaw([u8; 104]);