Volume 2 System Programming (794096), страница 100
Текст из файла (страница 100)
Any attempt by guests torelocate any of the SMRAM areas (by means of certain MSR writes) must also be intercepted toprevent malicious SMM code from interfering with VMM operation.Writes to the SMM_CTL MSR cause a #GP if the BIOS has locked the SMM control registers.15.22Last Branch Record VirtualizationThe AMD64 debug control MSR (DebugCtl) provides the processor control of control-transferrecording and other debug tasks. (See Chapter 13, “Debug and Performance Resources,” on page 325,for more detailed information on these subjects.) Software sets the last-branch record (DebugCtl.LBR)bit to 1 to cause the processor to record the source and target addresses of the last control transfer takenbefore a debug exception. These control transfers include branch instructions, interrupts, andexceptions.
Recorded information is stored in four MSRs:••••LastBranchFromIP—Holds the segment offset of the source instruction pointer (rIP).LastBranchToIP—Holds the segment offset of the target rIP.LastExceptionFromIP—Updated with the previous value of LastBranchFromIP during interruptsand exceptions (except #DB exceptions caused by debug breakpoint and ICEBP).LastExceptionToIP—Updated with the previous value of LastBranchToIP during interrupts andexceptions (except #DB exceptions caused by debug breakpoint and ICEBP).Under SVM, the contents of the control-transfer recording MSRs must be exchanged between valuestracked by host and guest. This is done by activating LBR virtualization in the guest VMCB controlarea.15.22.1 Enabling LBR VirualizationSetting the LBR_VIRTUALIZATION_ENABLE bit to 1 in the VMCB control area enables LBRvirtualization.
When LBR virtualization is enabled, the VMM stores an image of the DebugCtl MSRand of each of the pointers stored in the control-transfer recording MSRs in four fields in the VMCBstate save area.•••••DBGCTL—Holds the guest value of the DebugCTL MSR.BR_FROM—Holds the guest value of the LastBranchFromIP MSR.BR_TO—Holds the guest value of the LastBranchToIP MSR.LASTEXCPFROM—Holds the guest value of the LastExceptionToIP MSR.LASTEXCPTO—Holds the guest value of the LastExceptionFromIP MSR.396Secure Virtual Machine24593—Rev.
3.13—July 2007AMD64 Technology15.22.2 Host and Guest LBR VirtualizationWhen VMCB.LBR_VIRTUALIZATION_ENABLE[0] is set, VMRUN saves all five host controltransfer MSRs in the host save area, and then loads the same five MSRS for the guest from the VMCBsave area. Similarly, #VMEXIT saves the guest's MSRs and loads the host's MSRs to and from theirrespective save areas.15.22.3 LBR Virtualization CPUID Feature DetectionEDX bit 1 as returned by CPUID function 8000_000Ah reports the LBR virtualization feature onAMD64 processors.15.23External Access ProtectionBy securing the virtual address translation mechanism, the VMM can restrict guest CPU accesses tomemory.
However, should the guest have direct access to DMA-capable devices, an additionalprotection mechanism is required. SVM provides multiple protection domains which can restrictdevice access to physical memory on a per-page basis. This is accomplished via control logic in theNorthbridge’s host bridge which governs any external access port (e.g., PCI or HyperTransport™technology interfaces).15.23.1 Device IDs and Protection DomainsThe Northbridge’s host bridge provides a number of protection domains.
Each protection domain hasassociated with it a device exclusion vector (DEV) that specifies the per-page access rights of devicesin that domain. Devices are identified by a HyperTransport™ bus/unitID (device ID) and the hostbridge contains a lookup table of fixed size that maps device IDs to a protection domain.15.23.2 Device Exclusion Vector (DEV)A DEV is a contiguous array of bits in physical memory; each bit in the DEV (in little-endian order)corresponds to one 4-Kbyte page in physical memory.The physical address of the base of a DEV must be 4-Kbyte-aligned and stored in one of theDEVBASE registers, which are accessed through an indirection mechanism in the DEVCTL PCIConfiguration Space function block in the host bridge (see “DEV Control and Status Registers” onpage 401).
The DEV protection hardware is not operational until enabled by setting a control bit in theDEV Control Register, also in the DEVCTL function block.The DEV may have to cover part of MMIO space beyond the DRAM. Especially in 64-bit systems, theoperating system should map MMIO space starting immediately after the DRAM area and buildingup, as opposed to starting down from the maximum physical address.Host Bridge and Processor DEV Caching.
For improved performance, the host bridge may cacheportions of the DEV. Any such cached information can be invalidated by setting the DEV_FLUSH flagin the DEV control register to 1. Software must set this flag after modifying DEV contents to ensureSecure Virtual Machine397AMD64 Technology24593—Rev. 3.13—July 2007that the protection logic uses the updated values. The host bridge automatically clears this flag whenthe flush operation completes. After setting this flag, software should monitor it until it has cleared, inorder to synchronize DEV updates with subsequent activity.By default, the host bridge probes the processor caches for the latest data when it accesses the DEV inDRAM. However, it is possible to disable probing by means of the DEV_CR register (see “DEV_CRRegister” on page 401); this is recommended in the case of unified memory architecture (UMA)graphics systems.
If cache probing is disabled, host bridge reads of the DEV will not check processorcaches for more recent copies. This requires software on the CPU to map the memory containing theDEV as uncacheable (UC) or write-through (WT). Alternatively, software must perform a CLFLUSHbefore it can expect a change to the DEV to be visible by the Northbridge (and before software flushesthe DEV cache in the host controller).Multiprocessor Issues.
Device-originated memory requests are checked against the DEV at thepoint of entry to the system—the Northbridge to which the device is physically attached. EachNorthbridge can have its own set of domains, device-to-domain mappings, and DEV tables (e.g.,domain #2 on one node can encompass different devices, and can have different access rights thandomain #2 on another node). Thus, the number of protection domains available to software can scalewith the number of Northbridges in the system.15.23.3 Access CheckingMemory Space Accesses.
When a memory-space read or write request is received on an externalhost bridge port, the host bridge maps the HyperTransport bus device ID to a protection domainnumber, which in turn selects the DEV defining the access permissions for the device (seeFigure 15-5 on page 399). The host bridge then checks the memory address against the DEV contentsby indexing into the DEV with the PFN portion of the address (bits 39–12).
The PFN is used as a bitindex within the DEV. If the bit read from the DEV is set to 1, the host bridge inhibits the access byreturning all ones for the data for a read request, or suppressing the store operation on a write request.A Master Abort error response will be returned to the requesting device.Peer-to-peer memory accesses routed up to the host bridge are also subjected to checks against theDEV. Peer-to-peer transfers that may be occurring behind bridges are not checked.DEV checks are applied before addresses are translated by the GART.
The DEV table is neverconsulted by accesses originating in the CPU.I/O Space Accesses. The host bridge can be configured to reject all I/O space accesses fromdevices, by setting the IOSPE bit in the DEV_CR control register (see “DEV_CR Register” onpage 401). I/O space peer-to-peer transfers behind bridges are not checked.Config Space Accesses.
Major aspects of host bridge functionality are configured by means ofcontrol registers that are accessed through PCI configuration space. Because this is potentiallyaccessible by means of device peer-to-peer transfers, the host bridge always blocks access to this spacefrom anything other than the CPU.398Secure Virtual Machine24593—Rev. 3.13—July 2007AMD64 TechnologyPhysical AddressTMHyperTransportBus/Dev IDtoDomain#(Zero if No Match)Bus/Dev IDDEV CacheTaggedwithDomain#Domain#DEV_BASE/LIMIT[0]DEV_BASE/LIMIT[1]DEV_BASE/LIMIT[2]DEV TableWalkerDEV_BASE/LIMIT[3]Figure 15-5.
Host Bridge DMA Checking15.23.4 DEV Capability BlockThe presence of DEV support is indicated through a new PCI capability block. The capability blockalso provides access to the registers that control operation of the DEV feature.The DEV capability block in PCI space contains three 32-bit words: the capability header(DEV_HDR), and two registers (DEV_OP and DEV_DATA) which serve as an indirectionmechanism for accessing the actual DEV control and status registers.Table 15-9.Byte OffsetDEV Capability Block, Overall LayoutRegisterComments0DEV_HDRCapability block header4DEV_OPSelects control/status register to access8DEV_DATARead/write to access register selected in DEV_OPSecure Virtual Machine399AMD64 Technology24593—Rev. 3.13—July 2007DEV Capability Header.
The DEV capability header (DEV_HDR) is defined in Table 15-10.Table 15-10. DEV Capability Header (DEV_HDR) (in PCI Config Space)Bit(s)31–22DefinitionReserved, MBZ21Interrupt Reporting Capability20Machine Check Exception Reporting Capability19Reserved, MBZ18–16DEV Capability Block Type; hardwired to 000b.15–8PCI Capability pointer; points to next capability in list7–0PCI Capability ID; hardwired to 0x0F15.23.5 DEV Register Access MechanismThe Northbridge’s DEV control and status registers are accessed through an indirection mechanism:writing the DEV_OP register selects which internal register is to be accessed, and the DEV_DATAregister can be read or written to access the selected register.Figure 15-6 shows the format of the DEV_OP register.
The DEV_DATA register reflects the format ofthe DEV register selected in DEV_OP.3116Reserved, MBZ158FUNCTION70INDEXFigure 15-6. Format of DEV_OP Register (in PCI Config Space)The FUNCTION field in the DEV_OP register selects the function/register to read or write accordingto the encoding in Table 15-11; for blocks of registers that have multiple instances (e.g., multipleDEV_BASE_HI/LO registers), the INDEX field selects the instance; otherwise it is ignored.Table 15-11. Encoding of Function Field in DEV_OP RegisterFunction Code400RegisterTypeNumber of Instances0DEV_BASE_LOmultiple1DEV_BASE_HImultiple2DEV_MAPmultiple3DEV_CAPsingle4DEV_CRsingle5DEV_ERR_STATUSsingle6DEV_ERR_ADDR_LOsingle7DEV_ERR_ADDR_HIsingleSecure Virtual Machine24593—Rev. 3.13—July 2007AMD64 TechnologyFor example, to write the DEV_BASE_HI register for protection domain number 2, software setsDEV_OP.FUNCTION to 1, and DEV_OP.INDEX to 2, and then writes the desired 32-bit value intoDEV_DATA.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
