Volume 2 System Programming (794096), страница 92
Текст из файла (страница 92)
pGDT64_linear is the _linear_ address of the; 10-byte GDT pseudo-descriptor.;; The new GDT should have a valid CPL0 64-bit code segment; descriptor at the entry-point corresponding to the current; CS selector. Alternatively, a far transfer to a valid CPL0; 64-bit code segment descriptor in the new GDT must be done; before enabling interrupts.;lgdt [pGDT64_linear];362Processor Initialization and Long Mode Activation24593—Rev.
3.13—July 2007;;;;;AMD64 TechnologyLoad the 64-bit IDT. This is _required_, because the 64-bitIDT uses 64-bit interrupt descriptors, while the 32-bitIDT used 32-bit interrupt descriptors. pIDT64_linear isthe _linear_ address of the 10-byte IDT pseudo-descriptor.lidt [pIDT64_linear];; Set the current TSS.
tss_sel should point to a 64-bit TSS; descriptor in the current GDT. The TSS is used for; inner-level stack pointers and the IO bit-map.;movax, tss_selltrax;; Set the current LDT. ldt_sel should point to a 64-bit LDT; descriptor in the current GDT.;movax, ldt_sellldt ax;; Using fs: and gs: prefixes on memory accesses still uses; the 32-bit fs.base and gs.base. Reload these 2 registers; before using the fs: and gs: prefixes. FS and GS can be; loaded from the GDT using a normal “mov fs,foo” type; instructions, which loads a 32-bit base into FS or GS.; Alternatively, use WRMSR to assign 64-bit base values to; MSR_FS_base or MSR_GS_base.;movecx, MSR_FS_basemoveax, FsbaseLowmovedx, FsbaseHiwrmsr;; Reload CR3 if long-mode page tables are to be located above; 4 Gbytes.
Because the original CR3 load was done in 32-bit; legacy mode, it could only load 32 bits into CR3. Thus, the; current page tables are located in the lower 4 Gbytes of; physical memory. This MOV to CR3 is only needed if the; actual long-mode page tables should be located at a linear; address above 4 Gbytes.;movrax, final_pml4_base ; Point to PML4movcr3, rax; Load 64-bit CR3;; Enable interrupts.;sti; Enabled INTR<insert 64-bit code here>Processor Initialization and Long Mode Activation363AMD64 Technology36424593—Rev. 3.13—July 2007Processor Initialization and Long Mode Activation24593—Rev. 3.13—July 200715AMD64 TechnologySecure Virtual MachineAMD Virtualization™ (AMD-V™) architecture is designed to provide enterprise-class servervirtualization software technology that facilitates virtualization development and deployment.
AnSVM enabled virtual machine architecture should provide hardware resources that allow a singlemachine to run multiple operating systems efficiently, while maintaining secure, resource-guaranteedisolation.15.1The Virtual Machine MonitorA virtual machine monitor (VMM), also known as a hypervisor, consists of software that controls theexecution of multiple guest operating systems on a single physical machine. The VMM provides eachguest the appearance of full control over a complete computer system (memory, CPU, and allperipheral devices).
The use of the term host refers to the execution context of the VMM. World switchrefers to the operation of switching between the host and guest.Fundamentally, VMMs work by intercepting and emulating in a safe manner sensitive operations inthe guest (such as changing the page tables, which could give a guest access to memory it is notallowed to access). The AMD SVM provides hardware assists to improve performance and facilitateimplementation of virtualization.15.2SVM Hardware OverviewSVM processor support provides a set of hardware extensions designed to enable economical andefficient implementation of virtual machine systems. Generally speaking, hardware support falls intotwo complementary categories: virtualization support and security support.15.2.1 Virtualization SupportThe AMD virtual machine architecture is designed to provide:•••••Mechanisms for fast world switch between VMM and guestThe ability to intercept selected instructions or events in the guestExternal (DMA) access protection for memory.Assists for interrupt handling and virtual interrupt supportA guest/host tagged TLB to reduce virtualization overhead.15.2.2 Guest ModeThis new processor mode is entered through the VMRUN instruction.
When in guest mode, thebehavior of some x86 instructions changes to facilitate virtualization.Secure Virtual Machine365AMD64 Technology24593—Rev. 3.13—July 200715.2.3 External Access ProtectionGuests may be granted direct access to selected I/O devices. Hardware support is designed to preventdevices owned by one guest from accessing memory owned by another guest (or the VMM).15.2.4 Tagged TLBIn the SVM usage model, the VMM is mapped in a different address space than the guest.
To reducethe cost of world switches, the TLB is tagged with an address space identifier (ASID) distinguishinghost-space entries from guest-space entries.15.2.5 Interrupt SupportTo facilitate efficient virtualization of interrupts, the following support is provided under control ofVMCB flags:Intercepting physical interrupt delivery.
The VMM can request that physical interrupts cause arunning guest to exit, allowing the VMM to process the interrupt.Virtual interrupts. The VMM can inject virtual interrupts into the guest. Under control of the VMM,a virtual copy of the EFLAGS.IF interrupt mask bit, and a virtual copy of the APIC's task priorityregister are used transparently by the guest instead of the physical resources.Sharing a physical APIC. SVM allows multiple guests to share a physical APIC while guardingagainst malicious or defective guests that might leave high-priority interrupts unacknowledged forever(and thus shut out other guest's interrupts).15.2.6 Restartable InstructionsSVM is designed to safely restart, with the exception of task switches, any intercepted instruction(either atomic or idempotent) after the intercept.15.2.7 Security SupportTo further enable secure initialization SVM provides additional System support.Attestation.
The SKINIT instruction and associated system support (the Trusted Platform Module, orTPM) allow for verifiable startup of trusted software (such as a VMM), based on secure hashcomparison.15.3SVM Processor and Platform ExtensionsThis section describes the operation of the SVM hardware extensions. These extensions can begrouped into the following categories:•State switch—VMRUN, VMSAVE, VMLOAD instructions, global interrupt flag (GIF), andinstructions to manipulate the latter (STGI, CLGI).
(“VMRUN Instruction” on page 367,366Secure Virtual Machine24593—Rev. 3.13—July 2007••••••AMD64 Technology“VMSAVE and VMLOAD Instructions” on page 386, “Global Interrupt Flag, STGI and CLGIInstructions” on page 388.)Intercepts—allow the VMM to intercept sensitive operations in the guest. (“Intercept Operation”on page 373 through “Miscellaneous Intercepts” on page 386)Interrupt and APIC assists—physical interrupt intercepts, virtual interrupt support, APIC.TPRvirtualization. (“Global Interrupt Flag, STGI and CLGI Instructions” on page 388 and “Interruptand Local APIC Support” on page 391)SMM intercepts and assists (“SMM Support” on page 394)External (DMA) access protection (“External Access Protection” on page 397)Nested paging support for two levels of address translation. (“Nested Paging” on page 403)Security—SKINIT instruction. (“Secure Startup with SKINIT” on page 411)15.4Enabling SVMThe VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, and INVLPGA instructions can be usedwhen the EFER.SVME is set to 1; otherwise, these instructions generate a #UD exception.
TheSKINIT and STGI instructions can be used when either the EFER.SVME bit is set to 1 or theECX.SKINIT bit, as returned by CPUID function 8000_0001h, is set to 1; otherwise, theseinstructions generate a #UD exception.Before enabling SVM, software should detect whether SVM can be enabled using the followingalgorithm:if (CPUID 8000_0001.ECX[SVM] == 0)return SVM_NOT_AVAIL;if (VM_CR.SVMDIS == 0)return SVM_ALLOWED;if (CPUID 8000_000A.EDX[SVM_LOCK]==0)return SVM_DISABLED_AT_BIOS_NOT_UNLOCKABLE// the user must change a BIOS setting to enable SVMelse return SVM_DISABLED_WITH_KEY;// SVMLock may be unlockable; consult the BIOS or TPM to obtain the key.15.5VMRUN InstructionThe VMRUN instruction is the cornerstone of SVM. VMRUN takes, as a single argument, the physicaladdress of a 4KB-aligned page, the virtual machine control block (VMCB), which describes a virtualmachine (guest) to be executed.
The VMCB contains:•a list of instructions or events in the guest (e.g., write to CR3) to intercept,Secure Virtual Machine367AMD64 Technology••24593—Rev. 3.13—July 2007various control bits that specify the execution environment of the guest or that indicate specialactions to be taken before running guest code, andguest processor state (such as control registers, etc.).15.5.1 Basic OperationThe VMRUN instruction has an implicit addressing mode of [rAX]. Software must load RAX (EAX in32-bit mode) with the physical address of the VMCB, a 4-Kbyte-aligned page that describes a virtualmachine to be executed. The portion of RAX used in forming the address is determined by the currenteffective address size.The VMCB is accessed by physical address and should be mapped as writeback (WB) memory.VMRUN is available only at CPL-0.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
