Volume 2 System Programming (794096), страница 95
Текст из файла (страница 95)
3.13—July 2007AMD64 TechnologyDespite the instruction name, the events raised by the INT1 (also known as ICEBP), INT3 and INTOinstructions (opcodes F1h, CCh and CEh) are considered exceptions for the purposes ofEXITINTINFO, not software interrupts. Only events raised by the INTn instruction (opcode CDh) areconsidered software interrupts.•••Error Code Valid—Bit 11. Set to 1 if the guest exception would have pushed an error code;otherwise cleared to zero.Valid—Bit 31. Set to 1 if the intercept occurred while the guest attempted to deliver an exceptionthrough the IDT; otherwise cleared to zero.Errorcode—Bits 63–32.
If EV is set to 1, holds the error code that the guest exception would havepushed; otherwise is undefined.In the case of multiple exceptions, EXITINTINFO records the aggregate information on all exceptionsbut the last (intercepted) one.Example: A guest raises a #GP during delivery of which a #NP is raised (a scenario that, according tox86 rules, resolves to a #DF), and an intercepted #PF occurs during the attempt to deliver the #DF.Upon intercept of the #PF, EXITINTINFO indicates that the guest was in the process of delivering a#DF when the #PF occurred.
The information about the intercepted page fault itself is encoded in theEXITCODE, EXITINFO1 and EXITINFO2 fields. If the VMM decides to repair and dismiss the #PF,it can resume guest execution by re-injecting (see “Event Injection” on page 389) the fault recorded inEXITINTINFO. If the VMM decides that the #PF should be reflected back to the guest, it mustcombine the event in EXITINTINFO with the intercepted exception according to x86 rules (see table8-3). In this case, a #DF plus a #PF would result in a triple fault or shutdown.15.7.3 EXITINTINFO Pseudo-CodeWhen delivering exceptions or interrupts in a guest, the processor checks for exception intercepts andupdates the value of EXITINTINFO should an intercept occur during exception delivery. Thefollowing pseudo-code outlines how the processor delivers an event (exception or interrupt) E.if E is an exception and is intercepted:#VMEXIT(E)E = (result of combining E with any prior events)if (result was #DF and #DF is intercepted):#VMEXIT(#DF)if (result was shutdown and shutdown is intercepted):#VMEXIT(#shutdown)EXITINTINFO = E // Record the event the guest is delivering.Attempt delivery of E through the IDTNote that this may cause secondary exceptionsOnce an exception has been successfully taken in the guest:EXITINTINFO.V = 0 // Delivery succeeded; no #VMEXIT.Dispatch to first instruction of handlerSecure Virtual Machine375AMD64 Technology24593—Rev.
3.13—July 2007When an exception triggers an intercept, the EXITCODE, and optionally EXITINFO1 andEXITINFO2, fields always reflect the intercepted exception, while EXITINTINFO, if marked valid,indicates the prior exception the guest was attempting to deliver when the intercept occurred.15.8Instruction InterceptsTable 15-2 specifies the instructions that check a given intercept and, where relevant, how the interceptis prioritized relative to exceptions.Table 15-2.Instruction InterceptsInstruction InterceptChecked ByPriorityChecks non-memory exceptions (CPL, illegal bitcombinations, etc.) before the intercept. ForLMSW and SMSW, checks SVM intercepts beforechecking memory exceptions.Read/Write of CR0MOV TO/FROM CR0, LMSW,SMSW, CLTSRead/Write of CR3(excluding taskswitch)Checks non-memory exceptions first, then theintercept.
If the intercept triggers on a write, theintercept happens before the TLB is flushed. IfPAE is enabled, the loading of the four PDPEs cancause a #GP; that exception is checked after theMOV TO/FROM CR3 (not checked intercept check, so the VMM handling a CR3by task switch operations)intercept cannot rely on the PDPEs being legal; itmust examine them in software if necessary.The reads and writes of CR3 that occur inVMRUN, #VMEXIT or task switches are notsubject to this intercept check.Read/Write of otherCRsMOV TO/FROM CRnMOV TO/FROM DRn. (NotRead/Write of Debugchecked by implicit DR6/DR7Registers, DRnwrites.)376All normal exception checks take precedence overthe SVM intercepts.All normal exception checks take precedence overthe SVM intercepts.Secure Virtual Machine24593—Rev. 3.13—July 2007Table 15-2.AMD64 TechnologyInstruction Intercepts (continued)Instruction InterceptChecked ByPrioritySelective CR0 WriteInterceptMOV TO CR0, LMSWChecks non-memory exceptions (CPL, illegal bitcombinations, etc.) before the intercept.
ForLMSW and SMSW, checks SVM intercepts beforechecking memory exceptions.The selective write intercept on CR0 triggers onlyif a bit other than CR0.TS or CR0.MP is beingchanged by the write. In particular, this means thatCLTS does not check this intercept.When both selective and non-selective CR0-writeintercepts are active at the same time, the nonselective intercept takes priority.
With respect toexceptions, the priority of this intercept is the sameas the generic CR0-write intercept.The LMSW instruction treats the selective CR0write intercept as a non-selective intercept (i.e., itintercepts regardless of the value being written).Reading or WritingIDTR, GDTR, LDTR,TRLIDT, SIDT, LGDT, SGDT, LLDT,SLDT, LTR, STRThe SVM intercept is checked after #UD and #GPexception checks, but before any memory accessis performed.RDTSCRDTSCChecks all exceptions before the SVM intercept.RDPMCRDPMCChecks all exceptions before the SVM intercept.PUSHFPUSHFTakes priority over any exceptions.POPFPOPFTakes priority over any exceptions.CPUIDCPUIDNo exceptions to check.RSMRSMThe intercept takes priority over any exceptions.IRETIRETThe intercept takes priority over any exceptions.Software InterruptINTnThe intercept occurs before any exceptions arechecked.
The CS:rIP reported on #VMEXIT arethose of the intercepted INTn instruction.Though the INTn instruction may dispatch throughIDT vectors in the range of 0–31, those eventscannot be intercepted by means of exceptionintercepts (see “Exception Intercepts” onpage 381).INVDINVDExceptions (#GP) are checked before theintercept.PAUSEPAUSE (opcode F3 90h).No exceptions to check.HLTHLTChecks all exceptions before checking for thisintercept.INVLPGINVLPGChecks all exceptions (#GP) before the intercept.INVLPGAINVLPGAChecks all exceptions (#GP) before the intercept.Secure Virtual Machine377AMD64 TechnologyTable 15-2.24593—Rev. 3.13—July 2007Instruction Intercepts (continued)Instruction InterceptChecked ByPriorityChecks exceptions (#GP) before the intercept.VMRUNVMRUNVMLOADVMLOADChecks exceptions (#GP) before the intercept.VMSAVEVMSAVEChecks exceptions (#GP) before the intercept.VMMCALLVMMCALLThe intercept takes priority over exceptions.VMMCALL causes #UD in the guest if it is notintercepted.STGISTGIChecks exceptions (#GP) before the intercept.CLGICLGIChecks exceptions (#GP) before the intercept.SKINITSKINITChecks exceptions (#GP) before the intercept.RDTSCPRDTSCPChecks all exceptions before the SVM intercept.ICEBPICEBP(opcode F1h).Although the ICEBP instruction dispatchesthrough IDT vector 1, that event is notinterceptable by means of the #DB exceptionintercept.WBINVDWBINVDChecks exceptions (#GP) before the intercept.MONITORMONITORChecks all exceptions before the intercept.MWAITMWAITChecks all exceptions before the intercept.
Thereare conditional and unconditional MWAITintercepts. The conditional MWAIT intercept ischecked before the unconditional MWAITintercept.When both conditional and unconditional MWAITintercepts are active, the conditional intercept ischecked first. A hypervisor that sets bothintercepts will receive the conditional MWAITintercept exit code for a guest MWAIT instructionthat would have entered a low-power state, andwill receive the unconditional MWAIT intercept exitcode for a guest MWAIT instruction that would nothave entered the low-power state.15.9IOIO InterceptsThe current implementation requires that theVMRUN intercept always be set in the VMCB.The VMM can intercept IOIO instructions (IN, OUT, INS, OUTS) on a port-by-port basis by means ofthe SVM I/O permissions map.I/O Permissions Map.
The I/O Permissions Map (IOPM) occupies 12 Kbytes of contiguous physicalmemory. The table is structured as a linear array of 64K+3 bits (two 4-Kbyte pages, and the first threebits of a third 4-Kbyte page) and must be aligned on a 4-Kbyte boundary; the physical base address ofthe IOPM is specified in the IOPM_BASE_PA field in the VMCB and loaded into the processor by theVMRUN instruction. The VMRUN instruction ignores the lower 12 bits of the address specified in the378Secure Virtual Machine24593—Rev. 3.13—July 2007AMD64 TechnologyVMCB.
If the address of the last byte in the table is greater than or equal to the maximum supportedphysical address, this is treated as illegal VMCB state and causes a #VMEXIT(VMEXIT_INVALID).Each bit in the table corresponds to an 8-bit I/O port. Bit 0 in the table corresponds to I/O port 0, bit 1to I/O port 1 and so on. A bit set to 1 indicates that accesses to the corresponding port should beintercepted. The IOPM is accessed by physical address, and should reside in memory that is mapped aswriteback (WB).IN and OUT Behavior. If the IOIO_PROT intercept bit is set, the IOPM table controls port access.For IN/OUT instructions that access more than a single byte, the permission bits for all bytes arechecked; if any bit is set to 1, the I/O operation is intercepted.Exceptions related to virtual x86 mode, IOPL, or the TSS-bitmap are checked before the SVMintercept check.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
