Volume 2 System Programming (794096), страница 97
Текст из файла (страница 97)
Exception intercepts do not apply to external orsoftware interrupts, so it is not possible to intercept an interrupt by means of the exception intercepts,even if the interrupt should happen to use a vector in the range from 0 to 31.15.12.1 INTR InterceptThis intercept affects physical, as opposed to virtual, maskable interrupts. See “Virtual InterruptIntercept” on page 393 for virtualization of maskable interrupts.15.12.2 NMI InterceptThis intercept affects non-maskable interrupts.15.12.3 SMI InterceptThis intercept affects System Management Mode Interrupts (SMIs); see “SMM Support” on page 394for details on SMI handling.When this intercept triggers, bit 0 of the EXITINFO1 field distinguishes whether the SMI was causedinternally by I/O Trapping (bit 0 = 0), or asserted externally (bit 0 = 1).If the SMI was asserted while the guest was executing an I/O instruction, extra information (describingthe I/O instruction) is saved in the upper 32 bits of EXITINFO1, and the rIP of the I/O instruction issaved in EXITINFO2.
EXITINFO1 indicates that SMI was asserted during an I/O instruction when theVALID bit is set.If the SMI wasn't asserted during an I/O instruction, the extra EXITINFO1 and EXITINFO2 bits areundefined.The SMI intercept is ignored when HWCR.SMMLOCK is set.384Secure Virtual Machine24593—Rev. 3.13—July 200763AMD64 Technology48PORT47BRP44 43 42 41 40 39 38 37 36 35 34 33 32TS S S R S VRA A AYTAZ Z Z E T AF64 32 16PZ32 16 8 P R LE311Reserved0Bits63–4847–444342414039383736353433MnemonicPORTBRPTFReserved, RAZA64A32A16SZ32SZ16SZ8REPSTRVAL64-bit address32-bit address16-bit address32-bit operand size16-bit operand size8-bit operand sizeRepeated port accessString based port access (INS, OUTS)Valid (SMI was detected during an I/O instruction)32TYPEAccess Type (0 = OUT instruction, 1 = IN instruction)31–10Reserved, 0SMISRCSMI source (0 = internal, 1 = external)0SMISRCDescriptionIntercepted I/O portI/O breakpoint matchesEFLAGS TF valueFigure 15-3.
EXITINFO1 for SMI Intercept15.12.4 INIT InterceptThe INIT intercept allows the VMM to intercept the assertion of INIT while a guest is running; see“INIT Support” on page 393 for a discussion of the INIT-redirection feature.15.12.5 Virtual Interrupt InterceptThis intercept is taken just before a guest takes a virtual interrupt. When the intercept triggers, thevirtual interrupt has not been taken, and remains pending in the guest's VMCB V_IRQ field.
Thisintercept is not required for handling fixed local APIC interrupts, but may be used for emulatingExtINT interrupt delivery mode (which is not masked by the TPR), or legacy PICs in auto-EOI mode.Secure Virtual Machine385AMD64 Technology15.1324593—Rev.
3.13—July 2007Miscellaneous InterceptsThe SVM architecture includes intercepts to handle task switches, processor freezes due to FERR, andshutdown operations.15.13.1 Task Switch InterceptChecked by—Any instruction or event that causes a task switch (e.g., JMP, CALL, exceptions,interrupts, software interrupts).Priority—The intercept is checked before the task switch takes place but after the incoming TSS andtask gate (if one was involved) have been checked for correctness.Task switches can modify several resources that a VMM may want to protect (CR3, EFLAGS, LDT).However, instead of checking various intercepts (e.g., CR3 Write, LDTR Write) individually, taskswitches check only a single intercept bit.On #VMEXIT, the following information is delivered in the VMCB:•••EXITINFO1[15–0] holds the segment selector identifying the incoming TSS.EXITINFO2[31–0] holds the error code to push in the new task, if applicable; otherwise, this fieldis undefined.EXITINFO2[63–32] holds auxiliary information for the VMM:- EXITINFO2[36]—Set to 1 if the task switch was caused by an IRET; else cleared to 0.- EXITINFO2[38]—Set to 1 if the task switch was caused by a far jump; else cleared to 0.- EXITINFO2[44]—Set to 1 if the task switch has an error code; else cleared to 0.- EXITINFO2[48]—The value of EFLAGS.RF that would be saved in the outgoing TSS if thetask switch were not intercepted.15.13.2 Ferr_Freeze InterceptChecked when the processor freezes due to assertion of FERR (while IGNNE is deasserted, and legacyhandling of FERR is selected in CR0.NE), i.e., while the processor is waiting to be unfrozen by anexternal interrupt.15.13.3 Shutdown InterceptWhen this intercept occurs, any condition that normally causes a shutdown causes a #VMEXIT to theVMM instead.
After an intercepted shutdown, the state saved in the VMCB is undefined.15.14VMSAVE and VMLOAD InstructionsThe VMSAVE and VMLOAD instructions take the physical address of a VMCB in rAX. Theseinstructions complement the state save/restore abilities of VMRUN instruction and #VMEXIT. They386Secure Virtual Machine24593—Rev. 3.13—July 2007AMD64 Technologyprovide access to hidden processor state that software cannot otherwise access, as well as additionalprivileged state.VMSAVE saves the following state to the VMCB indicated by rAX:••••FS, GS, TR, LDTR (including all hidden state)KernelGsBaseSTAR, LSTAR, CSTAR, SFMASKSYSENTER_CS, SYSENTER_ESP, SYSENTER_EIPVMLOAD loads the corresponding state from the VMCB. VMLOAD and VMSAVE are availableonly at CPL-0 (#GP otherwise), and in protected mode with SVM enabled in EFER.SVME (#UDotherwise).15.15TLB ControlTLB entries are tagged with Address Space Identifier (ASID) bits to distinguish different host and/orguest address spaces.
The VMM can choose a software strategy in which it keeps multiple shadowpage tables (SPTs) and/or multiple nested page tables in processors that support nested paging up-todate; the VMM can allocate a different ASID for each SPT or nested page table. (See Section 15.24,“Nested Paging,” on page 403.) This allows switching to a new process in a guest (i.e., a new CR3value, which means a new SPT or nested page table) without flushing the TLBs.For each guest address space, the VMM is responsible for setting up a shadow page table or nestedpage table that maps guest linear addresses to system physical addresses. In shadow paging, the VMMshould set the CR3 field in the guest VMCB to point to the system physical address of this shadowpage table.
The VMM is responsible for updating the shadow page table when the guest changes thepage table or paging control state, and the VMM should update the access and dirty bits of the guestpage table.The VMRUN instruction and #VMEXIT write the CR0, CR3, CR4 and EFER registers — these writesdo not flush the TLB. The VMM is responsible for explicitly invalidating any guest translations thatmay be affected by its actions; there are two mechanisms available, as described in the next twosections.When running with SVM enabled, global page table entries (PTEs) are global only within an ASID,not across ASIDs.Software Rule. When the VMM changes a guest’s paging mode by changing entries in the guest’sVMCB, the VMM must ensure that the guest’s TLB entries are flushed from the TLB. The relevantVMCB state includes:•••CR0—PG, WP, CD, NW.CR3—Any bit.CR4—PGE, PAE, PSE.Secure Virtual Machine387AMD64 Technology•24593—Rev.
3.13—July 2007EFER—NXE, LMA, LME.15.15.1 TLB FlushTLB flush operations function identically whether or not SVM is enabled (e.g., MOV-TO-CR3 flushesnon-global mappings, whereas MOV-TO-CR4 flushes global and non-global mappings). TLB flushoperations must not be assumed to affect all ASIDs. If a VMM sets the intercept bit for any guestaction that would have flushed the TLB, the #VMEXIT intercept occurs and the TLB is not flushed; itis the VMM's responsibility to flush the TLB appropriately. In implementations that do not provide away to selectively flush all translations of a single specified ASID, software may effectively flush theguest's TLB entries by allocating a new ASID for the guest and not reusing the old ASID until theentire TLB has been flushed at least once.The TLB_CONTROL field in the VMCB currently has one command implemented.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
