Volume 2 System Programming (794096), страница 98
Текст из файла (страница 98)
When the VMMsets the TLB_CONTROL field to 1, the VMRUN instruction flushes the TLB for all ASIDs, for bothglobal and non-global pages. The VMRUN instruction reads, but does not change, the value of theTLB_CONTROL field.15.15.2 Invalidate Page, Alternate ASIDA new instruction, INVLPGA, allows the VMM to selectively invalidate the TLB mapping for a givenvirtual page and a given ASID. The linear address is specified in the implicit register operand rAX; theASID is specified in ECX.15.16Global Interrupt Flag, STGI and CLGI InstructionsThe global interrupt flag (GIF) is a bit that controls whether interrupts and other events can be taken bythe processor. The STGI and CLGI instructions set and clear, respectively, the GIF. Table 15-4 showshow the value of the GIF affects how interrupts and exceptions are handled.Table 15-4.
Effect of the GIF on Interrupt HandlingInterrupt sourceGIF==0GIF ==1Debug exception or trap,due to breakpoint registermatchIgnored and discardedNormal operationDebug trace trap due toEFLAGS.TFNormal operationNormal operationRESET#Normal operationNormal operationINITHeld pending until GIF==1Normal operation, see Table 15-6 on page 393NMIHeld pending until GIF==1Normal operation, see Table 15-7 on page 394External SMIHeld pending until GIF==1Normal operation, see Table 15-8 on page 394Internal SMI (I/O Trapping) Ignored and discardedNormal operation, see Table 15-8 on page 394INTR and vINTRNormal operation388Held pending until GIF==1Secure Virtual Machine24593—Rev.
3.13—July 2007AMD64 TechnologyTable 15-4. Effect of the GIF on Interrupt Handling (continued)Interrupt sourceGIF==0GIF ==1#SX (Security Exception)n/a1Normal operationMachine CheckIf possible (implementationdependent), held pending untilGIF==1, otherwise shutdown.Normal operationNormal operationNormal operationDBREQ# (enter HDT)(VM_CR.DPD always controls DBREQ)Normal operationA20MNormal operation(VM_CR.DIS_A20M controls A20 masking)Other implementationspecific but nonarchitecturally-visibleNormal operationinterrupts (STPCLK,IGNNE toggle, ECC scrub)Normal operationNote:1. #SX is caused only by an INIT signal that has been “redirected” (i.e., converted to an #SX; see Section 15.27 onpage 416); the conversion only happens when GIF==1, as the INIT is simply held pending otherwise.15.17VMMCALL InstructionThis instruction is meant as a way for a guest to explicitly call the VMM.
No CPL checks areperformed, so the VMM can decide whether to make this instruction legal at the user-level or not.If VMMCALL instruction is not intercepted, the instruction raises a #UD exception.15.18Paged Real ModeTo facilitate virtualization of real mode, the VMRUN instruction may legally load a guest CR0 valuewith PE = 0 but PG = 1. Likewise, the RSM instruction is permitted to return to paged real mode. Thisprocessor mode behaves in every way like real mode, with the exception that paging is applied. Theintent is that the VMM run the guest in paged-real mode at CPL0, and with page faults intercepted.The VMM is responsible for setting up a shadow page table that maps guest physical memory to theappropriate system physical addresses.The behavior of running a guest in paged real mode without intercepting page faults to the VMM isundefined.15.19Event InjectionThe VMM can inject exceptions or interrupts (collectively referred to as events) into the guest bysetting bits in the VMCB’s EVENTINJ field prior to executing the VMRUN instruction.
The format ofthe field is shown in Table 15-4 on page 390. The encoding matches that of the EXITINTINFO field.Secure Virtual Machine389AMD64 Technology24593—Rev. 3.13—July 2007When an event is injected by means of this mechanism, the VMRUN instruction causes the guest tounconditionally take the specified exception or interrupt before executing the first guest instruction.Injected events are treated in every way as though they had occurred normally in the guest (inparticular, they are recorded in EXITINTINFO) with the following exceptions:•••Injected events are not subject to intercept checks. (Note, however, that if secondary exceptionsoccur during delivery of an injected event, those exceptions are subject to exception intercepts.)An injected NMI does not block delivery of further NMIs.If the VMM attempts to inject an event that is impossible for the guest mode (e.g., a #BR exceptionwhen the guest is in 64-bit mode), the event injection will fail and no guest state instructions will beexecuted; VMRUN will immediately exit with an error code of VMEXIT_INVALID.6332ERRORCODEFigure 15-4.31V3012Reserved, SBZ1110EVTYPE870VECTOREVENTINJ Field in the VMCBThe fields in EVENTINJ are as follows:••VECTOR—Bits 7–0.
The 8-bit IDT vector of the interrupt or exception. If TYPE is 2 (NMI), theVECTOR field is ignored.TYPE—Bits 10–8. Qualifies the guest exception or interrupt to generate. Table 15-5 showspossible values and their corresponding interrupt or exception types. Values not indicated areunused and reserved.Table 15-5. Guest Exception or Interrupt Types•••ValueType0External or virtual interrupt (INTR)2NMI3Exception (fault or trap)4Software interrupt (INTn instruction)EV (Error Code Valid)—Bit 11. Set to 1 if the exception should push an error code onto the stack;clear to 0 otherwise.V (Valid)—Bit 31. Set to 1 if an event is to be injected into the guest; clear to 0 otherwise.ERRORCODE—Bits 63–32. If EV is set to 1, the error code to be pushed onto the stack, ignoredotherwise.
Injecting an exception (TYPE = 3) with vectors 3 or 4 behaves like a trap raised byINT3 and INTO instructions, respectively, in which case the processor checks the DPL of the IDTdescriptor before dispatching to the handler.390Secure Virtual Machine24593—Rev. 3.13—July 2007AMD64 TechnologyVMRUN exits with VMEXIT_INVALID if either:••Reserved values of TYPE have been specified, orTYPE = 3 (exception) has been specified with a vector that does not correspond to an exception(this includes vector 2, which is an NMI, not an exception).15.20Interrupt and Local APIC SupportSVM hardware support is designed to ensure efficient virtualization of interrupts.15.20.1 Physical (INTR) Interrupt Masking in EFLAGSTo prevent the guest from blocking maskable interrupts (INTR), SVM provides a VMCB control bit,V_INTR_MASKING, which changes the operation of EFLAGS.IF and accesses to the TPR by meansof the CR8 register.
While running a guest with V_INTR_MASKING cleared to zero:•EFLAGS.IF controls both virtual and physical interrupts.While running a guest with V_INTR_MASKING set to 1:••The host EFLAGS.IF at the time of the VMRUN is saved and controls physical interrupts while theguest is running.The guest value of EFLAGS.IF controls virtual interrupts only.15.20.2 Virtualizing APIC.TPRSVM provides a virtual TPR register, V_TPR, for use by the guest; its value is loaded from the VMCBby VMRUN and written back to the VMCB by #VMEXIT.
The APIC's TPR always controls the taskpriority for physical interrupts, and the V_TPR always controls virtual interrupts.While running a guest with V_INTR_MASKING cleared to 0:••Writes to CR8 affect both the APIC's TPR and the V_TPR register.Reads from CR8 operate as they would without SVM.While running a guest with V_INTR_MASKING set to 1:••Writes to CR8 affect only the V_TPR register.Reads from CR8 return V_TPR.15.20.3 TPR Access in 32-Bit ModeThe mechanism for TPR virtualization described in Section 15.20.2 applies only to accesses that areperformed using the CR8 register. However, in 32-bit mode, the TPR is traditionally accessible only byusing a memory-mapped register.
Typically, a VMM virtualizes such TPR accesses by not mapping theAPIC page addresses in the guest. A guest access to that region then causes a #PF intercept to theVMM, which inspects the guest page tables to determine the physical address and, after recognizingthe physical address as belonging to the APIC, finally invokes software emulation code.Secure Virtual Machine391AMD64 Technology24593—Rev. 3.13—July 2007To improve the efficiency of TPR accesses in 32-bit mode, SVM makes CR8 available to 32-bit codeby means of an alternate encoding of MOV TO/FROM CR8 (namely, MOV TO/FROM CR0 with aLOCK prefix).
To achieve better performance, 32-bit guests should be modified to use this accessmethod, instead of the memory-mapped TPR. (For details, see “MOV (CRn)” on page 286 of theAMD64 Programmer’s Reference Volume 3: General Purpose and System Instructions, order# 24594.)The alternate encodings of the MOV TO/FROM CR8 instructions are available even if SVM isdisabled in EFER.SVME.
They are available in both 64-bit and 32-bit mode.15.20.4 Injecting Virtual (INTR) InterruptsVirtual Interrupts allow the host to pass an interrupt (#INTR) to a guest. While inside a guest, thevirtual interrupt follows the same rules that a real interrupt follows (virtual #INTR is not taken untilEFLAGS.IF is 1, the guest's TPR has enabled interrupts at the same priority as that of the pendingvirtual interrupt).SVM provides an efficient mechanism by which the VMM can inject virtual interrupts into a guest:•••••••As described in Section 15.12.1, the VMM can intercept physical interrupts that arrive while aguest is running, by activating the INTR intercept in the VMCB.As described in Section 15.20.4, the VMM can virtualize the interrupt masking logic by setting theV_INTR_MASKING bit in the VMCB.The three VMCB fields V_IRQ, V_INTR_PRIO, and V_INTR_VECTOR indicate whether thereis a virtual interrupt pending, and, if so, what its vector number and priority are.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
