Volume 3B System Programming Guide_ Part 2 (794104), страница 71
Текст из файла (страница 71)
If the current guest state does not allow injecting a virtual interrupt,the interrupt needs to be queued by the VMM until it can be delivered.4. Prioritize the use of VM-entry event injection. A VMM may use VM-entry eventinjection to deliver various virtual events (such as external interrupts,exceptions, traps, and so forth). VMM designs may prioritize use of virtualinterrupt injection between these event types.
Since each VM entry allowsinjection of one event, depending on the VMM event priority policies, the VMMmay need to queue the external virtual interrupt if a higher priority event is to bedelivered on the next VM entry. Since the VMM has masked this particularinterrupt source (if it was level triggered) and done EOI to the platform interruptcontroller, other platform interrupts can be serviced while this virtual interruptevent is queued for later delivery to the VM.27-10 Vol. 3HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR5.
Update the virtual interrupt controller state. When the above checks havepassed, before generating the virtual interrupt to the guest, the VMM updates thevirtual interrupt controller state (Local-APIC, IO-APIC and/or PIC) to reflectassertion of the virtual interrupt. This involves updating the various interruptcapture registers, and priority registers as done by the respective hardwareinterrupt controllers.
Updating the virtual interrupt controller state is required forproper interrupt event processing by guest software.6. Inject the virtual interrupt on VM entry. To inject an external virtual interrupt to aguest VM, the VMM sets up the VM-entry interruption-information field in theguest controlling-VMCS before entry to guest using VMRESUME. Upon VM entry,the processor will use this vector to access the gate in guest’s IDT and the valueof RFLAGS and EIP in guest-state area of controlling-VMCS is pushed on theguest stack. If the guest RFLAGS.IF is clear, the STI-masking bit is set, or theMOV- SS/POP-SS-masking bit is set, the VM entry will fail and the processor willload state from the host-state area of the working VMCS as if a VM exit hadoccurred (see Section 22.7).27.4ERROR HANDLING BY VMMError conditions may occur during VM entries and VM exits and a few other situations.
This section describes how VMM should handle these error conditions,including triple faults and machine check exceptions.27.4.1VM-Exit FailuresAll VM exits load processor state from the host-state area of the VMCS that was thecontrolling VMCS before the VM exit. This state is checked for consistency while beingloaded. Because the host-state is checked on VM entry, these checks will generallysucceed. Failure is possible only if host software is incorrect or if VMCS data in theVMCS region in memory has been written by guest software (or by I/O DMA) sincethe last VM entry.
VM exits may fail for the following reasons:•••There was a failure on storing guest MSRs.••There was a failure on loading host MSRs.There was failure in loading a PDPTR.The controlling VMCS has been corrupted (through writes to the correspondingVMCS region) in such a way that the implementation cannot complete the VMexit.A machine check occurred.If one of these problems occurs on a VM exit, a VMX abort results.Vol. 3 27-11HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR27.4.2Machine Check ConsiderationsThe following sequence determine how machine checks are handled during VMXON,VMXOFF, VM entries, and VM exits:•VMXOFF and VMXON:If a machine check occurs during VMXOFF or VMXON and CR4.MCE = 1, amachine-check exception (#MC) is generated. If CR4.MCE = 0, the processorgoes to shutdown state.•VM entry:If a machine check occurs during VM entry, one of the following two treatmentsmust occur:a.
Normal delivery. If CR4.MCE = 1, delivery of a machine-check exception(#MC) through the host IDT occurs. If CR4.MCE = 0, the processor goes toshutdown state.b. Load state from the host-state area of the working VMCS as if a VM exit hadoccurred (see Section 22.7). The basic exit reason will be “VM-entry failuredue to machine check.”If the machine check occurs after any guest state has been loaded, option babove must be used. If the machine check occurs while checking host state andVMX controls (or while reporting a failure due to such checks), option a should bepreferred; however, an implementation may use b, since software will not be ableto tell whether any guest state has been loaded.•VM exit:If a machine check occurs during VM exit, one of the following two treatmentsmust occur:•Normal delivery.
If CR4.MCE = 1, delivery of a machine-check exception(#MC) through the guest IDT. If CR4.MCE = 0, the processor goes toshutdown state.•Fail the VM exit. If the VM exit is to VMX root operation, a VMX abort willresult; it will block events as done normally in VMX abort. The VMX abortindicator will show a machine check has induced the abort operation.If a machine check is induced by an action in VMX non-root operation before anydetermination is made that the inducing action may cause a VM exit, thatmachine check should be considered as happening during guest execution in VMXnon-root operation. This is the case even if the part of the action that caused themachine check was VMX-specific (for example: the processor’s consulting an I/Obitmap).
A machine-check exception will occur. If bit 12H of the exception bitmapis cleared to 0, a machine-check exception could be delivered to the guestthrough gate 12H of its IDT; if the bit is set to 1, the machine-check exception willcause a VM exit.27-12 Vol. 3HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITORNOTEThe state saved in the guest-state area on VM exits due to machinecheck exceptions should be considered suspect. A VMM shouldconsult the RIPV and EIPV bits in the IA32_MCG_STATUS MSR beforeresuming a guest that caused a VM exit due to a machine-checkexception.27.5HANDLING ACTIVITY STATES BY VMMA VMM might place a logic processor in the wait-for-SIPI activity state if supportingcertain guest operating system using the multi-processor (MP) start-up algorithm.
Aguest with direct access to the physical local APIC and using the MP start-up algorithm sends an INIT-SIPI-SIPI IPI sequence to start the application processor. Inorder to trap the SIPIs, the VMM must start the logic processor which is the target ofthe SIPIs in wait-for-SIPI mode.Vol. 3 27-13HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR27-14 Vol.
3APPENDIX APERFORMANCE-MONITORING EVENTSThis appendix lists the performance-monitoring events that can be monitored withthe Intel 64 or IA-32 processors. The ability to monitor performance events and theevents that can be monitored in these processors are mostly model-specific, exceptfor architectural performance events, described in Section A.1.Non-architectural performance events (i.e. model-specific events) are listed for eachgeneration of microarchitecture:••••••Section A.2 - Processors based on Intel Core microarchitectureSection A.3 - Intel Core Solo and Intel Core Duo processorsSection A.4 - Processors based on Intel NetBurst microarchitectureSection A.5 - Pentium M family processorsSection A.6 - P6 family processorsSection A.7 - Pentium processorsNOTEThese performance-monitoring events are intended to be used asguides for performance tuning.
The counter values reported by theperformance-monitoring events are approximate and believed to beuseful as relative guides for tuning software. Known discrepanciesare documented where applicable.A.1ARCHITECTURAL PERFORMANCE-MONITORINGEVENTSArchitectural performance events are introduced in Intel Core Solo and Intel CoreDuo processors. They are also supported on processors based on Intel Core microarchitecture. Table A-1 lists pre-defined architectural performance events that can beconfigured using general-purpose performance counters and associated event-selectregisters.Table A-1.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
