CPU指令集的虚拟化(x86)

时间:2021-07-30 17:49:22
IA-32 (x86)[edit]

Main article: X86 virtualization

The IA-32 instruction set of the Pentium processor contains 17 sensitive, unprivileged instructions.[11] They can be categorized in two groups:

  • Sensitive register instructions: read or change sensitive registers and/or memory locations such as a clock register or interrupt registers:
    • SGDT, SIDT, SLDT
    • SMSW
    • PUSHF, POPF
  • Protection system instructions: reference the storage protection system, memory or address relocation system:
    • LAR, LSL, VERR, VERW
    • POP
    • PUSH
    • CALL, JMP, INT n, RET
    • STR
    • MOV

The introduction of the AMD-V and Intel VT-x instruction sets in 2005 allows x86 processors to meet the Popek and Goldberg virtualization requirements.

关键指令(Critical Instruction)

指敏感但非特权指令,需要在Guest OS中人为地在CI指令处做trap处理,以便由VMM进行处理。

CI指令的扫描与修补(Scanning and Patching)

以代码块为单位,对Guest OS以及其中运行的程序代码进行扫描,遇到分支指令时,深入到每个分支进行扫描和修补。

修补方法,就是将CI指令替换成相应的trap指令,确保VMM有机会处理到所有敏感指令。