• 1598阅读
  • 1回复

Intle手册卷三 - VMX的简单介绍 (Chapter23) [复制链接]

上一主题 下一主题
离线啊冲
 

只看楼主 倒序阅读 使用道具 楼主  发表于: 2016-02-02


Intle手册卷三 - VMX的简单介绍 (Chapter23)

发表于 2015 年 10 月 31 日


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



23.1    OVERVIEW    概述
This chapter describes the basics of virtual machine architecture and an overview of the virtual-machine extensions(VMX) that support virtualization of processor hardware for multiple software environments.



本例介绍了虚拟机技术的基础知识,并且概述了虚拟机扩展--多核环境下的处理器硬件虚拟化技术
Information about VMX instructions is provided in Intel® 64 and IA-32 Architectures Software Developer’s Manual,Volume 2B. Other aspects of VMX and system programming considerations are described in chapters of Intel® 64
and IA-32 Architectures Software Developer’s Manual, Volume 3B.
关于VMX指令的相关信息是由Intel手册卷2提供的,其他VMX信息和系统编程方面的注意事项由Intel手册卷3提供
-=-=-=-=-==========================================================
23.   VIRTUAL MACHINE ARCHITECTURE       虚拟机技术
Virtual-machine extensions define processor-level support for virtual machines on IA-32 processors. Two principal classes of software are supported:
虚拟机扩展定义了32位处理器上,关于虚拟机CPU等级的支持。虚拟机扩展注要支持两类注要的软件
• Virtual-machine monitors (VMM) — A VMM acts as a host and has full control of the processor(s) and other platform hardware. A VMM presents guest software (see next paragraph) with an abstraction of a virtual processor and allows it to execute directly on a logical processor. A VMM is able to retain selective control of processor resources, physical memory, interrupt management, and I/O.
VMM作为Host端,对处理器和其他平台的硬件有完全的控制权,VMM提供一个抽象的虚拟CPU的Guest软件,并且允许这个Guest软件直接运行在一个逻辑处理器上,
• Guest software — Each virtual machine (VM) is a guest software environment that supports a stack consisting of operating system (OS) and application software. Each operates independently of other virtual machines and uses on the same interface to processor(s), memory, storage, graphics, and I/O provided by a physical platform. The software stack acts as if it were running on a platform with no VMM. Software executing in a virtual machine must operate with reduced privilege so that the VMM can retain control of platform resources.
客户端软件-每个虚拟机都是一个客户端软件的运行环境,这个环境支持由操作系统和普通程序组成的堆栈,环境中的每个操作独立于其它虚拟机,通过物理平台使用相同的处理器接口,内存,存储,图形,和IO,程序栈的行为就好像它曾经运行在没有VMM的平台上一样,虚拟机的软件如果要执行,必须降低权限以确保VMM能够控制平台资源
===============================================================
23.3 INTRODUCTION TO VMX OPERATION   介绍VMX的模式
Processor support for virtualization is provided by a form of processor operation called VMX operation. There are two kinds of VMX operation: VMX root operation and VMX non-root operation. In general, a VMM will run in VMX root operation and guest software will run in VMX non-root operation. Transitions between VMX root operation and VMX non-root operation are called VMX transitions. There are two kinds of VMX transitions. Transitions into VMX non-root operation are called VM entries. Transitions from VMX non-root operation to VMX root operation are called VM exits.
处理器支持由VMX操作提供的虚拟化,共有两种操作模式,根模式和非根模式,通常,VMM运行根模式,客户端软件运行在非根模式,在VMX根模式和非根模式之间的转换被称作VMX转换。共有两种转换方式,进入到VMX非根模式的行为叫做VMX Entry, 从非根模式进入到根模式的行为叫做VM-EXIT
Processor behavior in VMX root operation is very much as it is outside VMX operation. The principal differences are that a set of new instructions (the VMX instructions) is available and that the values that can be loaded into certain control registers are limited (see Section 23.8).
处理器在VMX根模式的行为非常类似于它在VMX之外的行为,这两者之间最大的不同就是,一些新的VMX指令是可用的,而被加载进控制寄存器的一些值是受限的     (详细请看23.8节)
Processor behavior in VMX non-root operation is restricted and modified to facilitate virtualization. Instead of their ordinary operation, certain instructions (including the new VMCALL instruction) and events cause VM exits to the VMM. Because these VM exits replace ordinary behavior, the functionality of software in VMX non-root operation is
limited. It is this limitation that allows the VMM to retain control of processor resources.
在VMX非根模式的处理器行为是受虚拟化的限制和容易被虚拟化修改的,一些指令(包括新的VMCALL指令)和事件会造成VM-EXITE到VMM中,而不仅仅是简单的操作,因为     VM-EXIT会截获这些简单的行为,VMX根模式中程序的功能是受限制的,正是这种限制,使VMM能够去控制处理器的资源
There is no software-visible bit whose setting indicates whether a logical processor is in VMX non-root operation.This fact may allow a VMM to prevent guest software from determining that it is running in a virtual machine.
并没有什么软件标志位显示一个逻辑处理器是处于根模式还是非根模式,这种情况是否限制客户机软件,取决于它是否运行在一个虚拟机中
Because VMX operation places restrictions even on software running with current privilege level (CPL) 0, guest software can run at the privilege level for which it was originally designed. This capability may simplify the development of a VMM.
由于VMX会限制运行在即使CPL为0的软件,但是客户机软件仍然能运行在它最初设计的权限级别,此功能也许会简化VMM的发展
===============================================================
23.4   LIFE CYCLE OF VMM SOFTWARE          VMM软件的生命周期
Figure 23-1 illustrates the life cycle of a VMM and its guest software as well as the interactions between them. The following items summarize that life cycle:
Figure 23-1 插入了关于VMM生命周期的图片,并且有客户机软件和他们之间的交互。下面几项总结了生命周期
• Software enters VMX operation by executing a VMXON instruction.
软件通过VMXON指令进入VMX模式
• Using VM entries, a VMM can then enter guests into virtual machines (one at a time). The VMM effects a VM entry using instructions VMLAUNCH and VMRESUME; it regains control using VM exits.
通过VM-Entry,VMM能进入客户机虚拟机,VMM是通过VMLAUNCH和VMRESUME指令进入客户机的,通过VM-Exit,它也能重新返回到VMM
• VM exits transfer control to an entry point specified by the VMM. The VMM can take action appropriate to the cause of the VM exit and can then return to the virtual machineusing a VM entry.
VM-Exit会转移到由VMM指定的入口点,对于VM-Exit,VMM会采取适当的动作,然后返回到虚拟机的VM-Entry
• Eventually, the VMM may decide to shut itself down and leave VMX operation. It does so by executing the VMXOFF instruction.
最后,VMM能选择关闭它自己,并且退出VMX模式,它也能通过VMXOFF指令来关闭自己


===============================================================
23.5 VIRTUAL-MACHINE CONTROL STRUCTURE   关于虚拟机的控制结构
VMX non-root operation and VMX transitions are controlled by a data structure called a virtual-machine control structure (VMCS).
VMX非根模式和VMX的转移是被一个叫做VMCS的数据结构控制的
Access to the VMCS is managed through a component of processor state called the VMCS pointer (one per logical processor). The value of the VMCS pointer is the 64-bit address of the VMCS. The VMCS pointer is read and written using the instructions VMPTRST and VMPTRLD. The VMM configures a VMCS using the VMREAD, VMWRITE, and VMCLEAR instructions.
VMCS的访问,是通过处理器状态的一部分来管理的,这部分状态叫做VMCS指针 (每个逻辑处理器),VMCS指针是一个64位的VMCS地址,VMCS指针的读写是通过指令VMPTRST和VMPTRLD指令来完成的,VMM通过VMREAD,VMWRITE,VMCLEAR指令来修改VMCS的
A VMM could use a different VMCS for each virtual machine that it supports. For a virtual machine with multiple  logical processors (virtual processors), the VMM could use a different VMCS for each virtual processor.
VMM能使用不同的VMCS用于每个受支持的虚拟机,对于具有多个逻辑处理的虚拟机,VMM能使用不同的VMCS为每个虚拟处理器
================================================================23.5    VIRTUAL-MACHINE CONTROL STRUCTURE   关于虚拟机的控制结构
23.6   DISCOVERING SUPPORT FOR VMX   查找受支持的VMX
Before system software enters into VMX operation, it must discover the presence of VMX support in the processor. System software can determine whether a processor supports VMX operation using CPUID. If CPUID.1:ECX.VMX[bit 5] = 1, then VMX operation is supported. See Chapter 3, “Instruction Set Reference, A-M” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2A.
在系统程序进入VMX模式之前,它判断查看当前CPU是否支持VMX, 通过CPUID,系统程序能判断当前处理器是否支持VMX模式,如果CPUID:1:ECX.VMX[bit5]=1,那么VMX模式是被支持的,详细请看 Chapter 3, “Instruction Set Reference, A-M” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2A.
The VMX architecture is designed to be extensible so that future processors in VMX operation can support additional features not present in first-generation implementations of the VMX architecture. The availability of extensible VMX features is reported to software using a set of VMX capability MSRs (see Appendix A, “VMX Capability Reporting Facility”).
VMX架构设计的扩展性,是为了以后的处理器能支持更多的在第一代VMX架构中不存在的附加功能,拓展VMX的功能是让软件使用一组有VMX功能的MSR寄存器
================================================================
23.7   ENABLING AND ENTERING VMX OPERATION    激活和进入VMX模式
Before system software can enter VMX operation, it enables VMX by setting CR4.VMXE[bit 13] = 1. VMX operation is then entered by executing the VMXON instruction. VMXON causes an invalid-opcode exception (#UD) if executed
with CR4.VMXE = 0. Once in VMX operation, it is not possible to clear CR4.VMXE (see Section 23.8). System software leaves VMX operation by executing the VMXOFF instruction. CR4.VMXE can be cleared outside of VMX operation after executing of VMXOFF.
在系统软件进入VMX模式之前,它需要通过CR4.VMXE[bit13]=1激活,然后通过VMXON指令进入VMX模式,如果执行VMXON指令的时候CR4.VMXE=0,那么该指令就会触发UD异常,在VMX模式中,是不能允许清除CR4.VMXE标志位的,系统软件离开VMX模式要通过VMXOFF指令,在执行VMXOFF指令后,再清除CR4.VMXE位
VMXON is also controlled by the IA32_FEATURE_CONTROL MSR (MSR address 3AH). This MSR is cleared to zero when a logical processor is reset. The relevant bits of the MSR are:
VMXON指令也被IA32_FEATURE_CONTROL MSR寄存器控制 (地址在3A处),当逻辑处理器被重置的时候,MSR被清零,相关的MSR如下:
• Bit 0 is the lock bit. If this bit is clear, VMXON causes a general-protection exception. If the lock bit is set, WRMSR to this MSR causes a general-protection exception; the MSR cannot be modified until a power-up reset condition. System BIOS can use this bit to provide a setup option for BIOS to disable support for VMX. To enable VMX support in a platform, BIOS must set bit 1, bit 2, or both (see below), as well as the lock bit.
Bit0位是锁位,如果这个位被清零,VMXON指令将会造成GP异常,如果bit0置1,向这个MSR写入数据将会造成GP异常,除非加电恢复为初始状态才能修改这个MSR,系统BIOS可以使用这个位禁用受支持的VMX,如果要支持VMX选项,BIOS必须设置bit1, bit2与锁位一样,
• Bit 1 enables VMXON in SMX operation. If this bit is clear, execution of VMXON in SMX operation causes a general-protection exception. Attempts to set this bit on logical processors that do not support both VMX operation (see Section 23.6) and SMX operation (see Chapter 6, “Safer Mode Extensions Reference,” in Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2B) cause general-protection exceptions.
bit1激活后,VMXON指令可以进入SMX模式,如果这个位被清零,在SMX模式执行VMXON指令会造成GP异常,试图设置这个位在不支持VMX模式和SMX模式的处理器上,将会触发GP异常
• Bit 2 enables VMXON outside SMX operation. If this bit is clear, execution of VMXON outside SMX operation causes a general-protection exception. Attempts to set this bit on logical processors that do not support VMX operation (see Section 23.6) cause general-protection exceptions.
Bit 2激活SMX模式外的VMXON指令,如果这个位被清零,在SMX模式外执行VMXON指令将会造成GP异常,试图设置这个位在不支持VMX模式的处理器上,将会触发GP异常
Before executing VMXON, software should allocate a naturally aligned 4-KByte region of memory that a logical processor may use to support VMX operation. This region is called the VMXON region. The address of the VMXON region (the VMXON pointer) is provided in an operand to VMXON. Section 24.11.5, “VMXON Region,” details how software should initialize and access the VMXON region.
在执行VMXON指令之前,软件应该分配一个自然对齐的4KB区域内存,逻辑处理器能使用这个内存支持VMX操作,这个区域叫做VMXON区域,VMXON区域的地址也就是VMXON指针作为VMXON的一个操作数,详细请看 24.11.5 “VMXON ” 软件是如何初始化和访问VMXON区域的
================================================================
23.8    RESTRICTIONS ON VMX OPERATION  VMX操作的限制
VMX operation places restrictions on processor operation. These are detailed below:
VMX操作对处理器的限制,细节如下:
• In VMX operation, processors may fix certain bits in CR0 and CR4 to specific values and not support other values. VMXON fails if any of these bits contains an unsupported value (see “VMXON—Enter VMX Operation” in Chapter 30). Any attempt to set one of these bits to an unsupported value while in VMX operation (including VMX root operation) using any of the CLTS, LMSW, or MOV CR instructions causes a general-protection
exception. VM entry or VM exit cannot set any of these bits to an unsupported value. Software should consult the VMX capability MSRs IA32_VMX_CR0_FIXED0 and IA32_VMX_CR0_FIXED1 to determine how bits in CR0 are fixed. (see Appendix A.7). For CR4, software should consult the VMX capability MSRs IA32_VMX_CR4_FIXED0 and IA32_VMX_CR4_FIXED1 (see Appendix A.8).
在VMX操作中,处理器可能会固定一些CR0和CR4的位中的一些受支持和不受支持的值,如果这些位中包含不受支持的值,VMXON指令将会失败,试图设置任何一位不受支持的值,在VMX使用CTLS, LMSW,或者MOV CR指令,都会造成GP异常,VM-Entry和VM-Exit中不能设置任何这些位中不受支持的值,软件应该从MSR寄存器IA32_VMX_CR0_FIXED0和IA32_VMX_CR0_FIXED1得到信息,来决定CR0中的位如何固定,(看附录A.7), 关于CR4,软件应该从IA32_VMX_CR4_FIXED0和IA32_VMX_CR4_FIXED1中得到有关固定位的信息 (看附录A.8)
The first processors to support VMX operation require that the following bits be 1 in VMX operation: CR0.PE, CR0.NE, CR0.PG, and CR4.VMXE. The restrictions on CR0.PE and CR0.PG imply that VMX operation is supported only in paged protected mode (including IA-32e mode). Therefore, guest software cannot be run in unpaged protected mode or in real-address mode. See Section 31.2,
支持VMX操作的第一个处理器,要求以下位必须都是1: CR0.PE, CR0.NE, CR0.PG, CR4.VMXE,。  CR0.PE和CR0.PG的限制,代表着VMX操作只能在分页保护模式中(包括IA-32e 模式),因此客户机不允许在非分页模式保护模式和实模式中
“Supporting Processor Operating Modes in Guest Environments,” for a discussion of how a VMM might support guest software that expects to run in unpaged protected mode or in real-address mode. Later processors support a VM-execution control called “unrestricted guest” (see Section 24.6.2). If this control is 1, CR0.PE and CR0.PG may be 0 in VMX non-root operation (even if the capability MSR IA32_VMX_CR0_FIXED0 reports otherwise). Such processors allow guest software to run in unpaged protected mode or in real-address mode.
客户机环境中支持的处理器模式,讨论VMM是如何预计在非分页模式,保护模式和实模式运行客户机软件的。  最后的处理器支持叫做无限制客户机的VM-Execution,如果控制是1, 根模式中,CR0.PE和CR0.PG可以是0,这种处理器允许客户机软件运行在非分页模式,保护模式和实模式中
• VMXON fails if a logical processor is in A20M mode (see “VMXON—Enter VMX Operation” in Chapter 30). Once the processor is in VMX operation, A20M interrupts are blocked. Thus, it is impossible to be in A20M mode in VMX operation.
如果逻辑处理器处于A20模式时,VMXON指令将会失败,每次处理器进入VMX模式,A20中断都可能会中断,因此,在VMX操作的时候,是有可能进入A20M模式的
• The INIT signal is blocked whenever a logical processor is in VMX root operation. It is not blocked in VMX nonroot operation. Instead, INITs cause VM exits (see Section 25.2, “Other Causes of VM Exits”).
无论何时处理器在VMX根模式,INIT信号都会被被阻塞,它并不会造成VMX根模式阻塞,相反,INIT会造成VM-Exit

善者 慈悲心常在 无怨无恨 以苦为乐
默认压缩密码www.hifyl.com
文件分享密码问题:http://www.hifyl.com/read-htm-tid-4444.html
离线v2680267313

只看该作者 沙发  发表于: 2016-04-30
用户被禁言,该主题自动屏蔽!
快速回复
限100 字节
如果您提交过一次失败了,可以用”恢复数据”来恢复帖子内容
 
上一个 下一个