- Mechanisms for fast world switch between guest and host.
- The ability to intercept selected instructions or events in the guest.
- External (DMA) access protection for memory.
- Assists for interrupt handling and virtual interrupt support.
- A guest/host tagged TLB, Nested Paging to reduce virtualization overhead.
AMD SVM introduces several new instructions and modifies several existing instructions to facilitate the implementation of VMM systems on the x86 architecture or more specifically the AMD64 architecture. The following are the virtualization specific additions to the instruction set.
VMRUN - Start execution of a guest
VMLOAD - Save subsets of processor state
VMSAVE - restore subsets of processor state
VMMCALL - Allow guests to explicitly communicate with the VMM
STGI - set the global interrupt flag
CLGI - clear the global interrupt flag
SKINIT - Secure init and control transfer with attestation
INVLPGA - Invalidate TLB entries in a specified ASID
Guest Mode
This new processor mode is entered through the VMRUN instruction. When in guest mode, the behavior of some x86 instructions changes to facilitate virtualization.
Virtual Machine Control Block (VMCB)
There is a VMCB for each running guest OS. The VMCB is divided into two areas.
Control Area: contains various control bits including the intercept vector with settings that determine what actions cause #VMEXIT (transfer of control from the guest to host). Rich set of intercepts allow the host to customize each guest’s privileges.
State Area: All CPU state for each guest is saved in this area. Information about the intercepted event is put into the VMCB on #VMEXIT
VMRUN
Host state is saved to memory
Guest state loaded from VMCB
Guest runs
#VMEXIT
Guest state is saved back to VMCB
Host state loaded from memory
Nested Paging
The SVM Nested Paging facility provides for two levels of address translation in hardware, thus eliminating the need for the VMM to maintain the so called shadow page tables in software.
With nested paging enabled, the processor applies two levels of address translation. A guest page table (gPT) mapping guest virtual addresses to guest physical addresses located in guest physical space. Each guest also has a host page table (hPT) mapping host virtual addresses to host physical addresses located in host physical space. Both host and guest levels have their own copy of the CR3 register, referred to as hCR3 and gCR3, respectively.
After translating a guest virtual address using the guest page tables, the resulting (guest physical) address is treated as a host virtual address and is further translated, using the host page tables, into a host physical address. The resulting translation from guest virtual to host physical address is cached in the TLB and used on subsequent guest accesses.
Nested paging is enabled by the VMRUN instruction if the NP_ENA bit in the VMCB is set to 1; nested paging is disabled by #VMEXIT.
Thus there are 3 different registers – hCR3, gCR3 and CR3. The value of hCR3 can be different from the CR3 in effect while the VMM is running; this gives the VMM maximum flexibility on how to further remap guests’ physical address spaces, and where to optionally map guest physical pages in the VMM’s address space. The optional host paging mechanism allows a VMM to page out guest pages and to use copy-on-write techniques (i.e. sharing of redundant physical pages) between guests. We are not planning to implement host paging in our HVMM at this point.
Tagged TLB
In the SVM usage model, the VMM is mapped in a different address space than the guests each of which in turn have their own address spaces. To reduce the cost of world switches, the TLB is tagged with an address space identifier (ASID) distinguishing host-space entries and different guest-space entries from each other. The ASID Tag in the TLB specifies to which virtual machine, each memory page is assigned. This allows more efficient switching between virtual machines as it completely eliminates the need for TLB flushes each time a different virtual machine is scheduled.
No comments:
Post a Comment