CPU指令集的虚拟化(x86)
IA-32 (x86)[edit]
Main article: X86 virtualization
The IA-32 instruction set of the Pentium processor contains 17 sensitive, unprivileged instructions.[11] They can be categorized in two groups:
- Sensitive register instructions: read or change sensitive registers and/or memory locations such as a clock register or interrupt registers:
- SGDT, SIDT, SLDT
- SMSW
- PUSHF, POPF
- Protection system instructions: reference the storage protection system, memory or address relocation system:
- LAR, LSL, VERR, VERW
- POP
- PUSH
- CALL, JMP, INT n, RET
- STR
- MOV
The introduction of the AMD-V and Intel VT-x instruction sets in 2005 allows x86 processors to meet the Popek and Goldberg virtualization requirements.
关键指令(Critical Instruction)
指敏感但非特权指令,需要在Guest OS中人为地在CI指令处做trap处理,以便由VMM进行处理。
CI指令的扫描与修补(Scanning and Patching)
以代码块为单位,对Guest OS以及其中运行的程序代码进行扫描,遇到分支指令时,深入到每个分支进行扫描和修补。
修补方法,就是将CI指令替换成相应的trap指令,确保VMM有机会处理到所有敏感指令。