Interrupts in the guest VMThe VME-bit in CR4Virtual-8086 Mode ExtensionsInterrupt-redirection BitmapSoftware INTs Only!We’ll modify our VMX demoModify ‘guest_isrGPF’CPU’s interrupt-responseEFLAGSPIC masksGPF stack-frameGPF error-codeSlide 13Interrupts in the guest VMA look at the steps needed to “reflect” hardware interrupts back into the ROM-BIOS for servicingThe VME-bit in CR4•Our VMX demo-program set the VME-bit (bit #0) in Guest’s Control Register CR4VMXEPAEPSEVME31 13 5 4 0Legend: VME (Virtual-8086 Extensions): 1=on, 0=off PSE (Page-Size Extensions): 1=on, 0=off PAE (Page-Address Extensions): 1=on, 0=off VMXE (Virtual Machine eXtensions Enabled): 1=yes, 0=noVirtual-8086 Mode Extensions•Software interrupt instructions (int $nn) will selectively be directed either to IDT-gates or to IVT-vectors, depending on a ‘bitmap’ located within the Task-State Descriptor•This ‘interrupt redirection bitmap’ has 256 bits (one for each 8-bit interrupt-number)•Its location within the TSS is immediately ahead of the I/O Permission BitmapInterrupt-redirection Bitmap256 bits65536bitsTask-State Segment= interrupt-redirection bitmap= I/O-permission bitmap= ‘IOMAP’ field (at offset 0x66)Interrupt-redirection Bitmap 256-bits ( = 32 longwords) I/O-Permission Bitmap65536-bits ( = 8192 bytes)TSS base25 longwordsLegend: 1 = interrupt is directed to IDT 0 = interrupt is directed to IVTSoftware INTs Only!•The interrupt-redirection bitmap does NOT affect any ‘hardware’ interrupts – they are serviced by the interrupt-handlers whose entry-points are specified within the gate-descriptors that comprise the IDT•How can the Guest VM in our VMX demo-program handle the ‘hardware’ interrupts generated by the peripheral devices?We’ll modify our VMX demo•One change to ‘vmxstep3.s’:guest_RFLAGS: 0x00023202 # IF=1, IOPL=3•One change to ‘vmxdemo.s’: in $0x21, %al # get master-PIC’s mask or $0x10, %al # mask UART interrupt out %al, $0x21 # set master-PIC’s maskModify ‘guest_isrGPF’•We introduce a major modification into the guest’s General Protection Fault-handler, to “reflect” external device-interrupts back to ‘real-mode’ code in the ROM-BIOS that will be executed in ‘Virtual-8086 mode’ •The steps needed to do this are based on ‘emulating’ the CPU’s usual response to an external interrupt in 8086 real-modeCPU’s interrupt-response•Push FLAGS register onto the stack•Clear IF and TF bits in FLAGS register•Push CS and IP registers onto the stack•Acquire the device’s interrupt-ID number•Lookup that ID-number’s interrupt-vector•Put that vector’s ‘loword’ into IP register•Put that vector’s ‘hiword’ into CS register•Then resume CPU’s fetch-execute cycleEFLAGSIDVIPVIFACVMRF0NTI/OPLOFDFIFTFSFZF0AF0PF1CF31 21 20 19 18 17 16 14 13 12 11 10 9 8 7 6 4 2 0IF (Interrupt-Flag): 1=on, 0=offVM (Virtual-8086 Mode): 1=on, 0=off IOPL (Input/Output Permission-Level): =00 (only ring0 can execute ‘in’ and ’out’) =01 (ring0 and ring1 can execute ‘in’ and ‘out’) =10 (ring0, ring1, ring2 can execute ‘in’ and ‘out’) =11 (ring0, ring1, ring2, ring3 can execute ‘in’ and ‘out’)NOTE: Virtual-8086 mode operates at the ‘ring3’ privilege-levelPIC masks•Each Programmable Interrupt Controller has a ‘mask register’ that allows blocking of the interrupts from specific devices IRQ7IRQ6IRQ5IRQ4IRQ3IRQ2IRQ1IRQ0IRQFIRQEIRQDIRQCIRQBIRQAIRQ9IRQ8I/O Port 0x21I/O Port 0xA1 Master-PICmask-register Slave-PICmask-registerGPF stack-frameGSFSDSESSSSPEFLAGSCSIPerrorSS0:ESP0ring0 stack?????FLAGSCSIP SS:SP(before) SS:SP (after)ring3 stackGPF error-code selector-indexEXTINTTI15 \3 2 1 0 Legend: EXT (External-event): 1=yes, 0=no INT (Interrupt-table): 1=yes, 0=no TI (Table-Indicator): 1=LDT, 0=GDT Index = Table’s element-numberGPF stack-frameGSFSDSESSSSPEFLAGSCSIPerrorSS0:ESP0ring0 stackhiword lowordInterrupt Vector Tablehiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword lowordhiword
View Full Document