跳至主要内容

AMD Secure Virtual Machine

AMD Secure Virtual Machine support for virtualization technology is multifaceted, in addition to IOMMU, Tagged TLB, there have optional Nested Paging, as well as VMRUN / VMEXIT commands such as (Intel has a similar implementation ). If there is no Nested Page Tables (NPT), hypervisor on the guest OS page table for each one (gPT) should maintain a shadow page table (sPT), the actual use of the hypervisor hardware provided by sPT. gPT is write-protected, so the guest OS right gPT operate, such as delete, update, etc. will occur page fault, and then taken over by the hypervisor to the gPT be modified final synchronization sPT. Another implementation is to let guest OS operating gPT, so really occurred page fault, by the hypervisor synchronization sPT. NPT need two address translation. The first stage is the guest linear address to the guest physical address, guest CR3 (gCR3) point to the page table address. The second level is the guest physical address to host physical address, nested CR3 (nCR3) point to the page table address. gCR3 itself is a guest physical address, this address through the NTP must first convert the host physical address. Next, each obtained from the guest page talbe address to go through the conversion NPT are host physical address. TLB is stored in the final guest linear address to a host physical address of the conversion results. Each guest OS is only one NPT, hypervisor for each gPT do not need to maintain a sPT, therefore save a lot of physical memory. Second guest OS can speak love machine to make their own gCR3, such a process switch is no longer needed the involvement of hypervisor, while the virtual machine performance bottleneck is mainly between the guest OS and the hypervisor frequent switching. Early x86 processors from user mode into kernel mode the only way is through the interruption, that is, system calls, such as the 0x80 interrupt. Later, to speed up the process, Intel introduced the SYSENTER and SYSEXIT instruction, AMD introduced the SYSCALL and SYSRET instructions. These instructions are to make the operating system between ring 0 and ring 3, that is, kernel mode and user-state switching between programs. If the hypervisor resides in ring 0, guest OS the presence of ring 1, the application resides ring 3, guest OS will not reside in the traditional ring 0, while SYSCALL / SYSRET directive can only be carried out under the ring 0, then the user between the state and kernel-mode cut

laminating machine machine

change only through interrupts. Processors to support virtualization has introduced more than ring 0 privilege level, we can be called ring-1. In order to speed up the ring 0 and ring-1 to switch between the AMD introduces VMRUN and VMEXIT instructions. These two instructions can be analog SYSCALL and SYSRET. SYSCALL to save the user's current state of information in order to return from the kernel mode to continue. VMRUN and VMEXIT the same token, except that they preserve and restore the guest OS running status. Reference: A Comparison of Software and Hardware Techniques for x86 Virtualization The Definitive Guide to the Xen Hypervisor AMD64 Architecture Programmer's Manual Volume 2: System Programming (15 Secure Virtual Machine) AMD-V Nested Paging

AMD Secure Virtual Machine Film Coating Machine machine on the virtualization technology support is multifaceted, in addition to IOMMU, Tagged TLB, there have optional Nested Paging, as well as VMRUN / VMEXIT commands such as (Intel has a similar implementation). If there is no Nested Page Tables (NPT), hypervisor on the guest OS page table for each one (gPT) should maintain a shadow page table (sPT), the actual use of the hypervisor hardware provided by sPT. gPT is write-protected, so the guest OS

right gPT operate, such as delete, update, etc. will occur page fault, and then taken over by the hypervisor to the gPT be modified final synchronization sPT. Another implementation is to let guest OS operating gPT, so really occurred page fault, by the hypervisor synchronization sPT. NPT need two address translation. The first stage is the guest linear address to the guest physical address, guest CR3 (gCR3) point to the page table address. The second level is the guest physical address to host physical address, nested CR3 (nCR3)

pointing to the page table address. gCR3 itself is a guest physical address, this address through the NTP must first convert the host physical address. Next, each obtained from the guest page talbe address to go through the conversion NPT are host physical address. TLB is stored in the final guest linear address to a host physical address of the conversion results. Each guest OS only

an NPT, hypervisor for each gPT do not need to maintain a sPT, therefore save a lot of physical memory. Second guest OS can operate their own gCR3, so the process of switching is no longer needed the involvement of hypervisor, while the virtual machine's performance bottleneck is mainly between the guest OS and the hypervisor frequent switching. Early x86 processors from user mode into kernel mode the only way is through the interruption, that is, system calls, such as the 0x80 interrupt. Later, to speed up the process, Intel introduced the SYSENTER and SYSEXIT instructions, AMD

introduced SYSCALL and SYSRET instructions. These instructions are to make the operating system between ring 0 and ring 3, that is, kernel mode and user-state switching between programs. If the hypervisor resides in ring 0, guest OS the presence of ring 1, the application resides ring 3, guest OS will not reside in the traditional ring 0, while SYSCALL / SYSRET directive can only be carried out under the ring 0, then the user state and switching between kernel mode only through interrupts.

supports processor virtualization has introduced more than ring 0 privilege level, we can be called ring-1. In order to speed up the ring 0 and ring-1 to switch between the AMD introduces VMRUN and VMEXIT instructions. These two instructions can be analog SYSCALL and SYSRET. SYSCALL to save the user's current state of information in order to return from the kernel mode to continue. VMRUN and VMEXIT the same token, except that they preserve and restore the guest OS running status. Reference: A Comparison of Software and Hardware Techniques for x86 Virtualization The Definitive Guide to the Xen Hypervisor AMD64 Architecture Programmer's Manual Volume 2: System Programming (15 Secure Virtual Machine) AMD-V Nested Paging

评论

此博客中的热门博文

How to Design a Store Front Sign

In this Article we will talk about designing a store front for a business. What color or size should your Letters & designs be? What to put on your sign and why?, then be ready to Get in touch with sign people and get your best deal. Large lettering with out a front sign could save you time and money Do your products have a special shape or color to emulate on your sign? Kodak is always in yellow and black, Coca-Cola white on red, Etc. Muffler places, have a sign in the shape of a muffler. your phone number on the store front some place, but not on the identification sign, (door, or window) Your Product & logos can be arranged on the front sign, or window. Not on the Pole sign, Store hours & phone number could fit in your design and by using the product color, it could add product recognition & enhance your design. Suppliers may provide plenty of advert...

music forum (zt)

24. moonlight - ≡ Sound Of Nature ≡ -     15. Tone Quebec Network 17.Ukoo http://www.hispeed.com.cn/Forum/LoadForum.asp?Foru m / a> http://bbs.dd81.com/index.php 30. Jazz pawnshop http://www.sogua.com/ 6. Lyrics 吾爱 http://www.inkui.com Reading of the singer in mind 2. Hyun tone http://d.sogou.com/ http://www.beihai365.com/bbs/forumdisplay.php?f/a> 20. Left Bank • Teana http://bbs.flamesky.com/ 8. Sogou sogou- 25.U Shadow 吾爱 sound waves 4. Need 14.HDCD http://www.commus.com/ 29, Buddhist music, do not know the name of the http://www.itpub.net/forum79.html http://bbs.kugoo.com/index.asp http://bbs.uying.com/176/Index.aspx http://board.verycd.com/ http://board.verycd.com/f8.html 13.MP3 barrage http://bbs.51lrc.com/index.asp?board/a> A pleasant song - "Dancing circulation" 19.Verycd of http://bbs.breezecn.com/ http://www.mp4cn.com/2008/index.html Sound of Music Forum, http://www.jazzsky.com/lb/cgi-bin/leobbs.cgi http://www.luopo.co...

找到一个可以替代ghs.google.com的地址

用Goole Blogger的自定义域名功能需要用到 ghs.google.com 做CNAME,或者用ping ghs.google.com 得出的IP做一个A记录.但是,伟大的GFW已经把 ghs.google.com 和部分IP屏蔽在大陆之外.这样的壮举使得我们的自定义域名不能正常访问,或者让你的网页背景.图片被滤掉,精心做成的模板变得惨白不堪. 那么,我们可不可以找一个替代 ghs.google.com 的地址呢?当然能.因为Google是强大的.它有许多有用的IP地址让你去探寻. 对 ghs.google.com 分析研究后发现, ghs.google.com 这台服务器并没有提供实质性的服务,而只是选择访问者访问最快的服务器(Google全球性公司,很多地区都有服务器).我们只要找到其他服务器的IP地址,并且这个IP地址没被屏蔽,那么就成了. 寻找这样的IP地址需要用到tracert命令.即在CMD模式下输入:tracert ghs.google.com ,在已经屏蔽的当下,最后自然得不出结果,这就需要我们使用代理了.使用不同地区的代理运行tracert ghs.google.com 命令. tracert ghs.google.com 的最后一跳会有类似这样的域名: eh-in-f121.google.com 如果在不用代理的情况下,你能ping通这个域名,那么恭喜你,你找到了!现在就可以用这个域名代替 ghs.google.com 设置你的CNAME了,ping出的IP地址可以做A记录,CNAME和A记录,只做其中之一就可以. hs-in-f121.google.com 64.233.179.121 eh-in-f121.google.com 72.14.207.121 bx-in-f121.google.com 66.249.81.121 ik-in-f121.google.com 66.249.91.121 这4个在我所在地区不能使用,而可以使用 tw-in-f121.google.com 72.14.235.121 或者209.85.171.121也可用 下面是一些不断更新的:74.125.43.121 除了使用代理来寻找,也可以通过一些网站提供的功能来寻找这个地址,很方便,就是使用网站提供的Traceroute.这些网站有: h...