摘要:
A processing device with tracing functionality for a virtual machine is described. The processing device includes a tracing register to store a value indicative of whether tracing is enabled or disabled, a tracing module to generate trace data while tracing is enabled, and an internal buffer to store the trace data. When tracing is disabled, the processing device removes the trace data from the buffer. Mechanisms are described to ensure that the trace data is not corrupted during this process, despite the presence of page faults that may result from trace output writes.
摘要:
One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine. The invalidation operation belongs to a non-empty set of invalidation operations composed of a union of (1) a possibly empty set of operations that invalidate a variable number of TLB entries, (2) a possibly empty set of operations that invalidate exactly one TLB entry, (3) a possibly empty set of operations that invalidate the plurality of TLB entries, (4) a possibly empty set of operations that enable and disable use of virtual memory, and (5) a possibly empty set of operations that configure physical address size, page size or other virtual memory system behavior in a manner that changes the manner in which a physical machine interprets the TLB entries.
摘要:
Embodiments of an invention related to context state management based on processor features are disclosed. In one embodiment, a processor includes instruction logic and state management logic. The instruction logic is to receive a state management instruction having a parameter to identify a subset of the features supported by the processor. The state management logic is to perform a state management operation specified by the state management instruction.
摘要:
Embodiments of systems, apparatuses, and methods for performing privilege agnostic segment base register read or write instruction are described. An exemplary method may include fetching the privilege agnostic segment base register write instruction, wherein the privilege agnostic write instruction includes a 64-bit data source operand, decoding the fetched privilege agnostic segment base register write instruction, and executing the decoded privilege agnostic segment base register write instruction to write the 64-bit data of the source operand into the segment base register identified by the opcode of the privilege agnostic segment base register write instruction.
摘要:
A set of default registers of a processor are expanded into metadata registers on the processor of a computer system. The default registers having stored thereon data, while metadata which is related to the data is stored separately on the metadata registers.
摘要:
In one embodiment, a processor mode is provided for guest software. The processor mode enables the guest software to operate at a privilege level intended by the guest software. When the guest software attempts to perform an operation restricted by the processor mode, the processor mode is exited to transfer control over the operation to a virtual-machine monitor, which runs outside this processor mode.
摘要:
An embodiment of the present invention is a technique to perform address translation. A table structure is indexed by a source identifier of an input/output (I/O) transaction specifying a guest physical address and requested by an I/O device to map the I/O device to a domain assigned to the I/O device. An address translation structure translates the guest physical address to a host physical address corresponding to the I/O transaction.
摘要:
An embodiment of the present invention is a technique to process faults in a direct memory access address translation. A register set stores global control or status information for fault processing of a fault generated by an input/output (I/O) transaction requested by an I/O device. An address translation structure translates a guest physical address to a host physical address. The guest physical address corresponds to the I/O transaction and is mapped to a domain. The address translation structure has at least an entry associated with the domain and domain-specific control information for the fault processing.
摘要:
An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.
摘要:
In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.