本文主要介绍Interrupt Window和NMI Window的相关知识点。

强烈建议在Vtx.pdf搜索Interrupt-window Exiting。

Interrupt-window Exiting. The interrupt-window exiting control bit in the VM-execution controls causes VM exits when guest RFLAGS.IF is 1 and no other conditions block external interrupts. If the control is 1, a VM exit occurs at the beginning of any instruction at which RFLAGS.IF = 1 and on which the interruptibility state of the guest would allow delivery of an interrupt. For example: when the guest executes an STI instruction, RFLAGS = 1, and if at the completion of next instruction the interruptibility state masking due to STI is removed; a VM exit occurs if interruptwindow exiting control is 1. The interrupt-window exiting feature allows a VMM to queue a virtual interrupt to the guest when the guest is not in an interruptible state. The VMM can set the interrupt-window exiting control for the guest and depend on a VM exit to know when the guest becomes interruptible (and, therefore, when it can inject a virtual interrupt). The VMM can detect such VM exits by checking for the basic exit reason ‘interrupt-window’ (value = 7). Without interrupt-window exiting support, the VMM will need to poll and check the interruptibility state of the guest to deliver virtual interrupts.

1. Background

  1. IRR不受IF(RFLAGS.IF)位的影响。
  2. 事件注入控制:

2. Interrupt Window

如果Guest正处在屏蔽外部中断的状态,即Guest的RFLAGS.IF = 0Guest Non-Register State.Interruptibility StateVMCS[0x4824](32 bit))的Bit 0 (Blocking by STI)和Bit 1 (Blocking by MOV-SS)不全为零,将不允许在VM Entry时进行Event Injection。为了向vCPU注入中断,可以临时设置Primary Processor-Based VM-Execution Controls.Interrupt-Window Exiting = 1,然后主动VM Entry进入Non-root模式。一旦CPU进入能够接收中断的状态,即RFLAGS.IF = 1Interruptibility State[1:0] = 0,便会产生一个VM Exit(VM Exit No.7 Interrupt Window),此时Hypervisor便可注入刚才无法注入的中断,并将Interrupt-Window Exiting重置为0。

值得注意的是:即使Guest的RFLAGS.IF = 0,Guest的IRR寄存器依然会置位,这个行为需要与native保持一致。

3. NMI Windows

Background可以参考Some notes about x86 interrupt preemption

NMI-window Exiting. If the “virtual NMIs” VM-execution is set, the processor tracks virtual-NMI blocking. The NMI-window exiting control bit in VM-execution controls causes VM exits when there is no virtualNMI blocking. For example, after execution of the IRET instruction, a VM exit occurs if NMIwindow exiting control is 1. The NMI-window exiting feature allows a VMM to queue a virtual NMI to a guest when the guest is not ready to receive NMIs. The VMM can set the NMI-window exiting control for the guest and depend on a VM exit to know when the guest becomes ready for NMIs (and, therefore, when it can inject a virtual NMI). The VMM can detect such VM exits by checking for the basic exit reason ‘NMI window’ (value = 8). Without NMI-window exiting support, the VMM will need to poll and check the interruptibility state of the guest to deliver virtual NMIs.

参考资料:

  1. Intel SDM Chapter 29: APIC Virtualizaton & Virtual Interrupts