Thanks much for the reply. It seems Linux stopped using the hardware context switch mechanisms ( like far jmp ) since kernel version 2.2 ( per understanding linux kernel book ). For now, I am just going to use cr3 write interception to detect guest process context switches. ( on a related note however, with linux running in a single cpu guest vm, I see interceptions printing writes to cr3 with same value as the one that already is in the register - possibly threads or other scenarios ) Thanks, -Leo On Wed, Jun 5, 2013 at 1:16 AM, Gleb Natapov <gleb@xxxxxxxxxx> wrote: > On Wed, Jun 05, 2013 at 12:51:29AM -0500, Leo Prasath wrote: >> Hi, >> >> I am interested in intercepting task switches in vmx/svm in 64 bit >> mode with ept/npt enabled. >> However, I am not seeing the exit code due to task switch ( 9 for vmx >> and 125 for svm ) in the list of vm exits that I see in a typical >> guest run. > I do not think "task switch" exit means what you think it means. This is > not OS context switches, but some x86 cpu concept of task that can be > switched by using HW mechanism. No modern OS uses it. Actually in 64 bit > mode it does not exists at all. > >> I log the vm exit codes in the x86/svm.c:handle_exit method for svm >> and x86/vmx.c:vmx_handle_exit for vmx. >> >> Any pointers regarding this is very much appreciated. >> >> On a related note, does cr3 write interception approximate task switch >> interception ? > Depending on how OS works. For Linux it is probably true (if cr3 value > changes). > >> ( I was able to intercept cr3 writes with svm while npt was enabled. >> but with vmx, I could intercept cr3 writes only with ept disabled ) >> >> Thanks, >> Leo >> >> Looking through the manuals, svm has a control bit in VMCS for >> enabling / disabling task switch interception while vmx does not seem >> to have such a control bit. > Again, this is not "task switch" you are looking for. > >> ----------------------------------------- >> Excerpts from the manuals : >> >> Intel >> ------ >> >> Exit reason #9 indicates a vm exit due to task switch. >> >> Vol. 3C 24-9 : Some instructions cause VM exits regardless of the >> settings of the processor-based VM-execution controls (see Section >> 25.1.2), as >> do task switches (see Section 25.2). >> >> Vol. 3C 25-6 : Task switches. Task switches are not allowed in VMX >> non-root operation. Any attempt to effect a task switch in VMX >> non-root operation causes a VM exit. See Section 25.4.2 >> >> AMD >> ------- >> >> Intercept code to look for is: 7Dh VMEXIT_TASK_SWITCH task switch >> >> 15.14 AMD64 Technology Miscellaneous Intercepts : The SVM architecture >> includes intercepts to handle task switches, processor freezes due to >> FERR, and shutdown operations. >> Task switches can modify several resources that a VMM may want to >> protect (CR3, EFLAGS, LDT). However, instead of checking various >> intercepts (e.g., CR3 Write, LDTR Write) individually, task switches >> check only a single intercept bit. >> >> Page 581 : Layout of VMCB says Byte offset 00Ch : bit 29 Intercept >> task switches. >> >> ---------------------------------------- >> -- >> To unsubscribe from this list: send the line "unsubscribe kvm" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
