2

我尝试了多种方法来中断对 smbase 的写入。首先我试过

board.mb.cpu0.core[0][0].break-msr 0x9E

但是当我运行时,它会永远运行而不会中断。

然后我试图闯入 SMM,然后只跟踪它的访问,但这显示没有命中。

simics> break-hap X86_Leave_SMM
simics> break-hap X86_Enter_SMM
simics> r
[board.mb.sb.lpc.bank.cs_conf unimpl] Write to unimplemented field cs_conf.oic.aen (0x31ff) (value written = 0x01, contents = 0x00), will not warn again.
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 0
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 1
break-hap
break-hap
simics> board.mb.cpu0.core[0][0].trace-msr -all
simics> r
[board.mb.cpu0.core[1][0] trace-hap] X86_Leave_SMM 0
[board.mb.cpu0.core[1][0] trace-hap] X86_Leave_SMM 1
Setting new inspection object: board.mb.cpu0.core[1][0]
break-hap
break-hap

然后我想可能是 SMM 退出中断掩盖了写入,所以我尝试在 SMM 入口上设置一个中断,然后中断所有MSR 写入并让它继续。但在下一次进入 SMM 之前,它没有显示任何中断。

simics> break-hap X86_Enter_SMM
simics> r
[board.mb.sb.lpc.bank.cs_conf unimpl] Write to unimplemented field cs_conf.oic.aen (0x31ff) (value written = 0x01, contents = 0x00), will not warn again.
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 0
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 1
break-hap
break-hap
simics> board.mb.cpu0.core[0][0].break-msr -all
simics> r
[board.mb.cpu0.core[2][0] trace-hap] X86_Enter_SMM 0
[board.mb.cpu0.core[2][0] trace-hap] X86_Enter_SMM 1
break-hap
break-hap

所以在下面你可以具体看到 msr_ia32_smbase 肯定是在 SMM 的第一次退出之后被写入的。但是,即使从 SMM 中运行,似乎也没有任何跟踪或中断功能表明这一点。那么这只是不支持的功能吗?

simics> board.mb.cpu0.core[0][0].trace-msr 0x9E
simics> board.mb.cpu0.core[0][0].trace-msr -list
[board.mb.cpu0.core[0][0]] Tracing enabled for these control registers:
  msr_ia32_smbase
simics> board.mb.cpu0.core[0][0].break-msr 0x9E
simics> board.mb.cpu0.core[0][0].break-msr -list
[board.mb.cpu0.core[0][0]] Breaking enabled for these control registers:
  msr_ia32_smbase
simics> break-hap X86_Enter_SMM
simics> break-hap X86_Leave_SMM
simics> print -x %msr_ia32_smbase
0x30000
simics> r
[board.mb.sb.lpc.bank.cs_conf unimpl] Write to unimplemented field cs_conf.oic.aen (0x31ff) (value written = 0x01, contents = 0x00), will not warn again.
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 0
[board.mb.cpu0.core[1][0] trace-hap] X86_Enter_SMM 1
break-hap
break-hap
simics> print -x %msr_ia32_smbase
0x30000
simics> r
[board.mb.cpu0.core[1][0] trace-hap] X86_Leave_SMM 0
[board.mb.cpu0.core[1][0] trace-hap] X86_Leave_SMM 1
Setting new inspection object: board.mb.cpu0.core[1][0]
break-hap
break-hap
simics> print -x %msr_ia32_smbase
0xdffcf000

ps 我认为 break-msr 的帮助有一个复制粘贴错误,因为它说“寄存器参数指定应该跟踪哪个段寄存器”。trace-msr 正确地说明了特定于模型的寄存器

4

1 回答 1

2

IA32_SMBASE MSR 是只读的 MSR,您可以查看 Intel 软件开发手册以找到此信息。

trace-msr 仅跟踪由 WRMSR 指令完成的对寄存器的写访问,即该命令不会跟踪内部流和属性/接口访问。

很可能,在您的情况下,SMBASE 已作为 RSM 流程的一部分进行更新,您可以查看 SDM 中的“SMBASE 重定位”部分以了解更多详细信息。因此,您不会从 trace-msr 命令收到任何消息。

我可以从您问题中的一小段日志中注意到的另一件事:您仅在 core[0][0] 上启用了 trace-msr 和 break-msr,同时您观察了 core[1][0] 上的 smbase 更改。查看此消息:“设置新的检查对象:board.mb.cpu0.core[1][0]”。

并感谢有关复制粘贴错误的说明。我会修好它。

于 2021-09-10T07:37:28.393 回答