如果我SMM在其中设置断点firststeps.simics并检查寄存器,它会显示预期的RIP = 0x8000和CS base = 0x30000. 但是如果我在 中做同样的事情qsp-client-core.simics,它会显示RIP = 0xdffebe74和CS base = 0,我不明白为什么。
最终,我看到SMBASEget 从0x30000to移动0xdffcd000。但似乎 X58 芯片组手册所说的TSeg, 并没有设置为相同的值,这是我所期望的。知道为什么TSeg永远不会设置吗?
simics> print -x %msr_ia32_smbase
0xdffcd000
simics> get-device-offset board.mb.nb.core_misc.bank.pci_config 0xA8 4
0 (LE)
(注意:我在直到 skylake 的平台上对此进行了测试,它似乎只在qsp-client-core.simics默认设置的咖啡湖上以这种方式表现)
我刚刚尝试过firststeps.simics,我可以看到 smm 处理程序也被重新定位。
smm_base是在第一个条目,但它几乎立即0x30000变为:0xdffd3000
$ ./simics targets/qsp-x86/qsp-client-core.simics
simics> output-radix 16
simics> board.mb.cpu0.core[0][0]->smm_base
0x30000
simics> continue-seconds 30
simics> board.mb.cpu0.core[0][0]->smm_base
0xdffd3000
您也可以从日志中清楚地看到这一点:
simics> board.mb.cpu0.core[0][0].log-group -disable MSR
board.mb.cpu0.core[0][0]:
enabled log groups: "Intermediate code" "Performance hint" "Other" "VMX" "Hardware breakpoints" "Pin change" "FPU" "Exception" "VM-monitor" "MONITOR" "X86 other" "Default_Log_Group"
disabled log groups: "MSR"
simics> board.mb.cpu0.core[0][0].log-level 2
[board.mb.cpu0.core[0][0]] Changing log level: 1 -> 2
simics> log-setup -time-stamp
simics> c
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0x83939a 388559012} IA32_FEATURE_CONTROL set to 0x5
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353932 388714533} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353987 388714952} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353932 388781185} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353987 388781604} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf5765f5 389274426} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf57664a 389274845} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdef5ed20 393668159} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdef5ecf0 393668269} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdffebe6e 397678713} SMI raised
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdffe43a9 397679321} New SMM base: 0xdffd3000
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdefc3471 398242965} SMI raised
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdefc3471 403646564} SMI raised
如您所见,首先调用 SMM 处理程序会更改 smm_base,这是相当典型的事情。
我不知道,Tseg但希望我至少部分回答了你的问题。