敏感指令与特权指令之间的区别 [英] Difference between Sensitive Instructions and Privileged Instructions

问题描述

我一直在寻找与敏感和特权指令明显不同的指令，但是现在所有指令都模糊了.

I've been searching for a clear difference b/w a Sensitive and Privileged instruction but its all blurry right now.

据我所知:如果在用户空间中执行，敏感指令需要会陷入内核模式，否则它会被忽略，而特权指令将会陷阱进入内核模式如果在用户空间中执行.

As far as i know: A sensitive instruction NEEDS TO trap to kernel mode if executed in User space else it gets ignored while a Privileged instruction WILL TRAP to Kernel mode if executed in User space.

这种差异对我来说是模糊的并且不能令人满意.随意放弃一个令人敬畏的答案！

This difference is vague and unsatisfactory for me. Feel free to drop an AWESOME answer!

只是一个想法，这些都是同一回事吗?

Just a thought, are these the same thing?

推荐答案

这些术语通常在硬件虚拟化的上下文中使用:虚拟机.敏感指令是 hypervisor 或虚拟机监视器(VMM)想要捕获并模仿以赋予未修改的操作系统以其拥有其硬件资源的错觉(即成功虚拟化)的指令.并运行操作系统.

The terms are usually used in the context of hardware virtualization: virtual machines. Sensitive instructions are those that the hypervisor or virtual machine monitor (VMM) wants to trap and emulate to give an unmodified OS the illusion it owns its hardware resources, i.e. to successfully virtualize and run an OS.

同时，特权指令仅指ISA定义为特权的指令集.也就是说，这些指令必须由在环0中运行的进程执行.(请注意，此概念与用户空间或内核模式本身没有关系，相反，它与您的进程的环级有关恰好发生在几乎所有情况下，我们都在环3中运行用户空间进程，而在环0中运行内核.)

Meanwhile, privileged instructions just refers to the set of instructions that your ISA defines as privileged. That is, these instructions must be executed by a process running in ring 0. (Notice this notion has nothing to do with userspace or kernel mode per se, instead it has to do with the ring level your process is running in. It just so happens that almost all the time, we run userspace processes in ring 3 and the kernel in ring 0).

理想情况下，我们希望敏感指令集等于特权指令集，这使我们可以使用现有硬件进行陷印和仿真.但是过去情况并非如此，因此创建了硬件扩展(例如Intel VT-x)来解决此问题.几乎所有现代CPU都支持硬件虚拟化，部分是通过允许VMM捕获并仿真所有敏感指令来实现的.

Ideally, we want the set of sensitive instructions to equal that of privileged instructions, this allows us to trap and emulate using the existing hardware. That used to not be the case though, so hardware extensions e.g Intel VT-x were created to address this problem. Almost all modern CPUs have support for hardware virtualization, partially by allowing the VMM to trap and emulate all sensitive instructions.

请参阅更多背景和资源: 英特尔奔腾支持安全虚拟机监控器的能力分析

See for more background and sources: Analysis of the Intel Pentium's ability to support a secure virtual machine monitor

这篇关于敏感指令与特权指令之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！