为什么 firststeps.simics 和 qsp-client-core.simics 之间的 SMM 行为不同?

【问题标题】:Why is the SMM behavior different between firststeps.simics and qsp-client-core.simics?为什么 firststeps.simics 和 qsp-client-core.simics 之间的 SMM 行为不同?
【发布时间】:2021-10-26 09:06:45
【问题描述】:

如果我在firststeps.simics 中设置SMM 断点并检查寄存器,它会显示预期的RIP = 0x8000CS base = 0x30000。但是如果我在qsp-client-core.simics中做同样的事情,它会显示RIP = 0xdffebe74CS base = 0,我不明白为什么。

最终我看到SMBASE0x30000 移动到0xdffcd000。但似乎 X58 芯片组手册所说的是 TSeg,并没有设置为相同的值,这是我所期望的。知道为什么永远不会设置 TSeg 吗?

simics> print -x %msr_ia32_smbase
0xdffcd000
simics> get-device-offset  board.mb.nb.core_misc.bank.pci_config 0xA8 4
0 (LE)

(注意:我在直到 skylake 的平台上对此进行了测试,但它似乎只在 qsp-client-core.simics 默认的咖啡湖上以这种方式运行)

【问题讨论】:

    标签: simics


    【解决方案1】:

    我刚刚尝试了firststeps.simics,我可以看到 smm 处理程序也被重新定位。 smm_base 在第一个条目中是 0x30000,但它几乎立即更改为 0xdffd3000

    $ ./simics targets/qsp-x86/qsp-client-core.simics
simics> output-radix 16
simics> board.mb.cpu0.core[0][0]->smm_base
0x30000
simics> continue-seconds 30
simics> board.mb.cpu0.core[0][0]->smm_base
0xdffd3000

    您也可以从日志中清楚地看到这一点:

    simics> board.mb.cpu0.core[0][0].log-group -disable MSR
board.mb.cpu0.core[0][0]:
 enabled log groups: "Intermediate code" "Performance hint" "Other" "VMX" "Hardware breakpoints" "Pin change" "FPU" "Exception" "VM-monitor" "MONITOR" "X86 other" "Default_Log_Group"
 disabled log groups: "MSR"
simics> board.mb.cpu0.core[0][0].log-level 2
[board.mb.cpu0.core[0][0]] Changing log level: 1 -> 2
simics> log-setup -time-stamp 
simics> c
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0x83939a 388559012} IA32_FEATURE_CONTROL set to 0x5
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353932 388714533} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353987 388714952} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353932 388781185} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf353987 388781604} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf5765f5 389274426} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdf57664a 389274845} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdef5ed20 393668159} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdef5ecf0 393668269} Cache flush (with write-back)
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdffebe6e 397678713} SMI raised
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdffe43a9 397679321} New SMM base: 0xdffd3000
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdefc3471 398242965} SMI raised
[board.mb.cpu0.core[0][0] info] {board.mb.cpu0.core[0][0] 0xdefc3471 403646564} SMI raised

    如您所见,首先调用 SMM 处理程序会更改 smm_base,这是相当典型的做法。

    我不知道Tseg,但希望我至少部分回答了您的问题。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2017-04-03
      • 2015-05-22
      • 1970-01-01
      • 2017-10-30
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-07-08
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode