x86interruptvirtualizationhypervisor

How does Hypervisor deal with sensitive instructions executed from host process that is not VM-instance?


I know So-called Type2 Hypervisor(such as VMWare Workstation, VirtualBox) is implemented as kernel module. And VM-instance is host OS process.

Assume the following situation.(I understand this is strange but for simplicity)

I don't understand that whether Hypervisor traps sensitive instructions or not, while running calc.exe on CPU.

I have two ideas.

i) Hypervisor traps sensitive instructions from calc.exe. Hypervisor identifies calc.exe or VM-instance process. And if necessary Hypervisor emulates it that executed from VM-instance process.

ii) Hypervisor doesn't execute vmresume when VM-EXIT caused by interrupt for context switch. In other words, CPU is "VMX ROOT MODE" while executes calc.exe. Therefore Hypervisor doesn't work.

In case of ii), How does Hypervisor execute vmresume when VM-instance process is reassigned to CPU?

Thank you.

Imagine Context Switch


Solution

  • Being "sensitive" means an instruction could tell the difference between running inside a guest VM or not. (Or could affect state outside the guest VM). calc.exe isn't running inside a guest VM so it doesn't matter what it does.

    calc.exe is basically part of the hypervisor. It's up to normal OS mechanisms to stop a user-space process from messing up other processes (including the guest VM), i.e. not letting them disable interrupts or overwrite the memory of other processes.