Main article: X86 virtualization
The IA-32 instruction set of the Pentium processor contains 17 sensitive, unprivileged instructions. They can be categorized in two groups:
Sensitive register instructions: read or change sensitive registers and/or memory locations such as a clock register or interrupt registers:
SGDT, SIDT, SLDT
SMSW
PUSHF, POPF
Protection system instructions: reference the storage protection system, memory or address relocation system:
LAR, LSL, VERR, VERW
POP
PUSH
CALL, JMP, INT n, RET
STR
MOV
The introduction of the AMD-V and Intel VT-x instruction sets in 2005 allows x86 processors to meet the Popek and Goldberg virtualization requirements.
关键指令(Critical Instruction)指敏感但非特权指令,需要在Guest OS中人为地在CI指令处做trap处理,以便由VMM进行处理。
CI指令的扫描与修补(Scanning and Patching)以代码块为单位,对Guest OS以及其中运行的程序代码进行扫描,遇到分支指令时,深入到每个分支进行扫描和修补。
修补方法,就是将CI指令替换成相应的trap指令,确保VMM有机会处理到所有敏感指令。