[vbox-dev] VBox CSAM/PATM in VMX mode

Sander van Leeuwen Sander.Vanleeuwen at Sun.COM
Thu Apr 15 07:31:54 GMT 2010


As Frank already said PATM/CSAM is completely disabled for VT-x and AMD-V.
There is limited patching for such modes, but it is separate as it's too 
different from
the software virtualization (aka raw mode) mechanism. See 
HWACCMR3PatchTprInstr in

This patching works a little bit differently as it relies on the guest 
additions to allocate a block of
executable memory to be used to store the patch code. It's not nearly as 
powerful as PATM as
it only does simple code changes to optimize TPR APIC accesses inside 
the guest.


On 4/15/2010 9:10 AM, Frank Mehnert wrote:
> Hi Martim,
> please ask such questions at the vbox-dev mailing list (see
>    http://www.virtualbox.org/mailman/listinfo/vbox-dev
> for instructions how to subscribe) so more developers have a chance
> to answer. Regarding your problem:
> On Wednesday 14 April 2010, you wrote:
>> I am currently using Vbox OSE for a research project and was wondering
>> if I could ask you some questions regarding VBox internals.
>> Basically, my goal is to be able to run a VM with Intel VMX enabled,
>> but I would also like to have PATM/CSAM operational in order to patch
>> specific instructions of my choice in the guest OS's kernel. Is this
>> possible or would it require extensive modifications?
>> I guess the first question would be whether PATM/CSAM is used at all
>> when a guest is running with VMX enabled. If yes, then I guess it is
>> just a matter of modifying it so that it patches the relevant
>> instructions when analyzing the kernel code. If not, I guess I would
>> have to enable it somehow by modifying the code.
>> Given the size and complexity of VirtualBox's code, it would be great
>> if you could provide me some initial pointers on how to achieve this.
> The raw mode (this is how we call the mode when VMX/AMD-V is disabled
> and the guest code is handled by the CSAM/PATM) requires that a part of
> VirtualBox (the hypervisor) is executed in the guest context. This
> code runs at ring 0 while the guest code runs at ring 1 (kernel) / ring 3
> (userland). Certain instructions of the guest code is replaced by the
> PATM and the patches branch to the hypervisor to emulate privileged
> instructions for the guest.
> If VMX or AMD-V is enabled, the guest runs completely unmodified and there
> is no code of the VirtualBox hypervisor which is executed in the guest
> context. In fact CSAM and PATM are completely disabled if VMX/AMD-V is
> active. So to answer your question: No, I don't think this is possible,
> at least not without a major rewrite of the code.
> Some basic overview of the VirtualBox architecture can be found here:
>    http://www.virtualbox.org/wiki/VirtualBox_architecture
> Apart from this online documentation I think the only source of information
> we can provide is the source code.
> Kind regards,
> Frank

Kind regards / Mit freundlichen Gruessen / Met vriendelijke groet


Sun Microsystems GmbH        Sander van Leeuwen
Werkstrasse 24               Senior Staff Engineer, VirtualBox
71384 Weinstadt, Germany     mailto:Sander.Vanleeuwen at sun.com

Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten
Amtsgericht Mnchen: HRB 161028
Gesch„ftsfhrer: Thomas Schr”der

More information about the vbox-dev mailing list