[vbox-dev] VBox CSAM/PATM in VMX mode
Sander van Leeuwen
Sander.Vanleeuwen at Sun.COM
Thu Apr 15 00:31:54 PDT 2010
As Frank already said PATM/CSAM is completely disabled for VT-x and AMD-V.
There is limited patching for such modes, but it is separate as it's too
the software virtualization (aka raw mode) mechanism. See
This patching works a little bit differently as it relies on the guest
additions to allocate a block of
executable memory to be used to store the patch code. It's not nearly as
powerful as PATM as
it only does simple code changes to optimize TPR APIC accesses inside
On 4/15/2010 9:10 AM, Frank Mehnert wrote:
> Hi Martim,
> please ask such questions at the vbox-dev mailing list (see
> for instructions how to subscribe) so more developers have a chance
> to answer. Regarding your problem:
> On Wednesday 14 April 2010, you wrote:
>> I am currently using Vbox OSE for a research project and was wondering
>> if I could ask you some questions regarding VBox internals.
>> Basically, my goal is to be able to run a VM with Intel VMX enabled,
>> but I would also like to have PATM/CSAM operational in order to patch
>> specific instructions of my choice in the guest OS's kernel. Is this
>> possible or would it require extensive modifications?
>> I guess the first question would be whether PATM/CSAM is used at all
>> when a guest is running with VMX enabled. If yes, then I guess it is
>> just a matter of modifying it so that it patches the relevant
>> instructions when analyzing the kernel code. If not, I guess I would
>> have to enable it somehow by modifying the code.
>> Given the size and complexity of VirtualBox's code, it would be great
>> if you could provide me some initial pointers on how to achieve this.
> The raw mode (this is how we call the mode when VMX/AMD-V is disabled
> and the guest code is handled by the CSAM/PATM) requires that a part of
> VirtualBox (the hypervisor) is executed in the guest context. This
> code runs at ring 0 while the guest code runs at ring 1 (kernel) / ring 3
> (userland). Certain instructions of the guest code is replaced by the
> PATM and the patches branch to the hypervisor to emulate privileged
> instructions for the guest.
> If VMX or AMD-V is enabled, the guest runs completely unmodified and there
> is no code of the VirtualBox hypervisor which is executed in the guest
> context. In fact CSAM and PATM are completely disabled if VMX/AMD-V is
> active. So to answer your question: No, I don't think this is possible,
> at least not without a major rewrite of the code.
> Some basic overview of the VirtualBox architecture can be found here:
> Apart from this online documentation I think the only source of information
> we can provide is the source code.
> Kind regards,
Kind regards / Mit freundlichen Gruessen / Met vriendelijke groet
Sun Microsystems GmbH Sander van Leeuwen
Werkstrasse 24 Senior Staff Engineer, VirtualBox
71384 Weinstadt, Germany mailto:Sander.Vanleeuwen at sun.com
Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten
Amtsgericht Mnchen: HRB 161028
Geschftsfhrer: Thomas Schrder
More information about the vbox-dev