问题
I've been searching for a clear difference b/w a Sensitive and Privileged instruction but its all blurry right now.
As far as i know: A sensitive instruction NEEDS TO trap to kernel mode if executed in User space else it gets ignored while a Privileged instruction WILL TRAP to Kernel mode if executed in User space.
This difference is vague and unsatisfactory for me. Feel free to drop an AWESOME answer!
EDIT: Just a thought, are these the same thing?
回答1:
The terms are usually used in the context of hardware virtualization: virtual machines. Sensitive instructions are those that the hypervisor or virtual machine monitor (VMM) wants to trap and emulate to give an unmodified OS the illusion it owns its hardware resources, i.e. to successfully virtualize and run an OS.
Meanwhile, privileged instructions just refers to the set of instructions that your ISA defines as privileged. That is, these instructions must be executed by a process running in ring 0. (Notice this notion has nothing to do with userspace or kernel mode per se, instead it has to do with the ring level your process is running in. It just so happens that almost all the time, we run userspace processes in ring 3 and the kernel in ring 0).
Ideally, we want the set of sensitive instructions to equal that of privileged instructions, this allows us to trap and emulate using the existing hardware. That used to not be the case though, so hardware extensions e.g Intel VT-x were created to address this problem. Almost all modern CPUs have support for hardware virtualization, partially by allowing the VMM to trap and emulate all sensitive instructions.
See for more background and sources: Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
来源:https://stackoverflow.com/questions/54311376/difference-between-sensitive-instructions-and-privileged-instructions