APIC: Difference between revisions

← Older edit

APIC (view source)

Revision as of 05:11, 9 June 2024

411 bytes added , 26 days ago

m

Bot: Replace deprecated source tag with syntaxhighlight

[unchecked revision]

VisualWikitext

Xtex

Interface administrators, Administrators

972

edits

Revision as of 23:54, 4 September 2021 (view source) Sebastian (talk \| contribs) m (Use upper case at begin) ← Older edit		Latest revision as of 05:11, 9 June 2024 (view source) Xtex (talk \| contribs) m (Bot: Replace deprecated source tag with syntaxhighlight)
(18 intermediate revisions by 7 users not shown)
Line 20: Inter-Processor Interrupts (IPIs) are generated by a local APIC and can be used as basic signaling for scheduling coordination, multi-processor bootstrapping, etc. Detailed information on issuing them are available in the Chapter 11.6 of Volume 3 of the Intel Software Developer's Manual, available at the bottom of the page. == Local APIC configuration == Line 33 ⟶ 34: Here are some code examples on setting up the APIC: <~~source~~syntaxhighlight lang="c"> #define IA32_APIC_BASE_MSR 0x1B #define IA32_APIC_BASE_MSR_BSP 0x100 // Processor is a BSP Line 76 ⟶ 77: void enable_apic() { /* Section 11.4.1 of 3rd volume of Intel SDM recommends mapping the base address page as strong uncacheable for correct APIC operation. / / Hardware enable the Local APIC if it wasn't enabled / cpu_set_apic_base(cpu_get_apic_base()); Line 82 ⟶ 85: write_reg(0xF0, ReadRegister(0xF0) \| 0x100); } </syntaxhighlight> ~~</source>~~ == Local APIC and x86 SMM Attacks == Line 89 ⟶ 92: As System Management Mode's memory (SMRAM) is given a protected range of memory (which can vary from system to system), it is possible to map the APIC memory location into the SMRAM. The result of this is that SMM memory is pushed outside its protected range and exposed to lesser-privileged permission rings. Using this method, attackers can leverage their permissions using System Management Mode, which is protected from all rings above -2. In newer generation Intel processors (starting with the [https://en.wikipedia.org/wiki/Intel_Atom Intel Atom] in 2013), this has been taken into account. An undocumented check is performed against the [[System Management Range Registers]] when the APIC is relocated to memory. This check ensures that the APIC does not overlap with the SMRAM. '''However''', this relies on the SMRR to be configured correctly. Otherwise, this mitigation will not work properly and attackers will still be able to ~~user~~use the attack. == Local APIC registers == Line 254 ⟶ 257: === EOI Register === Write to the register with offset 0xB0 using the value 0 to signal an end of interrupt. A non-zero value ~~causes~~may cause a general protection fault. === Local Vector Table Registers === Line 302 ⟶ 305: \|- \| Bits 8-10 \| The ~~destination~~delivery mode. 0 is normal, 1 is lowest priority, 2 is SMI, 4 is NMI, 5 can be INIT or INIT level de-assert, 6 is a SIPI. \|- \| Bit 11 Line 331 ⟶ 334: IOAPICBASE+0x10. All accesses must be done on 4 byte boundaries. The address register uses the bottom 8 bits for register select. Here is some example code that illustrates this: <~~source~~syntaxhighlight lang="c"> uint32_t cpuReadIoApic(void ioapicaddr, uint32_t reg) { Line 345 ⟶ 348: ioapic[4] = value; } </syntaxhighlight> ~~</source>~~ Note the use of the [[volatile (keyword)\|volatile]] keyword. This prevents a compiler like [[Visual C]] from reordering or optimizing away the memory accesses, which would be a Bad Thing™. The volatile keyword is put before the '' sign. It means that the ''value pointed to'' is volatile, not the pointer itself. Line 413 ⟶ 416: \| rowspan="3" \| Bits 24-31 \| Flat model \| Bitmap of target processors (each bit identifies single processor; supports a maximum of 8 local APIC units) \|- \| rowspan="2" \| Cluster model Line 433 ⟶ 436: \|} The cluster addressing scheme has some limitations on the Pentium era systems. It may require special hardware to route the APIC bus messages between different CPU clusters or that it is sometimes limited to 15 agents (CPUs) in total. More info can be found in [https://books.google.com/books?id=TVzjEZg1--YC&printsec=frontcover "Pentium Processor System Architecture. Chapter 15: The APIC"] 'Don't use cluster mode addressing, especially "hierarchical cluster mode". AFAIK it was intended for large NUMA systems, where there's a "node controller" for each NUMA domain that forwarded interrupts to CPUs within that NUMA domain (with a seperate APIC bus for each NUMA domain). Unless your chipset has these "node controllers" (or "cluster managers" as Intel calls them) it won't work, and no modern computers have them (AFAIK there are only a few obscure Pentium III/P6 NUMA systems that ever did). You want to use "flat model" for normal SMP and for most NUMA systems (including AMD's).' ([http://forum.osdev.org/viewtopic.php?f=1&t=14808&start=17 Brendan]) Operating systems running on 64-bit processors typically use "Flat model" when the system has up to 8 CPUs. If more than 8 CPUs is used some OSes use cluster model which allow to address in total 60 CPUs (cluster 0xf is a broadcast and there is 15 clusters with 4 CPUs in each). The logical delivery mode is handy to address multiple CPUs when doing IPIs or it might be used in conjunction with lowest priority delivery mode to deliver IRQs from MSI/IO-APICs to a certain CPU in the group specified in the destination field. ~~More info can be found in [https://books.google.nl/books?id=TVzjEZg1--YC&printsec=frontcover "Pentium Processor System Architecture. Chapter 15: The APIC"]~~ == See Also == Line 444 ⟶ 449: ===Threads=== [~~http~~https://~~www~~forum.osdev.org~~/phpBB2~~/viewtopic.php?t=10686 APIC timer] * [~~http~~https://~~www~~forum.osdev.org~~/phpBB2~~/viewtopic.php?t=11529 Mapping the I/O APIC] * [~~http~~https://~~www~~forum.osdev.org~~/phpBB2~~/viewtopic.php?p=107868#107868 Brendan gives some general info on the APIC and implementing it.] ===External Links=== Line 458 ⟶ 463: [[Category:Interrupts]] ~~[[Category:Time]]~~ [[Category:Multiprocessing]] [[de:Advanced Programmable Interrupt Controller]]