background image

Vol. 3C 23-3




Before system software can enter VMX operation, it enables VMX by setting CR4.VMXE[bit 13] = 1. VMX operation 
is then entered by executing the VMXON instruction. VMXON causes an invalid-opcode exception (#UD) if executed 
with CR4.VMXE = 0. Once in VMX operation, it is not possible to clear CR4.VMXE (see Section 23.8). System soft-
ware leaves VMX operation by executing the VMXOFF instruction. CR4.VMXE can be cleared outside of VMX opera-
tion after executing of VMXOFF.
VMXON is also controlled by the IA32_FEATURE_CONTROL MSR (MSR address 3AH). This MSR is cleared to zero 
when a logical processor is reset. The relevant bits of the MSR are:

Bit 0 is the lock bit. If this bit is clear, VMXON causes a general-protection exception. If the lock bit is set, 
WRMSR to this MSR causes a general-protection exception; the MSR cannot be modified until a power-up reset 
condition. System BIOS can use this bit to provide a setup option for BIOS to disable support for VMX. To 
enable VMX support in a platform, BIOS must set bit 1, bit 2, or both (see below), as well as the lock bit.

Bit 1 enables VMXON in SMX operation. If this bit is clear, execution of VMXON in SMX operation causes a 
general-protection exception. Attempts to set this bit on logical processors that do not support both VMX 
operation (see Section 23.6) and SMX operation (see Chapter 6, “Safer Mode Extensions Reference,” in Intel® 
64 and IA-32 Architectures Software Developer’s Manual, Volume 2D
) cause gener
al-protection exceptions.

Bit 2 enables VMXON outside SMX operation. If this bit is clear, execution of VMXON outside SMX 
operation causes a general-protection exception. Attempts to set this bit on logical processors that do not 
support VMX operation (see Section 23.6) cause general-protection exceptions.


A logical processor is in SMX operation if GETSEC[SEXIT] has not been executed since the last 
execution of GETSEC[SENTER]. A logical processor is outside SMX operation if GETSEC[SENTER] 
has not been executed or if GETSEC[SEXIT] was executed after the last execution of 
GETSEC[SENTER]. See Chapter 6, “Safer Mode Extensions Reference,” in Intel® 64 and IA-32 
Architectures Software Developer’s Manual, Volume 2D

Before executing VMXON, software should allocate a naturally aligned 4-KByte region of memory that a logical 
processor may use to support VMX operation.


 This region is called the VMXON region. The address of the VMXON 

region (the VMXON pointer) is provided in an operand to VMXON. Section 24.11.5, “VMXON Region,” details how 
software should initialize and access the VMXON region.



VMX operation places restrictions on processor operation. These are detailed below:

In VMX operation, processors may fix certain bits in CR0 and CR4 to specific values and not support other 
values. VMXON fails if any of these bits contains an unsupported value (see “VMXON—Enter VMX Operation” in 
Chapter 30). Any attempt to set one of these bits to an unsupported value while in VMX operation (including 
VMX root operation) using any of the CLTS, LMSW, or MOV CR instructions causes a general-protection 
exception. VM entry or VM exit cannot set any of these bits to an unsupported value. Software should consult 
the VMX capability MSRs IA32_VMX_CR0_FIXED0 and IA32_VMX_CR0_FIXED1 to determine how bits in CR0 
are fixed (see Appendix A.7). For CR4, software should consult the VMX capability MSRs 
IA32_VMX_CR4_FIXED0 and IA32_VMX_CR4_FIXED1 (see Appendix A.8).


The first processors to support VMX operation require that the following bits be 1 in VMX operation: 
CR0.PE, CR0.NE, CR0.PG, and CR4.VMXE. The restrictions on CR0.PE and CR0.PG imply that VMX 
operation is supported only in paged protected mode (including IA-32e mode). Therefore, guest 
software cannot be run in unpaged protected mode or in real-address mode. See Section 31.2, 

1. Future processors may require that a different amount of memory be reserved. If so, this fact is reported to software using the 

VMX capability-reporting mechanism.