24-4 Vol. 3C

VIRTUAL MACHINE CONTROL STRUCTURES

24.4 GUEST-STATE 

AREA

This section describes fields contained in the guest-state area of the VMCS. As noted earlier, processor state is 
loaded from these fields on every VM entry (see Section 26.3.2) and stored into these fields on every VM exit (see 
Section 27.3).

24.4.1 

Guest Register State

The following fields in the guest-state area correspond to processor registers:

•

Control registers CR0, CR3, and CR4 (64 bits each; 32 bits on processors that do not support Intel 64 archi-
tecture).

•

Debug register DR7 (64 bits; 32 bits on processors that do not support Intel 64 architecture).

•

RSP, RIP, and RFLAGS (64 bits each; 32 bits on processors that do not support Intel 64 architecture).

1

•

The following fields for each of the registers CS, SS, DS, ES, FS, GS, LDTR, and TR:
— Selector (16 bits).
— Base address (64 bits; 32 bits on processors that do not support Intel 64 architecture). The base-address 

fields for CS, SS, DS, and ES have only 32 architecturally-defined bits; nevertheless, the corresponding 
VMCS fields have 64 bits on processors that support Intel 64 architecture.

— Segment limit (32 bits). The limit field is always a measure in bytes.
— Access rights (32 bits). The format of this field is given in Table 24-2 and detailed as follows:

•

The low 16 bits correspond to bits 23:8 of the upper 32 bits of a 64-bit segment descriptor. While bits 

19:16 of code-segment and data-segment descriptors correspond to the upper 4 bits of the segment 
limit, the corresponding bits (bits 11:8) are reserved in this VMCS field.

•

Bit 16 indicates an unusable segment. Attempts to use such a segment fault except in 64-bit mode. 

In general, a segment register is unusable if it has been loaded with a null selector.

2

•

Bits 31:17 are reserved.

1. This chapter uses the notation RAX, RIP, RSP, RFLAGS, etc. for processor registers because most processors that support VMX oper-

ation also support Intel 64 architecture. For processors that do not support Intel 64 architecture, this notation refers to the 32-bit 

forms of those registers (EAX, EIP, ESP, EFLAGS, etc.). In a few places, notation such as EAX is used to refer specifically to lower 32 

bits of the indicated register.

2. There are a few exceptions to this statement. For example, a segment with a non-null selector may be unusable following a task 

switch that fails after its commit point; see “Interrupt 10—Invalid TSS Exception (#TS)” in Section 6.14, “Exception and Interrupt 

Handling in 64-bit Mode,” of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A. In contrast, the TR reg-

ister is usable after processor reset despite having a null selector; see Table 10-1 in the Intel® 64 and IA-32 Architectures Software 

Developer’s Manual, Volume 3A.

Table 24-2.  Format of Access Rights 

Bit Position(s)

Field

3:0

Segment type

4

S — Descriptor type (0 = system; 1 = code or data)

6:5

DPL — Descriptor privilege level

7

P — Segment present

11:8

Reserved

12

AVL — Available for use by system software