Page 1058

24-12 Vol. 3C

VIRTUAL MACHINE CONTROL STRUCTURES

24.6.3 Exception

Bitmap

The exception bitmap is a 32-bit field that contains one bit for each exception. When an exception occurs, its
vector is used to select a bit in this field. If the bit is 1, the exception causes a VM exit. If the bit is 0, the exception
is delivered normally through the IDT, using the descriptor corresponding to the exception’s vector.
Whether a page fault (exception with vector 14) causes a VM exit is determined by bit 14 in the exception bitmap
as well as the error code produced by the page fault and two 32-bit fields in the VMCS (the page-fault error-code
mask and page-fault error-code match). See Section 25.2 for details.

24.6.4 I/O-Bitmap

Addresses

The VM-execution control fields include the 64-bit physical addresses of I/O bitmaps A and B (each of which are
4 KBytes in size). I/O bitmap A contains one bit for each I/O port in the range 0000H through 7FFFH; I/O bitmap B
contains bits for ports in the range 8000H through FFFFH.
A logical processor uses these bitmaps if and only if the “use I/O bitmaps” control is 1. If the bitmaps are used,
execution of an I/O instruction causes a VM exit if any bit in the I/O bitmaps corresponding to a port it accesses is
1. See Section 25.1.3 for details. If the bitmaps are used, their addresses must be 4-KByte aligned.

24.6.5

Time-Stamp Counter Offset and Multiplier

The VM-execution control fields include a 64-bit TSC-offset field. If the “RDTSC exiting” control is 0 and the “use
TSC offsetting” control is 1, this field controls executions of the RDTSC and RDTSCP instructions. It also controls
executions of the RDMSR instruction that read from the IA32_TIME_STAMP_COUNTER MSR. For all of these, the
value of the TSC offset is added to the value of the time-stamp counter, and the sum is returned to guest software
in EDX:EAX.
Processors that support the 1-setting of the “use TSC scaling” control also support a 64-bit TSC-multiplier field.
If this control is 1 (and the “RDTSC exiting” control is 0 and the “use TSC offsetting” control is 1), this field also
affects the executions of the RDTSC, RDTSCP, and RDMSR instructions identified above. Specifically, the contents
of the time-stamp counter is first multiplied by the TSC multiplier before adding the TSC offset.
See Chapter 27 for a detailed treatment of the behavior of RDTSC, RDTSCP, and RDMSR in VMX non-root operation.

24.6.6

Guest/Host Masks and Read Shadows for CR0 and CR4

VM-execution control fields include guest/host masks and read shadows for the CR0 and CR4 registers. These
fields control executions of instructions that access those registers (including CLTS, LMSW, MOV CR, and SMSW).
They are 64 bits on processors that support Intel 64 architecture and 32 bits on processors that do not.
In general, bits set to 1 in a guest/host mask correspond to bits “owned” by the host:

•

Guest attempts to set them (using CLTS, LMSW, or MOV to CR) to values differing from the corresponding bits
in the corresponding read shadow cause VM exits.

•

Guest reads (using MOV from CR or SMSW) return values for these bits from the corresponding read shadow.

Bits cleared to 0 correspond to bits “owned” by the guest; guest attempts to modify them succeed and guest reads
return values for these bits from the control register itself.
See Chapter 27 for details regarding how these fields affect VMX non-root operation.

24.6.7 CR3-Target

Controls

The VM-execution control fields include a set of 4 CR3-target values and a CR3-target count. The CR3-target
values each have 64 bits on processors that support Intel 64 architecture and 32 bits on processors that do not. The
CR3-target count has 32 bits on all processors.