background image

Vol. 3C 24-13

VIRTUAL MACHINE CONTROL STRUCTURES

An execution of MOV to CR3 in VMX non-root operation does not cause a VM exit if its source operand matches one 
of these values. If the CR3-target count is n, only the first n CR3-target values are considered; if the CR3-target 
count is 0, MOV to CR3 always causes a VM exit
There are no limitations on the values that can be written for the CR3-target values. VM entry fails (see Section 
26.2) 
if the CR3-target count is greater than 4.
Future processors may support a different number of CR3-target values. Software should read the VMX capability 
MSR IA32_VMX_MISC (see Appendix A.6) to determine the number of values supported.

24.6.8 

Controls for APIC Virtualization

There are three mechanisms by which software accesses registers of the logical processor’s local APIC:

If the local APIC is in xAPIC mode, it can perform memory-mapped accesses to addresses in the 4-KByte page 
referenced by the physical address in the IA32_APIC_BASE MSR (see Section 10.4.4, “Local APIC Status and 
Location” in
 the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A and Intel® 64 
Architecture Processor Topology Enumeration
).

1

If the local APIC is in x2APIC mode, it can accesses the local APIC’s registers using the RDMSR and WRMSR 
instructions (see Intel® 64 Architecture Processor Topology Enumeration).

In 64-bit mode, it can access the local APIC’s task-priority register (TPR) using the MOV CR8 instruction.

There are five processor-based VM-execution controls (see Section 24.6.2) that control such accesses. There are 
“use TPR shadow”, “virtualize APIC accesses”, “virtualize x2APIC mode”, “virtual-interrupt delivery”, and “APIC-
register virtualization”. These controls interact with the following fields:

APIC-access address (64 bits). This field contains the physical address of the 4-KByte APIC-access page
If the “virtualize APIC accesses” VM-execution control is 1, access to this page may cause VM exits or be 
virtualized by the processor. See Section 29.4.
The APIC-access address exists only on processors that support the 1-setting of the “virtualize APIC accesses” 
VM-execution control.

Virtual-APIC address (64 bits). This field contains the physical address of the 4-KByte virtual-APIC page
The processor uses the virtual-APIC page to virtualize certain accesses to APIC registers and to manage virtual 
interrupts; see Chapter 29.
Depending on the setting of the controls indicated earlier, the virtual-APIC page may be accessed by the 
following operations:
— The MOV CR8 instructions (see Section 29.3).
— Accesses to the APIC-access page if, in addition, the “virtualize APIC accesses” VM-execution control is 1 

(see Section 29.4).

— The RDMSR and WRMSR instructions if, in addition, the value of ECX is in the range 800H–8FFH (indicating 

an APIC MSR) and the “virtualize x2APIC mode” VM-execution control is 1 (see Section 29.5).

If the “use TPR shadow” VM-execution control is 1, VM entry ensures that the virtual-APIC address is 4-KByte 
aligned. The virtual-APIC address exists only on processors that support the 1-setting of the “use TPR shadow” 
VM-execution control.

TPR threshold (32 bits). Bits 3:0 of this field determine the threshold below which bits 7:4 of VTPR (see 
Section 29.1.1) cannot fall. If the “virtual-interrupt delivery” VM-execution control is 0, a VM exit occurs after 
an operation (e.g., an execution of MOV to CR8) that reduces the value of those bits below the TPR threshold. 
See Section 29.1.2.
The TPR threshold exists only on processors that support the 1-setting of the “use TPR shadow” VM-execution 
control.

EOI-exit bitmap (4 fields; 64 bits each). These fields are supported only on processors that support the 1-
setting of the “virtual-interrupt delivery” VM-execution control. They are used to determine which virtualized 
writes to the APIC’s EOI register cause VM exits:

1. If the local APIC does not support x2APIC mode, it is always in xAPIC mode.