24-24 Vol. 3C
VIRTUAL MACHINE CONTROL STRUCTURES
24.10 VMCS TYPES: ORDINARY AND SHADOW
Every VMCS is either an ordinary VMCS or a shadow VMCS. A VMCS’s type is determined by the shadow-VMCS
indicator in the VMCS region (this is the value of bit 31 of the first 4 bytes of the VMCS region; see Table 24-1): 0
indicates an ordinary VMCS, while 1 indicates a shadow VMCS. Shadow VMCSs are supported only on processors
that support the 1-setting of the “VMCS shadowing” VM-execution control (see Section 24.6.2).
A shadow VMCS differs from an ordinary VMCS in two ways:
•
An ordinary VMCS can be used for VM entry but a shadow VMCS cannot. Attempts to perform VM entry when
the current VMCS is a shadow VMCS fail (see Section 26.1).
•
The VMREAD and VMWRITE instructions can be used in VMX non-root operation to access a shadow VMCS but
not an ordinary VMCS. This fact results from the following:
— If the “VMCS shadowing” VM-execution control is 0, execution of the VMREAD and VMWRITE instructions in
VMX non-root operation always cause VM exits (see Section 25.1.3).
— If the “VMCS shadowing” VM-execution control is 1, execution of the VMREAD and VMWRITE instructions in
VMX non-root operation can access the VMCS referenced by the VMCS link pointer (see Section 30.3).
— If the “VMCS shadowing” VM-execution control is 1, VM entry ensures that any VMCS referenced by the
VMCS link pointer is a shadow VMCS (see Section 26.3.1.5).
In VMX root operation, both types of VMCSs can be accessed with the VMREAD and VMWRITE instructions.
Software should not modify the shadow-VMCS indicator in the VMCS region of a VMCS that is active. Doing so may
cause the VMCS to become corrupted (see Section 24.11.1). Before modifying the shadow-VMCS indicator, soft-
ware should execute VMCLEAR for the VMCS to ensure that it is not active.
24.11 SOFTWARE USE OF THE VMCS AND RELATED STRUCTURES
This section details guidelines that software should observe when using a VMCS and related structures. It also
provides descriptions of consequences for failing to follow guidelines.
24.11.1 Software Use of Virtual-Machine Control Structures
To ensure proper processor behavior, software should observe certain guidelines when using an active VMCS.
No VMCS should ever be active on more than one logical processor. If a VMCS is to be “migrated” from one logical
processor to another, the first logical processor should execute VMCLEAR for the VMCS (to make it inactive on that
logical processor and to ensure that all VMCS data are in memory) before the other logical processor executes
VMPTRLD for the VMCS (to make it active on the second logical processor).
1
A VMCS that is made active on more
than one logical processor may become corrupted (see below).
Software should not modify the shadow-VMCS indicator (see Table 24-1) in the VMCS region of a VMCS that is
active. Doing so may cause the VMCS to become corrupted. Before modifying the shadow-VMCS indicator, software
should execute VMCLEAR for the VMCS to ensure that it is not active.
Software should use the VMREAD and VMWRITE instructions to access the different fields in the current VMCS (see
Section 24.11.2). Software should never access or modify the VMCS data of an active VMCS using ordinary
memory operations, in part because the format used to store the VMCS data is implementation-specific and not
architecturally defined, and also because a logical processor may maintain some VMCS data of an active VMCS on
the processor and not in the VMCS region. The following items detail some of the hazards of accessing VMCS data
using ordinary memory operations:
•
Any data read from a VMCS with an ordinary memory read does not reliably reflect the state of the VMCS.
Results may vary from time to time or from logical processor to logical processor.
1. As noted in Section 24.1, execution of the VMPTRLD instruction makes a VMCS is active. In addition, VM entry makes active any
shadow VMCS referenced by the VMCS link pointer in the current VMCS. If a shadow VMCS is made active by VM entry, it is neces-
sary to execute VMCLEAR for that VMCS before allowing that VMCS to become active on another logical processor.