Vol. 3C 25-9
VMX NON-ROOT OPERATION
— If both controls are 0, RDTSC operates normally.
— If the “RDTSC exiting” VM-execution control is 0 and the “use TSC offsetting” VM-execution control is 1, the
value returned is determined by the setting of the “use TSC scaling” VM-execution control:
•
If the control is 0, RDTSC loads EAX:EDX with the sum of the value of the IA32_TIME_STAMP_COUNTER
MSR and the value of the TSC offset.
•
If the control is 1, RDTSC first computes the product of the value of the IA32_TIME_STAMP_COUNTER
MSR and the value of the TSC multiplier. It then shifts the value of the product right 48 bits and loads
EAX:EDX with the sum of that shifted value and the value of the TSC offset.
— If the “RDTSC exiting” VM-execution control is 1, RDTSC causes a VM exit.
•
RDTSCP. Behavior of the RDTSCP instruction is determined first by the setting of the “enable RDTSCP”
VM-execution control:
— If the “enable RDTSCP” VM-execution control is 0, RDTSCP causes an invalid-opcode exception (#UD). This
exception takes priority over any other exception the instruction may incur.
— If the “enable RDTSCP” VM-execution control is 1, treatment is based on the settings of the “RDTSC exiting”
and “use TSC offsetting” VM-execution controls:
•
If both controls are 0, RDTSCP operates normally.
•
If the “RDTSC exiting” VM-execution control is 0 and the “use TSC offsetting” VM-execution control is 1,
the value returned is determined by the setting of the “use TSC scaling” VM-execution control:
—
If the control is 0, RDTSCP loads EAX:EDX with the sum of the value of the
IA32_TIME_STAMP_COUNTER MSR and the value of the TSC offset.
—
If the control is 1, RDTSCP first computes the product of the value of the
IA32_TIME_STAMP_COUNTER MSR and the value of the TSC multiplier. It then shifts the value of
the product right 48 bits and loads EAX:EDX with the sum of that shifted value and the value of the
TSC offset.
In either case, RDTSCP also loads ECX with the value of bits 31:0 of the IA32_TSC_AUX MSR.
•
If the “RDTSC exiting” VM-execution control is 1, RDTSCP causes a VM exit.
•
SMSW. The behavior of SMSW is determined by the CR0 guest/host mask and the CR0 read shadow. For each
position corresponding to a bit clear in the CR0 guest/host mask, the destination operand is loaded with the
value of the corresponding bit in CR0. For each position corresponding to a bit set in the CR0 guest/host mask,
the destination operand is loaded with the value of the corresponding bit in the CR0 read shadow. Thus, if every
bit is cleared in the CR0 guest/host mask, MOV from CR0 reads normally from CR0; if every bit is set in the CR0
guest/host mask, MOV from CR0 returns the value of the CR0 read shadow.
Note the following: (1) for any memory destination or for a 16-bit register destination, only the low 16 bits of
the CR0 guest/host mask and the CR0 read shadow are used (bits 63:16 of a register destination are left
unchanged); (2) for a 32-bit register destination, only the low 32 bits of the CR0 guest/host mask and the CR0
read shadow are used (bits 63:32 of the destination are cleared); and (3) depending on the contents of the
CR0 guest/host mask and the CR0 read shadow, bits may be set in the destination that would never be set
when reading directly from CR0.
•
WRMSR. Section 25.1.3 identifies when executions of the WRMSR instruction cause VM exits. If such an
execution neither a fault due to CPL > 0 nor a VM exit, the instruction’s behavior may be modified for certain
values of ECX:
— If ECX contains 79H (indicating IA32_BIOS_UPDT_TRIG MSR), no microcode update is loaded, and control
passes to the next instruction. This implies that microcode updates cannot be loaded in VMX non-root
operation.
— On processors that support Intel PT but which do not allow it to be used in VMX operation, if ECX contains
570H (indicating the IA32_RTIT_CTL MSR), the instruction causes a general-protection exception if it
attempts IA32_RTIT_CTL.TraceEn.
1
1. Software should read the VMX capability MSR IA32_VMX_MISC to determine whether the processor allows Intel PT to be used in
VMX operation (see Appendix A.6).