background image

Vol. 3C 25-13

VMX NON-ROOT OPERATION

No MTF VM exit occurs if the processor is in either the shutdown activity state or wait-for-SIPI activity state. If 
a non-maskable interrupt subsequently takes the logical processor out of the shutdown activity state without 
causing a VM exit, an MTF VM exit is pending after delivery of that interrupt.

Special treatment may apply to Intel SGX instructions or if the logical processor is in enclave mode. See Section 
43.2 for details.

25.5.3 

Translation of Guest-Physical Addresses Using EPT

The extended page-table mechanism (EPT) is a feature that can be used to support the virtualization of physical 
memory. When EPT is in use, certain physical addresses are treated as guest-physical addresses and are not used 
to access memory directly. Instead, guest-physical addresses are translated by traversing a set of EPT paging 
structures to produce physical addresses that are used to access memory.
Details of the EPT mechanism are given in Section 28.2.

25.5.4 APIC 

Virtualization

APIC virtualization is a collection of features that can be used to support the virtualization of interrupts and the 
Advanced Programmable Interrupt Controller (APIC). When APIC virtualization is enabled, the processor emulates 
many accesses to the APIC, tracks the state of the virtual APIC, and delivers virtual interrupts — all in VMX non-
root operation without a VM exit.
Details of the APIC virtualization are given in Chapter 29.

25.5.5 VM Functions

VM function is an operation provided by the processor that can be invoked from VMX non-root operation 
without a VM exit. VM functions are enabled and configured by the settings of different fields in the VMCS. Soft-
ware in VMX non-root operation invokes a VM function with the VMFUNC instruction; the value of EAX selects the 
specific VM function being invoked.
Section 25.5.5.1 explains how VM functions are enabled. Section 25.5.5.2 specifies the behavior of the VMFUNC 
instruction. Section 25.5.5.3 describes a specific VM function called EPTP switching.

25.5.5.1   Enabling VM Functions

Software enables VM functions generally by setting the “enable VM functions” VM-execution control. A specific 
VM function is enabled by setting the corresponding VM-function control.
Suppose, for example, that software wants to enable EPTP switching (VM function 0; see Section 24.6.14).To do 
so, it must set the “activate secondary controls” VM-execution control (bit 31 of the primary processor-based VM-
execution controls), the “enable VM functions” VM-execution control (bit 13 of the secondary processor-based VM-
execution controls) and the “EPTP switching” VM-function control (bit 0 of the VM-function controls).

25.5.5.2   General Operation of the VMFUNC Instruction

The VMFUNC instruction causes an invalid-opcode exception (#UD) if the “enable VM functions” VM-execution 
controls is 0

1

 or the value of EAX is greater than 63 (only VM functions 0–63 can be enable). Otherwise, the 

instruction causes a VM exit if the bit at position EAX is 0 in the VM-function controls (the selected VM function is 
not enabled). If such a VM exit occurs, the basic exit reason used is 59 (3BH), indicating “VMFUNC”, and the length 
of the VMFUNC instruction is saved into the VM-exit instruction-length field. If the instruction causes neither an 
invalid-opcode exception nor a VM exit due to a disabled VM function, it performs the functionality of the 
VM function specified by the value in EAX.

1. “Enable VM functions” is a secondary processor-based VM-execution control. If bit 31 of the primary processor-based VM-execution 

controls is 0, VMX non-root operation functions as if the “enable VM functions” VM-execution control were 0. See Section 24.6.2.