background image

Vol. 3C 25-15

VMX NON-ROOT OPERATION

paging structures. As a result, this access may cause a VM exit due to an EPT violation or an EPT misconfigu-
ration encountered during that translation.

If PAE paging is in use (CR4.PAE = 1 and IA32_EFER.LMA = 0), an EPTP-switching VMFUNC does not load the 
four page-directory-pointer-table entries (PDPTEs) from the guest-physical address in CR3. The logical 
processor continues to use the four guest-physical addresses already present in the PDPTEs. The guest-
physical address in CR3 is not translated through the new EPT paging structures (until some operation that 
would load the PDPTEs).
The EPTP-switching VMFUNC cannot itself cause a VM exit due to an EPT violation or an EPT misconfiguration
encountered during the translation of a guest-physical address in any of the PDPTEs. A subsequent memory
access with a linear address uses the translation of the guest-physical address in the appropriate PDPTE
through the new EPT paging structures. As a result, such an access may cause a VM exit due to an EPT
violation or an EPT misconfiguration encountered during that translation.

If an EPTP-switching VMFUNC establishes an EPTP value that enables accessed and dirty flags for EPT (by setting 
bit 6), subsequent memory accesses may fail to set those flags as specified if there has been no appropriate execu-
tion of INVEPT since the last use of an EPTP value that does not enable accessed and dirty flags for EPT (because 
bit 6 is clear) and that is identical to the new value on bits 51:12.
IF the processor supports the 1-setting of the “EPT-violation #VE” VM-execution control, an EPTP-switching 
VMFUNC loads the value in ECX[15:0] into to EPTP-index field in current VMCS. Subsequent EPT-violation virtual-
ization exceptions will save this value into the virtualization-exception information area (see Section 25.5.6.2);

25.5.6 Virtualization 

Exceptions

virtualization exception is a new processor exception. It uses vector 20 and is abbreviated #VE.
A virtualization exception can occur only in VMX non-root operation. Virtualization exceptions occur only with 
certain settings of certain VM-execution controls. Generally, these settings imply that certain conditions that would 
normally cause VM exits instead cause virtualization exceptions
In particular, the 1-setting of the “EPT-violation #VE” VM-execution control causes some EPT violations to generate 
virtualization exceptions instead of VM exits. Section 25.5.6.1 provides the details of how the processor deter-
mines whether an EPT violation causes a virtualization exception or a VM exit.
When the processor encounters a virtualization exception, it saves information about the exception to the virtual-
ization-exception information area; see Section 25.5.6.2.
After saving virtualization-exception information, the processor delivers a virtualization exception as it would any 
other exception; see Section 25.5.6.3 for details.

25.5.6.1   Convertible EPT Violations

If the “EPT-violation #VE” VM-execution control is 0 (e.g., on processors that do not support this feature), EPT 
violations always cause VM exits. If instead the control is 1, certain EPT violations may be converted to cause virtu-
alization exceptions instead; such EPT violations are convertible
The values of certain EPT paging-structure entries determine which EPT violations are convertible. Specifically, 
bit 63 of certain EPT paging-structure entries may be defined to mean suppress #VE:

If bits 2:0 of an EPT paging-structure entry are all 0, the entry is not present. If the processor encounters 
such an entry while translating a guest-physical address, it causes an EPT violation. The EPT violation is 
convertible if and only if bit 63 of the entry is 0.

If bits 2:0 of an EPT paging-structure entry are not all 0, the following cases apply:
— If the value of the EPT paging-structure entry is not supported, the entry is misconfigured. If the 

processor encounters such an entry while translating a guest-physical address, it causes an EPT misconfig-
uration (not an EPT violation). EPT misconfigurations always cause VM exits.

— If the value of the EPT paging-structure entry is supported, the following cases apply: