background image

Vol. 3C 25-17

VMX NON-ROOT OPERATION

(#DF) is generated. See Chapter 6, “Interrupt 8—Double Fault Exception (#DF)” in Intel® 64 and IA-32 Archi-
tectures Software Developer’s Manual, Volume 3A.
It is not possible for a virtualization exception to be encountered while delivering another exception (see
Section 25.5.6.1).

If a virtualization exception causes a VM exit directly (because bit 20 is 1 in the exception bitmap), information 
about the exception is saved normally in the VM-exit interruption information field in the VMCS (see Section 
27.2.2). Specifically, the event is reported as a hardware exception with vector 20 and no error code. Bit 12 of the 
field (NMI unblocking due to IRET) is set normally.
If a virtualization exception causes a VM exit indirectly (because bit 20 is 0 in the exception bitmap and delivery of 
the exception generates an event that causes a VM exit), information about the exception is saved normally in the 
IDT-vectoring information field in the VMCS (see Section 27.2.3). Specifically, the event is reported as a hardware 
exception with vector 20 and no error code.

25.6 UNRESTRICTED 

GUESTS

The first processors to support VMX operation require CR0.PE and CR0.PG to be 1 in VMX operation (see Section 
23.8). This restriction implies that guest software cannot be run in unpaged protected mode or in real-address 
mode. Later processors support a VM-execution control called “unrestricted guest”.

1

 If this control is 1, CR0.PE and 

CR0.PG may be 0 in VMX non-root operation. Such processors allow guest software to run in unpaged protected 
mode or in real-address mode. The following items describe the behavior of such software:

The MOV CR0 instructions does not cause a general-protection exception simply because it would set either 
CR0.PE and CR0.PG to 0. See Section 25.3 for details.

A logical processor treats the values of CR0.PE and CR0.PG in VMX non-root operation just as it does outside 
VMX operation. Thus, if CR0.PE = 0, the processor operates as it does normally in real-address mode (for 
example, it uses the 16-bit interrupt table to deliver interrupts and exceptions). If CR0.PG = 0, the processor 
operates as it does normally when paging is disabled.

Processor operation is modified by the fact that the processor is in VMX non-root operation and by the settings 
of the VM-execution controls just as it is in protected mode or when paging is enabled. Instructions, interrupts, 
and exceptions that cause VM exits in protected mode or when paging is enabled also do so in real-address 
mode or when paging is disabled. The following examples should be noted:
— If CR0.PG = 0, page faults do not occur and thus cannot cause VM exits.
— If CR0.PE = 0, invalid-TSS exceptions do not occur and thus cannot cause VM exits.
— If CR0.PE = 0, the following instructions cause invalid-opcode exceptions and do not cause VM exits: 

INVEPT, INVVPID, LLDT, LTR, SLDT, STR, VMCLEAR, VMLAUNCH, VMPTRLD, VMPTRST, VMREAD, 
VMRESUME, VMWRITE, VMXOFF, and VMXON.

If CR0.PG = 0, each linear address is passed directly to the EPT mechanism for translation to a physical 
address.

2

 The guest memory type passed on to the EPT mechanism is WB (writeback).

1. “Unrestricted guest” is a secondary processor-based VM-execution control. If bit 31 of the primary processor-based VM-execution 

controls is 0, VMX non-root operation functions as if the “unrestricted guest” VM-execution control were 0. See Section 24.6.2.

2. As noted in Section 26.2.1.1, the “enable EPT” VM-execution control must be 1 if the “unrestricted guest” VM-execution control is 1.