background image

26-8 Vol. 3C

VM ENTRIES

26.3 CHECKING AND LOADING GUEST STATE

If all checks on the VMX controls and the host-state area pass (see Section 26.2), the following operations take 
place concurrently: (1) the guest-state area of the VMCS is checked to ensure that, after the VM entry completes, 
the state of the logical processor is consistent with IA-32 and Intel 64 architectures; (2) processor state is loaded 
from the guest-state area or as specified by the VM-entry control fields; and (3) address-range monitoring is 
cleared.
Because the checking and the loading occur concurrently, a failure may be discovered only after some state has 
been loaded. For this reason, the logical processor responds to such failures by loading state from the host-state 
area, as it would for a VM exit. See Section 26.7.

26.3.1 

Checks on the Guest State Area

This section describes checks performed on fields in the guest-state area. These checks may be performed in any 
order. Some checks prevent establishment of settings (or combinations of settings) that are currently reserved. 
Future processors may allow such settings (or combinations) and may not perform the corresponding checks. The 
correctness of software should not rely on VM-entry failures resulting from the checks documented in this section. 
The following subsections reference fields that correspond to processor state. Unless otherwise stated, these refer-
ences are to fields in the guest-state area.

26.3.1.1   Checks on Guest Control Registers, Debug Registers, and MSRs

The following checks are performed on fields in the guest-state area corresponding to control registers, debug 
registers, and MSRs:

The CR0 field must not set any bit to a value not supported in VMX operation (see Section 23.8). The following 
are exceptions:
— Bit 0 (corresponding to CR0.PE) and bit 31 (PG) are not checked if the “unrestricted guest” VM-execution 

control is 1.

1

— Bit 29 (corresponding to CR0.NW) and bit 30 (CD) are never checked because the values of these bits are 

not changed by VM entry; see Section 26.3.2.1.

If bit 31 in the CR0 field (corresponding to PG) is 1, bit 0 in that field (PE) must also be 1.

2

The CR4 field must not set any bit to a value not supported in VMX operation (see Section 23.8).

If the “load debug controls” VM-entry control is 1, bits reserved in the IA32_DEBUGCTL MSR must be 0 in the 
field for that register. The first processors to support the virtual-machine extensions supported only the 1-
setting of this control and thus performed this check unconditionally.

The following checks are performed on processors that support Intel 64 architecture:
— If the “IA-32e mode guest” VM-entry control is 1, bit 31 in the CR0 field (corresponding to CR0.PG) and 

bit 5 in the CR4 field (corresponding to CR4.PAE) must each be 1.

3

— If the “IA-32e mode guest” VM-entry control is 0, bit 17 in the CR4 field (corresponding to CR4.PCIDE) 

must be 0.

— The CR3 field must be such that bits 63:52 and bits in the range 51:32 beyond the processor’s physical-

address width are 0.

4,5

1. “Unrestricted guest” is a secondary processor-based VM-execution control. If bit 31 of the primary processor-based VM-execution 

controls is 0, VM entry functions as if the “unrestricted guest” VM-execution control were 0. See Section 24.6.2.

2. If the capability MSR IA32_VMX_CR0_FIXED0 reports that CR0.PE must be 1 in VMX operation, bit 0 in the CR0 field must be 1 

unless the “unrestricted guest” VM-execution control and bit 31 of the primary processor-based VM-execution controls are both 1.

3. If the capability MSR IA32_VMX_CR0_FIXED0 reports that CR0.PG must be 1 in VMX operation, bit 31 in the CR0 field must be 1 

unless the “unrestricted guest” VM-execution control and bit 31 of the primary processor-based VM-execution controls are both 1.

4. Software can determine a processor’s physical-address width by executing CPUID with 80000008H in EAX. The physical-address 

width is returned in bits 7:0 of EAX.