26-14 Vol. 3C
VM ENTRIES
•
Bit 31 must contain the setting of the “VMCS shadowing” VM-execution control.
1
This implies that the
referenced VMCS is a shadow VMCS (see Section 24.10) if and only if the “VMCS shadowing” VM-
execution control is 1.
— If the processor is not in SMM or the “entry to SMM” VM-entry control is 1, the field must not contain the
current VMCS pointer.
— If the processor is in SMM and the “entry to SMM” VM-entry control is 0, the field must differ from the
executive-VMCS pointer.
26.3.1.6
Checks on Guest Page-Directory-Pointer-Table Entries
If CR0.PG =1, CR4.PAE = 1, and IA32_EFER.LME = 0, the logical processor uses PAE paging (see Section 4.4 in
the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A).
2
When PAE paging is in use, the
physical address in CR3 references a table of page-directory-pointer-table entries (PDPTEs). A MOV to CR3
when PAE paging is in use checks the validity of the PDPTEs.
A VM entry is to a guest that uses PAE paging if (1) bit 31 (corresponding to CR0.PG) is set in the CR0 field in the
guest-state area; (2) bit 5 (corresponding to CR4.PAE) is set in the CR4 field; and (3) the “IA-32e mode guest”
VM-entry control is 0. Such a VM entry checks the validity of the PDPTEs:
•
If the “enable EPT” VM-execution control is 0, VM entry checks the validity of the PDPTEs referenced by the CR3
field in the guest-state area if either (1) PAE paging was not in use before the VM entry; or (2) the value of CR3
is changing as a result of the VM entry. VM entry may check their validity even if neither (1) nor (2) hold.
3
•
If the “enable EPT” VM-execution control is 1, VM entry checks the validity of the PDPTE fields in the guest-state
area (see Section 24.4.2).
A VM entry to a guest that does not use PAE paging does not check the validity of any PDPTEs.
A VM entry that checks the validity of the PDPTEs uses the same checks that are used when CR3 is loaded with
MOV to CR3 when PAE paging is in use.
4
If MOV to CR3 would cause a general-protection exception due to the
PDPTEs that would be loaded (e.g., because a reserved bit is set), the VM entry fails.
26.3.2 Loading Guest State
Processor state is updated on VM entries in the following ways:
•
Some state is loaded from the guest-state area.
•
Some state is determined by VM-entry controls.
•
The page-directory pointers are loaded based on the values of certain control registers.
This loading may be performed in any order and in parallel with the checking of VMCS contents (see Section
26.3.1).
The loading of guest state is detailed in Section 26.3.2.1 to Section 26.3.2.4. These sections reference VMCS fields
that correspond to processor state. Unless otherwise stated, these references are to fields in the guest-state area.
In addition to the state loading described in this section, VM entries may load MSRs from the VM-entry MSR-load
area (see Section 26.4). This loading occurs only after the state loading described in this section and the checking
of VMCS contents described in Section 26.3.1.
1. “VMCS shadowing” is a secondary processor-based VM-execution control. If bit 31 of the primary processor-based VM-execution
controls is 0, VM entry functions as if the “VMCS shadowing” VM-execution control were 0. See Section 24.6.2.
2. On processors that support Intel 64 architecture, the physical-address extension may support more than 36 physical-address bits.
Software can determine the number physical-address bits supported by executing CPUID with 80000008H in EAX. The physical-
address width is returned in bits 7:0 of EAX.
3. “Enable EPT” is a secondary processor-based VM-execution control. If bit 31 of the primary processor-based VM-execution controls
is 0, VM entry functions as if the “enable EPT” VM-execution control were 0. See Section 24.6.2.
4. This implies that (1) bits 11:9 in each PDPTE are ignored; and (2) if bit 0 (present) is clear in one of the PDPTEs, bits 63:1 of that
PDPTE are ignored.