Vol. 3C 26-15

VM ENTRIES

26.3.2.1   Loading Guest Control Registers, Debug Registers, and MSRs

The following items describe how guest control registers, debug registers, and MSRs are loaded on VM entry:

•

CR0 is loaded from the CR0 field with the exception of the following bits, which are never modified on VM entry: 
ET (bit 4); reserved bits 15:6, 17, and 28:19; NW (bit 29) and CD (bit 30).

1

 The values of these bits in the CR0 

field are ignored.

•

CR3 and CR4 are loaded from the CR3 field and the CR4 field, respectively.

•

If the “load debug controls” VM-entry control is 1, DR7 is loaded from the DR7 field with the exception that 
bit 12 and bits 15:14 are always 0 and bit 10 is always 1. The values of these bits in the DR7 field are ignored.
The first processors to support the virtual-machine extensions supported only the 1-setting of the “load
debug controls” VM-entry control and thus always loaded DR7 from the DR7 field.

•

The following describes how certain MSRs are loaded using fields in the guest-state area:
— If the “load debug controls” VM-entry control is 1, the IA32_DEBUGCTL MSR is loaded from the 

IA32_DEBUGCTL field. The first processors to support the virtual-machine extensions supported only the 1-
setting of this control and thus always loaded the IA32_DEBUGCTL MSR from the IA32_DEBUGCTL field.

— The IA32_SYSENTER_CS MSR is loaded from the IA32_SYSENTER_CS field. Since this field has only 32 

bits, bits 63:32 of the MSR are cleared to 0.

— The IA32_SYSENTER_ESP and IA32_SYSENTER_EIP MSRs are loaded from the IA32_SYSENTER_ESP field 

and the IA32_SYSENTER_EIP field, respectively. On processors that do not support Intel 64 architecture, 
these fields have only 32 bits; bits 63:32 of the MSRs are cleared to 0.

— The following are performed on processors that support Intel 64 architecture:

•

The MSRs FS.base and GS.base are loaded from the base-address fields for FS and GS, respectively 

(see Section 26.3.2.2).

•

If the “load IA32_EFER” VM-entry control is 0, bits in the IA32_EFER MSR are modified as follows:
— IA32_EFER.LMA is loaded with the setting of the “IA-32e mode guest” VM-entry control.
— If CR0 is being loaded so that CR0.PG = 1, IA32_EFER.LME is also loaded with the setting of the

“IA-32e mode guest” VM-entry control.

2

 Otherwise, IA32_EFER.LME is unmodified.

See below for the case in which the “load IA32_EFER” VM-entry control is 1

— If the “load IA32_PERF_GLOBAL_CTRL” VM-entry control is 1, the IA32_PERF_GLOBAL_CTRL MSR is loaded 

from the IA32_PERF_GLOBAL_CTRL field.

— If the “load IA32_PAT” VM-entry control is 1, the IA32_PAT MSR is loaded from the IA32_PAT field.
— If the “load IA32_EFER” VM-entry control is 1, the IA32_EFER MSR is loaded from the IA32_EFER field.
— If the “load IA32_BNDCFGS” VM-entry control is 1, the IA32_BNDCFGS MSR is loaded from the 

IA32_BNDCFGS field.

With the exception of FS.base and GS.base, any of these MSRs is subsequently overwritten if it appears in the
VM-entry MSR-load area. See Section 26.4.

•

The SMBASE register is unmodified by all VM entries except those that return from SMM.

1. Bits 15:6, bit 17, and bit 28:19 of CR0 and CR0.ET are unchanged by executions of MOV to CR0. Bits 15:6, bit 17, and bit 28:19 of 

CR0 are always 0 and CR0.ET is always 1.

2. If the capability MSR IA32_VMX_CR0_FIXED0 reports that CR0.PG must be 1 in VMX operation, VM entry must be loading CR0 so 

that CR0.PG = 1 unless the “unrestricted guest” VM-execution control and bit 31 of the primary processor-based VM-execution con-

trols are both 1.