Vol. 3C 26-19

VM ENTRIES

•

The value pushed on the stack for RFLAGS is generally that which was loaded from the guest-state area. The 
value pushed for the RF flag is not modified based on the type of event being delivered. However, the pushed 
value of RFLAGS may be modified if a software interrupt is being injected into a guest that will be in virtual-
8086 mode (see below). After RFLAGS is pushed on the stack, the value in the RFLAGS register is modified as 
is done normally when delivering an event through the IDT.

•

The instruction pointer that is pushed on the stack depends on the type of event and whether nested 
exceptions occur during its delivery. The term current guest RIP refers to the value to be loaded from the 
guest-state area. The value pushed is determined as follows:

1

— If VM entry successfully injects (with no nested exception) an event with interruption type external 

interrupt, NMI, or hardware exception, the current guest RIP is pushed on the stack.

— If VM entry successfully injects (with no nested exception) an event with interruption type software 

interrupt, privileged software exception, or software exception, the current guest RIP is incremented by the 
VM-entry instruction length before being pushed on the stack.

— If VM entry encounters an exception while injecting an event and that exception does not cause a VM exit, 

the current guest RIP is pushed on the stack regardless of event type or VM-entry instruction length. If the 
encountered exception does cause a VM exit that saves RIP, the saved RIP is current guest RIP.

•

If the deliver-error-code bit (bit 11) is set in the VM-entry interruption-information field, the contents of the 
VM-entry exception error-code field is pushed on the stack as an error code would be pushed during delivery of 
an exception.

•

DR6, DR7, and the IA32_DEBUGCTL MSR are not modified by event injection, even if the event has vector 1 
(normal deliveries of debug exceptions, which have vector 1, do update these registers).

•

If VM entry is injecting a software interrupt and the guest will be in virtual-8086 mode (RFLAGS.VM = 1), no 
general-protection exception can occur due to RFLAGS.IOPL < 3. A VM monitor should check RFLAGS.IOPL 
before injecting such an event and, if desired, inject a general-protection exception instead of a software 
interrupt.

•

If VM entry is injecting a software interrupt and the guest will be in virtual-8086 mode with virtual-8086 mode 
extensions (RFLAGS.VM = CR4.VME = 1), event delivery is subject to VME-based interrupt redirection based 
on the software interrupt redirection bitmap in the task-state segment (TSS) as follows:
— If  bit n in the bitmap is clear (where n is the number of the software interrupt), the interrupt is directed to 

an 8086 program interrupt handler: the processor uses a 16-bit interrupt-vector table (IVT) located at 
linear address zero. If the value of RFLAGS.IOPL is less than 3, the following modifications are made to the 
value of RFLAGS that is pushed on the stack: IOPL is set to 3, and IF is set to the value of VIF.

— If  bit n in the bitmap is set (where n is the number of the software interrupt), the interrupt is directed to a 

protected-mode interrupt handler. (In other words, the injection is treated as described in the next item.) 
In this case, the software interrupt does not invoke such a handler if RFLAGS.IOPL < 3 (a general-
protection exception occurs instead). However, as noted above, RFLAGS.IOPL cannot cause an injected 
software interrupt to cause such a exception. Thus, in this case, the injection invokes a protected-mode 
interrupt handler independent of the value of RFLAGS.IOPL.

Injection of events of other types are not subject to this redirection.

•

If VM entry is injecting a software interrupt (not redirected as described above) or software exception, privilege 
checking is performed on the IDT descriptor being accessed as would be the case for executions of INT n, INT3, 
or INTO (the descriptor’s DPL cannot be less than CPL). There is no checking of RFLAGS.IOPL, even if the guest 
will be in virtual-8086 mode. Failure of this check may lead to a nested exception. Injection of an event with 
interruption type external interrupt, NMI, hardware exception, and privileged software exception, or with inter-
ruption type software interrupt and being redirected as described above, do not perform these checks.

•

If VM entry is injecting a non-maskable interrupt (NMI) and the “virtual NMIs” VM-execution control is 1, 
virtual-NMI blocking is in effect after VM entry.

•

The transition causes a last-branch record to be logged if the LBR bit is set in the IA32_DEBUGCTL MSR. This is 
true even for events such as debug exceptions, which normally clear the LBR bit before delivery.

1. While these items refer to RIP, the width of the value pushed (16 bits, 32 bits, or 64 bits) is determined normally.