Vol. 3C 27-5
VM EXITS
— For a page-fault exception, the exit qualification contains the linear address that caused the page fault. On
processors that support Intel 64 architecture, bits 63:32 are cleared if the logical processor was not in 64-
bit mode before the VM exit.
If the page-fault exception occurred during execution of an instruction in enclave mode (and not during
delivery of an event incident to enclave mode), bits 11:0 of the exit qualification are cleared.
— For a start-up IPI (SIPI), the exit qualification contains the SIPI vector information in bits 7:0. Bits 63:8 of
the exit qualification are cleared to 0.
— For a task switch, the exit qualification contains details about the task switch, encoded as shown in
— For INVLPG, the exit qualification contains the linear-address operand of the instruction.
•
On processors that support Intel 64 architecture, bits 63:32 are cleared if the logical processor was not
in 64-bit mode before the VM exit.
•
If the INVLPG source operand specifies an unusable segment, the linear address specified in the exit
qualification will match the linear address that the INVLPG would have used if no VM exit occurred. This
address is not architecturally defined and may be implementation-specific.
— For INVEPT, INVPCID, INVVPID, LGDT, LIDT, LLDT, LTR, SGDT, SIDT, SLDT, STR, VMCLEAR, VMPTRLD,
VMPTRST, VMREAD, VMWRITE, VMXON, XRSTORS, and XSAVES, the exit qualification receives the value of
the instruction’s displacement field, which is sign-extended to 64 bits if necessary (32 bits on processors
that do not support Intel 64 architecture). If the instruction has no displacement (for example, has a
register operand), zero is stored into the exit qualification.
On processors that support Intel 64 architecture, an exception is made for RIP-relative addressing (used
only in 64-bit mode). Such addressing causes an instruction to use an address that is the sum of the
displacement field and the value of RIP that references the following instruction. In this case, the exit
qualification is loaded with the sum of the displacement field and the appropriate RIP value.
In all cases, bits of this field beyond the instruction’s address size are undefined. For example, suppose
that the address-size field in the VM-exit instruction-information field (see Section 24.9.4 and Section
27.2.4) reports an n-bit address size. Then bits 63:n (bits 31:n on processors that do not support Intel 64
architecture) of the instruction displacement are undefined.
— For a control-register access, the exit qualification contains information about the access and has the
format given in Table 27-3.
— For MOV DR, the exit qualification contains information about the instruction and has the format given in
— For an I/O instruction, the exit qualification contains information about the instruction and has the format
given in Table 27-5.
Table 27-2. Exit Qualification for Task Switch
Bit Position(s)
Contents
15:0
Selector of task-state segment (TSS) to which the guest attempted to switch
29:16
Reserved (cleared to 0)
31:30
Source of task switch initiation:
0: CALL instruction
1: IRET instruction
2: JMP instruction
3: Task gate in IDT
63:32
Reserved (cleared to 0). These bits exist only on processors that support Intel 64 architecture.