27-22 Vol. 3C
VM EXITS
stack had the event been delivered through a trap or interrupt gate,
1
or into the old task-state segment had
the event been delivered through a task gate).
— If the VM exit is due to a triple fault, the value saved is the return pointer that would have been saved
(either on the stack had the event been delivered through a trap or interrupt gate, or into the old task-state
segment had the event been delivered through a task gate) had delivery of the double fault not
encountered the nested exception that caused the triple fault.
— If the VM exit is due to a software exception (due to an execution of INT3 or INTO), the value saved
references the INT3 or INTO instruction that caused that exception.
— Suppose that the VM exit is due to a task switch that was caused by execution of CALL, IRET, or JMP or by
execution of a software interrupt (INT n) or software exception (due to execution of INT3 or INTO) that
encountered a task gate in the IDT. The value saved references the instruction that caused the task switch
(CALL, IRET, JMP, INT n, INT3, or INTO).
— Suppose that the VM exit is due to a task switch that was caused by a task gate in the IDT that was
encountered for any reason except the direct access by a software interrupt or software exception. The
value saved is that which would have been saved in the old task-state segment had the task switch
completed normally.
— If the VM exit is due to an execution of MOV to CR8 or WRMSR that reduced the value of bits 7:4 of VTPR
(see Section 29.1.1) below that of TPR threshold VM-execution control field (see Section 29.1.2), the value
saved references the instruction following the MOV to CR8 or WRMSR.
— If the VM exit was caused by APIC-write emulation (see Section 29.4.3.2) that results from an APIC access
as part of instruction execution, the value saved references the instruction following the one whose
execution caused the APIC-write emulation.
•
The contents of the RSP register are saved into the RSP field.
•
With the exception of the resume flag (RF; bit 16), the contents of the RFLAGS register is saved into the
RFLAGS field. RFLAGS.RF is saved as follows:
— If the VM exit occurred in enclave mode, the value saved is 0 (the remaining items do not apply).
— If the VM exit is caused directly by an event that would normally be delivered through the IDT, the value
saved is that which would appear in the saved RFLAGS image (either that which would be saved on the
stack had the event been delivered through a trap or interrupt gate
2
or into the old task-state segment had
the event been delivered through a task gate) had the event been delivered through the IDT. See below for
VM exits due to task switches caused by task gates in the IDT.
— If the VM exit is caused by a triple fault, the value saved is that which the logical processor would have in
RF in the RFLAGS register had the triple fault taken the logical processor to the shutdown state.
— If the VM exit is caused by a task switch (including one caused by a task gate in the IDT), the value saved
is that which would have been saved in the RFLAGS image in the old task-state segment (TSS) had the task
switch completed normally without exception.
— If the VM exit is caused by an attempt to execute an instruction that unconditionally causes VM exits or one
that was configured to do with a VM-execution control, the value saved is 0.
3
— For APIC-access VM exits and for VM exits caused by EPT violations EPT misconfigurations, and page-
modification log-full events, the value saved depends on whether the VM exit occurred during delivery of an
event through the IDT:
1. The reference here is to the full value of RIP before any truncation that would occur had the stack width been only 32 bits or 16
bits.
2. The reference here is to the full value of RFLAGS before any truncation that would occur had the stack width been only 32 bits or
16 bits.
3. This is true even if RFLAGS.RF was 1 before the instruction was executed. If, in response to such a VM exit, a VM monitor re-enters
the guest to re-execute the instruction that caused the VM exit (for example, after clearing the VM-execution control that caused
the VM exit), the instruction may encounter a code breakpoint that has already been processed. A VM monitor can avoid this by set-
ting the guest value of RFLAGS.RF to 1 before resuming guest software.