background image

27-24 Vol. 3C

VM EXITS

Support,” of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1). (This does 
not apply to VM exits with basic exit reason “monitor trap flag.”)

In other cases, bit 12 is cleared to 0.

•

Bit 14 (BS) is set if RFLAGS.TF = 1 in either of the following cases:
— IA32_DEBUGCTL.BTF = 0 and the cause of a pending debug exception was the execution of a single 

instruction.

— IA32_DEBUGCTL.BTF = 1 and the cause of a pending debug exception was a taken branch.

•

Bit 16 (RTM) is set if a debug exception (#DB) or a breakpoint exception (#BP) occurred inside an RTM 
region while advanced debugging of RTM transactional regions had been enabled. (This does not apply 
to VM exits with basic exit reason “monitor trap flag.”)

— Suppose that a VM exit is due to another reason (but not a debug exception) and occurs while there is MOV-

SS blocking of debug exceptions. In this case, the value saved sets bits corresponding to the causes of any 
debug exceptions that were pending at the time of the VM exit. If the VM exit occurs immediately after 
VM entry (no instructions were executed in VMX non-root operation), the value saved may match that 
which was loaded on VM entry (see Section 26.6.3). Otherwise, the following items apply:

•

Bit 12 (enabled breakpoint) is set to 1 if there was at least one matched data or I/O breakpoint that was 
enabled in DR7. Bit 12 is also set if it had been set on VM entry, causing there to be valid pending debug 
exceptions (see Section 26.6.3) and the VM exit occurred before those exceptions were either delivered 
or lost. In other cases, bit 12 is cleared to 0.

•

The setting of bit 14 (BS) is implementation-specific. However, it is not set if RFLAGS.TF = 0 or 
IA32_DEBUGCTL.BTF = 1.

— The reserved bits in the field are cleared.

•

If the “save VMX-preemption timer value” VM-exit control is 1, the value of timer is saved into the VMX-
preemption timer-value field. This is the value loaded from this field on VM entry as subsequently decremented 
(see Section 25.5.1). VM exits due to timer expiration save the value 0. Other VM exits may also save the value 
0 if the timer expired during VM exit. (If the â€śsave VMX-preemption timer value” VM-exit control is 0, VM exit 
does not modify the value of the VMX-preemption timer-value field.)

•

If the logical processor supports the 1-setting of the “enable EPT” VM-execution control, values are saved into 
the four (4) PDPTE fields as follows:
— If the “enable EPT” VM-execution control is 1 and the logical processor was using PAE paging at the time of 

the VM exit, the PDPTE values currently in use are saved:

1

•

The values saved into bits 11:9 of each of the fields is undefined.

•

If the value saved into one of the fields has bit 0 (present) clear, the value saved into bits 63:1 of that 
field is undefined. That value need not correspond to the value that was loaded by VM entry or to any 
value that might have been loaded in VMX non-root operation.

•

If the value saved into one of the fields has bit 0 (present) set, the value saved into bits 63:12 of the 
field is a guest-physical address.

— If the “enable EPT” VM-execution control is 0 or the logical processor was not using PAE paging at the time 

of the VM exit, the values saved are undefined.

27.4 SAVING 

MSRS

After processor state is saved to the guest-state area, values of MSRs may be stored into the VM-exit MSR-store 
area (see Section 24.7.2). Specifically each entry in that area (up to the number specified in the VM-exit MSR-store 

1. A logical processor uses PAE paging if CR0.PG = 1, CR4.PAE = 1 and IA32_EFER.LMA = 0. See Section 4.4 in the Intel® 64 and IA-32 

Architectures Software Developer’s Manual, Volume 3A. “Enable EPT” is a secondary processor-based VM-execution control. If bit 31 

of the primary processor-based VM-execution controls is 0, VM exit functions as if the “enable EPT” VM-execution control were 0. 

See Section 24.6.2.