Vol. 3C 27-25
VM EXITS
count) is processed in order by storing the value of the MSR indexed by bits 31:0 (as they would be read by
RDMSR) into bits 127:64. Processing of an entry fails in either of the following cases:
•
The value of bits 31:8 is 000008H, meaning that the indexed MSR is one that allows access to an APIC register
when the local APIC is in x2APIC mode.
•
The value of bits 31:0 indicates an MSR that can be read only in system-management mode (SMM) and the
VM exit will not end in SMM. (IA32_SMBASE is an MSR that can be read only in SMM.)
•
The value of bits 31:0 indicates an MSR that cannot be saved on VM exits for model-specific reasons. A
processor may prevent certain MSRs (based on the value of bits 31:0) from being stored on VM exits, even if
they can normally be read by RDMSR. Such model-specific behavior is documented in Chapter 35.
•
Bits 63:32 of the entry are not all 0.
•
An attempt to read the MSR indexed by bits 31:0 would cause a general-protection exception if executed via
RDMSR with CPL = 0.
A VMX abort occurs if processing fails for any entry. See Section 27.7.
27.5
LOADING HOST STATE
Processor state is updated on VM exits in the following ways:
•
Some state is loaded from or otherwise determined by the contents of the host-state area.
•
Some state is determined by VM-exit controls.
•
Some state is established in the same way on every VM exit.
•
The page-directory pointers are loaded based on the values of certain control registers.
This loading may be performed in any order.
On processors that support Intel 64 architecture, the full values of each 64-bit field loaded (for example, the base
address for GDTR) is loaded regardless of the mode of the logical processor before and after the VM exit.
The loading of host state is detailed in Section 27.5.1 to Section 27.5.5. These sections reference VMCS fields that
correspond to processor state. Unless otherwise stated, these references are to fields in the host-state area.
A logical processor is in IA-32e mode after a VM exit only if the “host address-space size” VM-exit control is 1. If
the logical processor was in IA-32e mode before the VM exit and this control is 0, a VMX abort occurs. See Section
27.7.
In addition to loading host state, VM exits clear address-range monitoring (Section 27.5.6).
After the state loading described in this section, VM exits may load MSRs from the VM-exit MSR-load area (see
Section 27.6). This loading occurs only after the state loading described in this section.
27.5.1
Loading Host Control Registers, Debug Registers, MSRs
VM exits load new values for controls registers, debug registers, and some MSRs:
•
CR0, CR3, and CR4 are loaded from the CR0 field, the CR3 field, and the CR4 field, respectively, with the
following exceptions:
— The following bits are not modified:
•
For CR0, ET, CD, NW; bits 63:32 (on processors that support Intel 64 architecture), 28:19, 17, and
15:6; and any bits that are fixed in VMX operation (see Section 23.8).
1
•
For CR3, bits 63:52 and bits in the range 51:32 beyond the processor’s physical-address width (they
are cleared to 0).
2
(This item applies only to processors that support Intel 64 architecture.)
1. Bits 28:19, 17, and 15:6 of CR0 and CR0.ET are unchanged by executions of MOV to CR0. CR0.ET is always 1 and the other bits are
always 0.
2. Software can determine a processor’s physical-address width by executing CPUID with 80000008H in EAX. The physical-address
width is returned in bits 7:0 of EAX.