27-26 Vol. 3C

VM EXITS

•

For CR4, any bits that are fixed in VMX operation (see Section 23.8).

— CR4.PAE is set to 1 if the “host address-space size” VM-exit control is 1.
— CR4.PCIDE is set to 0 if the “host address-space size” VM-exit control is 0.

•

DR7 is set to 400H.

•

The following MSRs are established as follows:
— The IA32_DEBUGCTL MSR is cleared to 00000000_00000000H.
— The IA32_SYSENTER_CS MSR is loaded from the IA32_SYSENTER_CS field. Since that field has only 32 

bits, bits 63:32 of the MSR are cleared to 0. 

— IA32_SYSENTER_ESP MSR and IA32_SYSENTER_EIP MSR are loaded from the IA32_SYSENTER_ESP field 

and the IA32_SYSENTER_EIP field, respectively.
If the processor does not support the Intel 64 architecture, these fields have only 32 bits; bits 63:32 of the 
MSRs are cleared to 0.
If the processor does support the Intel 64 architecture and the processor supports N < 64 linear-address 
bits, each of bits 63:N is set to the value of bit N–1.

1

— The following steps are performed on processors that support Intel 64 architecture:

•

The MSRs FS.base and GS.base are loaded from the base-address fields for FS and GS, respectively 
(see Section 27.5.2).

•

The LMA and LME bits in the IA32_EFER MSR are each loaded with the setting of the “host address-
space size” VM-exit control.

— If the “load IA32_PERF_GLOBAL_CTRL” VM-exit control is 1, the IA32_PERF_GLOBAL_CTRL MSR is loaded 

from the IA32_PERF_GLOBAL_CTRL field. Bits that are reserved in that MSR are maintained with their 
reserved values.

— If the “load IA32_PAT” VM-exit control is 1, the IA32_PAT MSR is loaded from the IA32_PAT field. Bits that 

are reserved in that MSR are maintained with their reserved values.

— If the “load IA32_EFER” VM-exit control is 1, the IA32_EFER MSR is loaded from the IA32_EFER field. Bits 

that are reserved in that MSR are maintained with their reserved values.

— If the “clear IA32_BNDCFGS” VM-exit control is 1, the IA32_BNDCFGS MSR is cleared to 

00000000_00000000H; otherwise, it is not modified.

With the exception of FS.base and GS.base, any of these MSRs is subsequently overwritten if it appears in the 
VM-exit MSR-load area. See Section 27.6.

27.5.2 

Loading Host Segment and Descriptor-Table Registers

Each of the registers CS, SS, DS, ES, FS, GS, and TR is loaded as follows (see below for the treatment of LDTR):

•

The selector is loaded from the selector field. The segment is unusable if its selector is loaded with zero. The 
checks specified Section 26.3.1.2 limit the selector values that may be loaded. In particular, CS and TR are 
never loaded with zero and are thus never unusable. SS can be loaded with zero only on processors that 
support Intel 64 architecture and only if the VM exit is to 64-bit mode (64-bit mode allows use of segments 
marked unusable).

•

The base address is set as follows:
— CS. Cleared to zero.
— SS, DS, and ES. Undefined if the segment is unusable; otherwise, cleared to zero.
— FS and GS. Undefined (but, on processors that support Intel 64 architecture, canonical) if the segment is 

unusable and the VM exit is not to 64-bit mode; otherwise, loaded from the base-address field.

1. Software can determine the number N by executing CPUID with 80000008H in EAX. The number of linear-address bits supported is 

returned in bits 15:8 of EAX.