background image

27-28 Vol. 3C

VM EXITS

27.5.3 

Loading Host RIP, RSP, and RFLAGS

RIP and RSP are loaded from the RIP field and the RSP field, respectively. RFLAGS is cleared, except bit 1, which is 
always set.

27.5.4 

Checking and Loading Host 

Page-Directory-Pointer-Table Entries

If CR0.PG = 1, CR4.PAE = 1, and IA32_EFER.LMA = 0, the logical processor uses PAE paging. See Section 4.4 of 
the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A.

1

 When in PAE paging is in use, the 

physical address in CR3 references a table of page-directory-pointer-table entries (PDPTEs). A MOV to CR3 
when PAE paging is in use checks the validity of the PDPTEs and, if they are valid, loads them into the processor 
(into internal, non-architectural registers).
A VM exit is to a VMM that uses PAE paging if (1) bit 5 (corresponding to CR4.PAE) is set in the CR4 field in the host-
state area of the VMCS; and (2) the â€śhost address-space size” VM-exit control is 0. Such a VM exit may check the 
validity of the PDPTEs referenced by the CR3 field in the host-state area of the VMCS. Such a VM exit must check 
their validity if either (1) PAE paging was not in use before the VM exit; or (2) the value of CR3 is changing as a 
result of the VM exit. A VM exit to a VMM that does not use PAE paging must not check the validity of the PDPTEs.
A VM exit that checks the validity of the PDPTEs uses the same checks that are used when CR3 is loaded with 
MOV to CR3 when PAE paging is in use. If MOV to CR3 would cause a general-protection exception due to the 
PDPTEs that would be loaded (e.g., because a reserved bit is set), a VMX abort occurs (see Section 27.7). If a 
VM exit to a VMM that uses PAE does not cause a VMX abort, the PDPTEs are loaded into the processor as would 
MOV to CR3, using the value of CR3 being load by the VM exit.

27.5.5 

Updating Non-Register State

VM exits affect the non-register state of a logical processor as follows:

•

A logical processor is always in the active state after a VM exit.

•

Event blocking is affected as follows:
— There is no blocking by STI or by MOV SS after a VM exit.
— VM exits caused directly by non-maskable interrupts (NMIs) cause blocking by NMI (see Table 24-3). Other 

VM exits do not affect blocking by NMI. (See Section 27.1 for the case in which an NMI causes a VM exit 
indirectly.)

•

There are no pending debug exceptions after a VM exit.

Section 28.3 describes how the VMX architecture controls how a logical processor manages information in the TLBs 
and paging-structure caches. The following items detail how VM exits invalidate cached mappings:

•

If the “enable VPID” VM-execution control is 0, the logical processor invalidates linear mappings and combined 
mappings associated with VPID 0000H (for all PCIDs); combined mappings for VPID 0000H are invalidated for 
all EP4TA values (EP4TA is the value of bits 51:12 of EPTP).

•

VM exits are not required to invalidate any guest-physical mappings, nor are they required to invalidate any 
linear mappings or combined mappings if the â€śenable VPID” VM-execution control is 1. 

27.5.6 

Clearing Address-Range Monitoring

The Intel 64 and IA-32 architectures allow software to monitor a specified address range using the MONITOR and 
MWAIT instructions. See Section 8.10.4 in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, 
Volume 3A. VM exits clear any address-range monitoring that may be in effect.

1. On processors that support Intel 64 architecture, the physical-address extension may support more than 36 physical-address bits. 

Software can determine a processor’s physical-address width by executing CPUID with 80000008H in EAX. The physical-address 

width is returned in bits 7:0 of EAX.