Vol. 3C 27-29
VM EXITS
27.6 LOADING
MSRS
VM exits may load MSRs from the VM-exit MSR-load area (see Section 24.7.2). Specifically each entry in that area
(up to the number specified in the VM-exit MSR-load count) is processed in order by loading the MSR indexed by
bits 31:0 with the contents of bits 127:64 as they would be written by WRMSR.
Processing of an entry fails in any of the following cases:
•
The value of bits 31:0 is either C0000100H (the IA32_FS_BASE MSR) or C0000101H (the IA32_GS_BASE
MSR).
•
The value of bits 31:8 is 000008H, meaning that the indexed MSR is one that allows access to an APIC register
when the local APIC is in x2APIC mode.
•
The value of bits 31:0 indicates an MSR that can be written only in system-management mode (SMM) and the
VM exit will not end in SMM. (IA32_SMM_MONITOR_CTL is an MSR that can be written only in SMM.)
•
The value of bits 31:0 indicates an MSR that cannot be loaded on VM exits for model-specific reasons. A
processor may prevent loading of certain MSRs even if they can normally be written by WRMSR. Such model-
specific behavior is documented in Chapter 35.
•
Bits 63:32 are not all 0.
•
An attempt to write bits 127:64 to the MSR indexed by bits 31:0 of the entry would cause a general-protection
exception if executed via WRMSR with CPL = 0.
1
If processing fails for any entry, a VMX abort occurs. See Section 27.7.
If any MSR is being loaded in such a way that would architecturally require a TLB flush, the TLBs are updated so
that, after VM exit, the logical processor does not use any translations that were cached before the transition.
27.7 VMX ABORTS
A problem encountered during a VM exit leads to a VMX abort. A VMX abort takes a logical processor into a shut-
down state as described below.
A VMX abort does not modify the VMCS data in the VMCS region of any active VMCS. The contents of these data
are thus suspect after the VMX abort.
On a VMX abort, a logical processor saves a nonzero 32-bit VMX-abort indicator field at byte offset 4 in the VMCS
region of the VMCS whose misconfiguration caused the failure (see Section 24.2). The following values are used:
1. There was a failure in saving guest MSRs (see Section 27.4).
2. Host checking of the page-directory-pointer-table entries (PDPTEs) failed (see Section 27.5.4).
3. The current VMCS has been corrupted (through writes to the corresponding VMCS region) in such a way that
the logical processor cannot complete the VM exit properly.
4. There was a failure on loading host MSRs (see Section 27.6).
5. There was a machine-check event during VM exit (see Section 27.8).
6. The logical processor was in IA-32e mode before the VM exit and the “host address-space size” VM-entry
control was 0 (see Section 27.5).
Some of these causes correspond to failures during the loading of state from the host-state area. Because the
loading of such state may be done in any order (see Section 27.5) a VM exit that might lead to a VMX abort for
multiple reasons (for example, the current VMCS may be corrupt and the host PDPTEs might not be properly
configured). In such cases, the VMX-abort indicator could correspond to any one of those reasons.
A logical processor never reads the VMX-abort indicator in a VMCS region and writes it only with one of the non-
zero values mentioned above. The VMX-abort indicator allows software on one logical processor to diagnose the
1. Note the following about processors that support Intel 64 architecture. If CR0.PG = 1, WRMSR to the IA32_EFER MSR causes a gen-
eral-protection exception if it would modify the LME bit. Since CR0.PG is always 1 in VMX operation, the IA32_EFER MSR should not
be included in the VM-exit MSR-load area for the purpose of modifying the LME bit.