28-10 Vol. 3C
VMX SUPPORT FOR ADDRESS TRANSLATION
28.2.3.3 Prioritization of EPT Misconfigurations and EPT Violations
The translation of a linear address to a physical address requires one or more translations of guest-physical
addresses using EPT (see Section 28.2.1). This section specifies the relative priority of EPT-induced VM exits with
respect to each other and to other events that may be encountered when accessing memory using a linear address.
For an access to a guest-physical address, determination of whether an EPT misconfiguration or an EPT violation
occurs is based on an iterative process:
1
1. An EPT paging-structure entry is read (initially, this is an EPT PML4 entry):
a. If the entry is not present (bits 2:0 are all 0), an EPT violation occurs.
b. If the entry is present but its contents are not configured properly (see Section 28.2.3.1), an EPT miscon-
figuration occurs.
c. If the entry is present and its contents are configured properly, operation depends on whether the entry
references another EPT paging structure (whether it is an EPT PDE with bit 7 set to 1 or an EPT PTE):
i) If the entry does reference another EPT paging structure, an entry from that structure is accessed;
step 1 is executed for that other entry.
ii) Otherwise, the entry is used to produce the ultimate physical address (the translation of the original
guest-physical address); step 2 is executed.
2. Once the ultimate physical address is determined, the privileges determined by the EPT paging-structure
entries are evaluated:
a. If the access to the guest-physical address is not allowed by these privileges (see Section 28.2.3.2), an EPT
violation occurs.
b. If the access to the guest-physical address is allowed by these privileges, memory is accessed using the
ultimate physical address.
If CR0.PG = 1, the translation of a linear address is also an iterative process, with the processor first accessing an
entry in the guest paging structure referenced by the guest-physical address in CR3 (or, if PAE paging is in use, the
guest-physical address in the appropriate PDPTE register), then accessing an entry in another guest paging struc-
ture referenced by the guest-physical address in the first guest paging-structure entry, etc. Each guest-physical
address is itself translated using EPT and may cause an EPT-induced VM exit. The following items detail how page
faults and EPT-induced VM exits are recognized during this iterative process:
1. An attempt is made to access a guest paging-structure entry with a guest-physical address (initially, the
address in CR3 or PDPTE register).
a. If the access fails because of an EPT misconfiguration or an EPT violation (see above), an EPT-induced
VM exit occurs.
b. If the access does not cause an EPT-induced VM exit, bit 0 (the present flag) of the entry is consulted:
i) If the present flag is 0 or any reserved bit is set, a page fault occurs.
ii) If the present flag is 1, no reserved bit is set, operation depends on whether the entry references
another guest paging structure (whether it is a guest PDE with PS = 1 or a guest PTE):
•
If the entry does reference another guest paging structure, an entry from that structure is
accessed; step 1 is executed for that other entry.
•
Otherwise, the entry is used to produce the ultimate guest-physical address (the translation of the
original linear address); step 2 is executed.
2. Once the ultimate guest-physical address is determined, the privileges determined by the guest paging-
structure entries are evaluated:
a. If the access to the linear address is not allowed by these privileges (e.g., it was a write to a read-only
page), a page fault occurs.
b. If the access to the linear address is allowed by these privileges, an attempt is made to access memory at
the ultimate guest-physical address:
1. This is a simplification of the more detailed description given in Section 28.2.2.