Page 1165

Vol. 3C 28-17

VMX SUPPORT FOR ADDRESS TRANSLATION

to use the INVVPID instruction to ensure that the logical processor’s TLBs and the paging-structure caches are
appropriately invalidated.
Requirements of when software should use the INVVPID instruction depend on the specific algorithm being used
for page-table virtualization. The following items provide guidelines for software developers:

•

Emulation of the INVLPG instruction may require execution of the INVVPID instruction as follows:
— The INVVPID type is individual-address (0).
— The VPID in the INVVPID descriptor is the one assigned to the virtual processor whose execution is being

emulated.

— The linear address in the INVVPID descriptor is that of the operand of the INVLPG instruction being

emulated.

•

Some instructions invalidate all entries in the TLBs and paging-structure caches—except for global translations.
An example is the MOV to CR3 instruction. (See Section 4.10, “Caching Translation Information” in the Intel®
64 and IA-32 Architectures Software Developer’s Manual, Volume 3A

for details regarding global translations.)

Emulation of such an instruction may require execution of the INVVPID instruction as follows:
— The INVVPID type is single-context-retaining-globals (3).
— The VPID in the INVVPID descriptor is the one assigned to the virtual processor whose execution is being

emulated.

•

Some instructions invalidate all entries in the TLBs and paging-structure caches—including for global transla-
tions. An example is the MOV to CR4 instruction if the value of value of bit 4 (page global enable—PGE) is
changing. Emulation of such an instruction may require execution of the INVVPID instruction as follows:
— The INVVPID type is single-context (1).
— The VPID in the INVVPID descriptor is the one assigned to the virtual processor whose execution is being

emulated.

If EPT is not in use, the logical processor associates all mappings it creates with the current VPID, and it will use
such mappings to translate linear addresses. For that reason, a VMM should not use the same VPID for different
non-EPT guests that use different page tables. Doing so may result in one guest using translations that pertain to
the other.
If EPT is in use, the instructions enumerated above might not be configured to cause VM exits and the VMM might
not be emulating them. In that case, executions of the instructions by guest software properly invalidate the
required entries in the TLBs and paging-structure caches (see Section 28.3.3.1); execution of the INVVPID instruc-
tion is not required.
If EPT is in use, the logical processor associates all mappings it creates with the value of bits 51:12 of current EPTP.
If a VMM uses different EPTP values for different guests, it may use the same VPID for those guests. Doing so
cannot result in one guest using translations that pertain to the other.
The following guidelines apply more generally and are appropriate even if EPT is in use:

•

As detailed in Section 29.4.5, an access to the APIC-access page might not cause an APIC-access VM exit if
software does not properly invalidate information that may be cached from the paging structures. If, at one
time, the current VPID on a logical processor was a non-zero value X, it is recommended that software use the
INVVPID instruction with the “single-context” INVVPID type and with VPID X in the INVVPID descriptor before
a VM entry on the same logical processor that establishes VPID X and either (a) the “virtualize APIC accesses”
VM-execution control was changed from 0 to 1; or (b) the value of the APIC-access address was changed.

•

Software can use the INVVPID instruction with the “all-context” INVVPID type immediately after execution of
the VMXON instruction or immediately prior to execution of the VMXOFF instruction. Either prevents potentially
undesired retention of information cached from paging structures between separate uses of VMX operation.

28.3.3.4 Guidelines for Use of the INVEPT Instruction

The following items provide guidelines for use of the INVEPT instruction to invalidate information cached from the
EPT paging structures.