Vol. 3C 29-5
APIC VIRTUALIZATION AND VIRTUAL INTERRUPTS
29.3
VIRTUALIZING CR8-BASED TPR ACCESSES
In 64-bit mode, software can access the local APIC’s task-priority register (TPR) through CR8. Specifically, software
uses the MOV from CR8 and MOV to CR8 instructions (see Section 10.8.6, “Task Priority in IA-32e Mode”). This
section describes how these accesses can be virtualized.
A virtual-machine monitor can virtualize these CR8-based APIC accesses by setting the “CR8-load exiting” and
“CR8-store exiting” VM-execution controls, ensuring that the accesses cause VM exits (see Section 25.1.3). Alter-
natively, there are methods for virtualizing some CR8-based APIC accesses without VM exits.
Normally, an execution of MOV from CR8 or MOV to CR8 that does not fault or cause a VM exit accesses the APIC’s
TPR. However, such an execution are treated specially if the “use TPR shadow” VM-execution control is 1. The
following items provide details:
•
MOV from CR8. The instruction loads bits 3:0 of its destination operand with bits 7:4 of VTPR (see Section
29.1.1). Bits 63:4 of the destination operand are cleared.
•
MOV to CR8. The instruction stores bits 3:0 of its source operand into bits 7:4 of VTPR; the remainder of VTPR
(bits 3:0 and bits 31:8) are cleared. Following this, the processor performs TPR virtualization (see Section
29.1.2).
29.4
VIRTUALIZING MEMORY-MAPPED APIC ACCESSES
When the local APIC is in xAPIC mode, software accesses the local APIC’s control registers using a memory-
mapped interface. Specifically, software uses linear addresses that translate to physical addresses on page frame
indicated by the base address in the IA32_APIC_BASE MSR (see Section 10.4.4, “Local APIC Status and Location”).
This section describes how these accesses can be virtualized.
A virtual-machine monitor (VMM) can virtualize these memory-mapped APIC accesses by ensuring that any access
to a linear address that would access the local APIC instead causes a VM exit. This could be done using paging or
the extended page-table mechanism (EPT). Another way is by using the 1-setting of the “virtualize APIC accesses”
VM-execution control.
If the “virtualize APIC accesses” VM-execution control is 1, the logical processor treats specially memory accesses
using linear addresses that translate to physical addresses in the 4-KByte APIC-access page.
3
(The APIC-access
page is identified by the APIC-access address, a field in the VMCS; see Section 24.6.8.)
In general, an access to the APIC-access page causes an APIC-access VM exit. APIC-access VM exits provide a
VMM with information about the access causing the VM exit. Section 29.4.1 discusses the priority of APIC-access
VM exits.
Certain VM-execution controls enable the processor to virtualize certain accesses to the APIC-access page without
a VM exit. In general, this virtualization causes these accesses to be made to the virtual-APIC page instead of the
APIC-access page.
NOTES
Unless stated otherwise, this section characterizes only linear accesses to the APIC-access page;
an access to the APIC-access page is a linear access if (1) it results from a memory access using a
linear address; and (2) the access’s physical address is the translation of that linear address.
Section 29.4.6 discusses accesses to the APIC-access page that are not linear accesses.
The distinction between the APIC-access page and the virtual-APIC page allows a VMM to share
paging structures or EPT paging structures among the virtual processors of a virtual machine (the
shared paging structures referencing the same APIC-access address, which appears in the VMCS of
3. Even when addresses are translated using EPT (see Section 28.2), the determination of whether an APIC-access VM exit occurs
depends on an access’s physical address, not its guest-physical address. Even when CR0.PG = 0, ordinary memory accesses by soft-
ware use linear addresses; the fact that CR0.PG = 0 means only that the identity translation is used to convert linear addresses to
physical (or guest-physical) addresses.