background image

Vol. 3C 31-5

VIRTUAL-MACHINE MONITOR PROGRAMMING CONSIDERATIONS

31.5.1 

Algorithms for Determining VMX Capabilities

As noted earlier, a VMM should determine the VMX capabilities supported by the processor by reading the VMX 
capability MSRs. The architecture for these MSRs is detailed in Appendix A.
As noted in Chapter 26, “VM Entries”, certain VMX controls are reserved and must be set to a specific value (0 or 
1) determined by the processor. The specific value to which a reserved control must be set is its default setting
Most controls have a default setting of 0; Appendix A.2 identifies those controls that have a default setting of 1. The 
term default1 describes the class of controls whose default setting is 1. The are controls in this class from the pin-
based VM-execution controls, the primary processor-based VM-execution controls, the VM-exit controls, and the 
VM-entry controls. There are no secondary processor-based VM-execution controls in the default1 class.
Future processors may define new functionality for one or more reserved controls. Such processors would allow 
each newly defined control to be set either to 0 or to 1. Software that does not desire a control’s new functionality 
should set the control to its default setting.
The capability MSRs IA32_VMX_PINBASED_CTLS, IA32_VMX_PROCBASED_CTLS, IA32_VMX_EXIT_CTLS, and 
IA32_VMX_ENTRY_CTLS report, respectively, on the allowed settings of most of the pin-based VM-execution 
controls, the primary processor-based VM-execution controls, the VM-exit controls, and the VM-entry controls. 
However, they will always report that any control in the default1 class must be 1. If a logical processor allows any 
control in the default1 class to be 0, it indicates this fact by returning 1 for the value of bit 55 of the 
IA32_VMX_BASIC MSR. If this bit is 1, the logical processor supports the capability MSRs 
IA32_VMX_TRUE_PINBASED_CTLS, IA32_VMX_TRUE_PROCBASED_CTLS, IA32_VMX_TRUE_EXIT_CTLS, and 
IA32_VMX_TRUE_ENTRY_CTLS. These capability MSRs report, respectively, on the allowed settings of all of the 
pin-based VM-execution controls, the primary processor-based VM-execution controls, the VM-exit controls, and 
the VM-entry controls.
Software may use one of the following high-level algorithms to determine the correct default control settings:

1

1. The following algorithm does not use the details given in Appendix A.2:

a. Ignore bit 55 of the IA32_VMX_BASIC MSR.
b. Using RDMSR, read the VMX capability MSRs IA32_VMX_PINBASED_CTLS, IA32_VMX_PROCBASED_CTLS, 

IA32_VMX_EXIT_CTLS, and IA32_VMX_ENTRY_CTLS.

c. Set the VMX controls as follows:

i) If the relevant VMX capability MSR reports that a control has a single setting, use that setting.
ii) If (1) the relevant VMX capability MSR reports that a control can be set to 0 or 1; and (2) the control’s 

meaning is known to the VMM; then set the control based on functionality desired.

iii) If (1) the relevant VMX capability MSR reports that a control can be set to 0 or 1; and (2) the control’s 

meaning is not known to the VMM; then set the control to 0.

A VMM using this algorithm will set to 1 all controls in the default1 class (in step (c)(i)). It will operate
correctly even on processors that allow some controls in the default1 class to be 0. However, such a VMM will
not be able to use the new features enabled by the 0-setting of such controls. For that reason, this algorithm
is not recommended.

2. The following algorithm uses the details given in Appendix A.2. This algorithm requires software to know the 

identity of the controls in the default1 class:
a. Using RDMSR, read the IA32_VMX_BASIC MSR.
b. Use bit 55 of that MSR as follows:

i) If bit 55 is 0, use RDMSR to read the VMX capability MSRs IA32_VMX_PINBASED_CTLS, 

IA32_VMX_PROCBASED_CTLS, IA32_VMX_EXIT_CTLS, and IA32_VMX_ENTRY_CTLS.

ii) If bit 55 is 1, use RDMSR to read the VMX capability MSRs IA32_VMX_TRUE_PINBASED_CTLS, 

IA32_VMX_TRUE_PROCBASED_CTLS, IA32_VMX_TRUE_EXIT_CTLS, and 
IA32_VMX_TRUE_ENTRY_CTLS.

1. These algorithms apply only to the pin-based VM-execution controls, the primary processor-based VM-execution controls, the VM-

exit controls, and the VM-entry controls. Because there are no secondary processor-based VM-execution controls in the default1 

class, a VMM can always set to 0 any such control whose meaning is unknown to it.