Vol. 3C 31-15
VIRTUAL-MACHINE MONITOR PROGRAMMING CONSIDERATIONS
MSR-bitmap-address in the guest VMCS can be programmed by VMM to point to a bitmap region which
specifies VM-exit behavior when reading and writing individual MSRs.
MSR bitmaps form a 4-KByte region in physical memory and are required to be aligned to a 4-KByte boundary.
The first 1-KByte region manages read control of MSRs in the range 00000000H-00001FFFH; the second 1-
KByte region covers read control of MSR addresses in the range C0000000H-C0001FFFH. The bitmaps for write
control of these MSRs are located in the 2-KByte region immediately following the read control bitmaps. While
the MSR bitmap address is part of VMCS, the MSR bitmaps themselves are not. This implies MSR bitmaps are
not accessible through VMREAD and VMWRITE instructions but rather by using ordinary memory writes. Also,
they are not specially cached by the processor and may be placed in normal cache-coherent memory by the
VMM.
When MSR bitmap addresses are properly programmed and the use-MSR-bitmap control (see Section 24.6.2)
is set, the processor consults the associated bit in the appropriate bitmap on guest MSR accesses to the corre-
sponding MSR and causes a VM exit if the bit in the bitmap is set. Otherwise, the access is permitted to
proceed. This level of protection may be utilized by VMMs to selectively allow guest access to some MSRs while
virtualizing others.
•
Default MSR protection: If the use-MSR-bitmap control is not set, an attempt by a guest to access any MSR
causes a VM exit. This also occurs for any attempt to access an MSR outside the ranges identified above (even
if the use-MSR-bitmap control is set).
VM exits due to guest MSR accesses may be identified by the VMM through VM-exit reason codes. The MSR-read
exit reason implies guest software attempted to read an MSR protected either by default or through MSR bitmaps.
The MSR-write exit reason implies guest software attempting to write a MSR protected through the VM-execution
controls. Upon VM exits caused by MSR accesses, the VMM may virtualize the guest MSR access through emulation
of RDMSR/WRMSR.
31.10.2 Using VM-Exit Controls for MSRs
If a VMM allows its guest to access MSRs directly, the VMM may need to store guest MSR values and load host MSR
values for these MSRs on VM exits. This is especially true if the VMM uses the same MSRs while in VMX root oper-
ation.
A VMM can use the VM-exit MSR-store-address and the VM-exit MSR-store-count exit control fields (see Section
24.7.2) to manage how MSRs are stored on VM exits. The VM-exit MSR-store-address field contains the physical
address (16-byte aligned) of the VM-exit MSR-store area (a table of entries with 16 bytes per entry). Each table
entry specifies an MSR whose value needs to be stored on VM exits. The VM-exit MSR-store-count contains the
number of entries in the table.
Similarly the VM-exit MSR-load-address and VM-exit MSR-load-count fields point to the location and size of the VM-
exit MSR load area. The entries in the VM-exit MSR-load area contain the host expected values of specific MSRs
when a VM exit occurs.
Upon VM-exit, bits 127:64 of each entry in the VM-exit MSR-store area is updated with the contents of the MSR
indexed by bits 31:0. Also, bits 127:64 of each entry in the VM-exit MSR-load area is updated by loading with
values from bits 127:64 the contents of the MSR indexed by bits 31:0.
31.10.3 Using VM-Entry Controls for MSRs
A VMM may require specific MSRs to be loaded explicitly on VM entries while launching or resuming guest execu-
tion. The VM-entry MSR-load-address and VM-entry MSR-load-count entry control fields determine how MSRs are
loaded on VM-entries. The VM-entry MSR-load-address and count fields are similar in structure and function to the
VM-exit MSR-load address and count fields, except the MSR loading is done on VM-entries.
31.10.4 Handling
Special-Case MSRs and Instructions
A number of instructions make use of designated MSRs in their operation. The VMM may need to consider saving
the states of those MSRs. Instructions that merit such consideration include SYSENTER/SYSEXIT,
SYSCALL/SYSRET, SWAPGS.