background image

Vol. 3C 33-5

HANDLING BOUNDARY CONDITIONS IN A VIRTUAL MACHINE MONITOR

bitmap regions. Bits corresponding to the PIC I/O ports can be cleared to cause a VM exit on guest access to these 
ports. 
If the VMM is not supporting direct access to any I/O ports from a guest, it can set the unconditional-I/O-exiting in 
the VM-execution control field instead of activating I/O bitmaps. The exit-reason field in VM-exit information allows 
identification of VM exits due to I/O access and can provide an exit-qualification to identify details about the guest 
I/O operation that caused the VM exit. 
The VMM PIC virtualization needs to emulate the platform PIC functionality including interrupt priority, mask, 
request and service states, and specific guest programmed modes of PIC operation.

33.3.2.2   xAPIC Virtualization

Most modern Intel 64 and IA-32 platforms include support for an APIC. While the standard PIC is intended for use 
on uniprocessor systems, APIC can be used in either uniprocessor or multi-processor systems.
APIC based interrupt control consists of two physical components: the interrupt acceptance unit (Local APIC) which 
is integrated with the processor, and the interrupt delivery unit (I/O APIC) which is part of the I/O subsystem. APIC 
virtualization involves protecting the platform’s local and I/O APICs and emulating them for the guest. 

33.3.2.3   Local APIC Virtualization

The local APIC is responsible for the local interrupt sources, interrupt acceptance, dispensing interrupts to the 
logical processor, and generating inter-processor interrupts. Software interacts with the local APIC by reading and 
writing its memory-mapped registers residing within a 4-KByte uncached memory region with base address stored 
in the IA32_APIC_BASE MSR. Since the local APIC registers are memory-mapped, the VMM can utilize memory 
virtualization techniques (such as page-table virtualization) to trap guest accesses to the page frame hosting the 
virtual local APIC registers. 
Local APIC virtualization in the VMM needs to emulate the various local APIC operations and registers, such as: 
APIC identification/format registers, the local vector table (LVT), the interrupt command register (ICR), interrupt 
capture registers (TMR, IRR and ISR), task and processor priority registers (TPR, PPR), the EOI register and the 
APIC-timer register. Since local APICs are designed to operate with non-specific EOI, local APIC emulation also 
needs to emulate broadcast of EOI to the guest’s virtual I/O APICs for level triggered virtual interrupts. 
A local APIC allows interrupt masking at two levels: (1) mask bit in the local vector table entry for local interrupts 
and (2) raising processor priority through the TPR registers for masking lower priority external interrupts. The VMM 
needs to comprehend these virtual local APIC mask settings as programmed by the guest in addition to the guest 
virtual processor interruptibility state (when injecting APIC routed external virtual interrupts to a guest VM). 
VMX provides several features which help the VMM to virtualize the local APIC. These features allow many of guest 
TPR accesses (using CR8 only) to occur without VM exits to the VMM:

The VMCS contains a “virtual-APIC address” field. This 64-bit field is the physical address of the 4-KByte virtual 
APIC page (4-KByte aligned). The virtual-APIC page contains a TPR shadow, which is accessed by the MOV CR8 
instruction. The TPR shadow comprises bits 7:4 in byte 80H of the virtual-APIC page.

The TPR threshold: bits 3:0 of this 32-bit field determine the threshold below which the TPR shadow cannot fall. 
A VM exit will occur after an execution of MOV CR8 that reduces the TPR shadow below this value.

The processor-based VM-execution controls field contains a “use TPR shadow” bit and a “CR8-store exiting” bit. 
If the “use TPR shadow” VM-execution control is 1 and the “CR8-store exiting” VM-execution control is 0, then 
a MOV from CR8 reads from the TPR shadow. If the “CR8-store exiting” VM-execution control is 1, then MOV 
from CR8 causes a VM exit; the “use TPR shadow” VM-execution control is ignored in this case.

The processor-based VM-execution controls field contains a “CR8-load exiting” bit. If the “use TPR shadow” 
VM-execution control is set and the “CR8-load exiting” VM-execution control is clear, then MOV to CR8 writes to 
the “TPR shadow”. A VM exit will occur after this write if the value written is below the TPR threshold. If the 
“CR8-load exiting” VM-execution control is set, then MOV to CR8 causes a VM exit; the “use TPR shadow” VM-
execution control is ignored in this case.