Vol. 3C 36-63
INTEL® PROCESSOR TRACE
36.5.2
Managing Trace Packet Generation Across VMX Transitions
In tracing scenarios that collect packets for both VMX root operation and VMX non-root operation, a host executive
can manage the MSRs associated with trace packet generation directly. The states of these MSRs need not be
modified using MSR load list or MSR save list across VMX transitions.
For tracing scenarios that collect only packets within either VMX root operation or VMX non-root operation, the
VMM can use the MSR load list and/or MSR save list to toggle IA32_RTIT_CTL.TraceEn.
36.5.2.1 System-Wide Tracing
When a host or VMM configures Intel PT to collect trace packets of the entire system, it can leave the VMCS controls
clear to allow VMX-specific packets to provide information across VMX transitions. MSR load list is not used across
VM exits or VM entries, nor is VM-exit MSR save list.
The decoder will desire to identify the occurrence of VMX transitions. The packets of interests to a decoder are
shown in Table 36-47.
Since the packet suppression controls are cleared, the VMCS packet will be included in all PSB+ for this usage
scenario. Thus the decoder can distinguish the execution context of different VMs. Additionally, it will be generated
on VMPTRLD. Thus the decoder can distinguish the execution context of different VMs.
When the host VMM configures a system to collect trace packets in this scenario, it should emulate CPUID to report
CPUID.(EAX=07H, ECX=0):EBX[bit 26] with 0 to guests, indicating to guests that Intel PT is not available.
VMX TSC Manipulation
The TSC packets generated while in VMX non-root operation will include any changes resulting from the use of a
VMM’s use of the TSC offsetting or TSC scaling VMCS control (see Chapter 25, “VMX Non-Root Operation”). In this
system-wide usage model, the decoder may need to account for the effect of per-VM adjustments in the TSC
packets generated in VMX non-root operation and the absence of TSC adjustments in TSC packets generated in
VMX root operation. The VMM can supply this information to the decoder.
36.5.2.2 Host-Only Tracing
When trace packets in VMX non-root operation are not desired, the VMM can use VM-entry MSR load list with
IA32_RTIT_CTL.TraceEn=0 to disable trace packet generation in guests, set IA32_RTIT_CTL.TraceEn=1 via VM-
exit MSR load list.
Table 36-47. Packets on VMX Transitions (System-Wide Tracing)
Event
Packets Description
VM exit
FUP(GuestIP)
The FUP indicates at which point in the guest flow the VM exit occurred. This is important,
since VM exit can be an asynchronous event. The IP will match that written into the VMCS.
PIP(HostCR3, NR=0)
The PIP packet provides the new host CR3 value, as well as indication that the logical processor
is entering VMX root operation. This allows the decoder to identify the change of executing
context from guest to host and load the appropriate set of binaries to continue decode.
TIP(HostIP)
The TIP indicates the destination IP, the IP of the first instruction to be executed in VMX root
operation.
Note, this packet could be preceded by a MODE.Exec packet (Section 36.4.2.8). This is
generated only in cases where CS.D or (CS.L & EFER.LMA) change during the transition.
VM entry
PIP(GuestCR3, NR=1)
The PIP packet provides the new guest CR3 value, as well as indication that the logical
processor is entering VMX non-root operation. This allows the decoder to identify the change
of executing context from host to guest and load the appropriate set of binaries to continue
decode.
TIP(GuestIP)
The TIP indicates the destination IP, the IP of the first instruction to be executed in VMX non-
root operation. This should match the IP value read out from the VMCS.
Note, this packet could be preceded by a MODE.Exec packet (Section 36.4.2.8). This is
generated only in cases where CS.D or (CS.L & EFER.LMA) change during the transition.