36-64 Vol. 3C
INTEL® PROCESSOR TRACE
When tracing only the host, the decoder does not need information about the guests, the VMCS controls for
suppressing VMX-specific packets can be set to reduce the packets generated. VMCS packets will still be generated
on successful VMPTRLD and in PSB+ generated in the Host, but these will be unused by the decoder.
The packets of interests to a decoder when trace packets are collected for host-only tracing are shown in Table 36-
48.
36.5.2.3 Guest-Only Tracing
A VMM can configure trace packet generation while in non-root operation for guests executing normally. This is
accomplished by utilizing the MSR load lists across VM exit and VM entry to confine trace packet generation to
stay within the guest environment.
For this usage, the VM-entry MSR load list is programmed to turn on trace packet generation. The VM-exit MSR
load list is used to clear TraceEn=0 to disable trace packet generation in the host. Further, if it is preferred that
the guest packet stream contain no indication that execution was in VMX non-root operation, the VMM should set
the VMCS controls described in Table 36-46.
36.5.2.4 Virtualization of Guest Output Packet Streams
Each Intel PT aware guest OS can produce one or more output packet streams to destination addresses specified
as guest physical address (GPA) using context-switched IA32_RTIT_OUTPUT_BASE within the guest. The processor
generates trace packets to the platform physical address specified in IA32_RTIT_OUTPUT_BASE, and those speci-
fied in the ToPA tables. Thus, a VMM that supports Intel PT aware guest OS may wish to virtualize the output config-
urations of IA32_RTIT_OUTPUT_BASE and ToPA for each trace configuration state of all the guests.
36.5.2.5 Emulation of Intel PT Traced State
If a VMM emulates an element of processor state by taking a VM exit on reads and/or writes to that piece of state,
and the state element impacts Intel PT packet generation or values, it may be incumbent upon the VMM to insert
or modify the output trace data.
If a VM exit is taken on a guest write to CR3 (including “MOV CR3” as well as task switches), the PIP packet
normally generated on the CR3 write will be missing.
To avoid decoder confusion when the guest trace is decoded, the VMM should emulate the missing PIP by writing it
into the guest output buffer. If the guest CR3 value is manipulated, the VMM may also need to manipulate the
IA32_RTIT_CR3_MATCH value, in order to ensure the trace behavior matches the guest's expectation.
Similarly, if a VMM emulates the TSC value by taking a VM exit on RDTSC, the TSC packets generated in the trace
may mismatch the TSC values returned by the VMM on RDTSC. To ensure that the trace can be properly aligned
with software logs based on RDTSC, the VMM should either make corresponding modifications to the TSC packet
values in the guest trace, or use mechanisms such as TSC offsetting or TSC scaling in place of exiting.
36.5.2.6 TSC Scaling
When TSC scaling is enabled for a guest using Intel PT, the VMM should ensure that the value of Maximum Non-
Turbo Ratio[15:8] in MSR_PLATFORM_INFO (MSR 0CEH) and the TSC/”core crystal clock” ratio (EBX/EAX) in CPUID
leaf 15H are set in a manner consistent with the resulting TSC rate that will be visible to the VM. This will allow the
decoder to properly apply TSC packets, MTC packets (based on the core crystal clock or ART, whose frequency is
indicated by CPUID leaf 15H), and CBR packets (which indicate the ratio of the processor frequency to the Max
Table 36-48. Packets on VMX Transitions (Host-Only Tracing)
Event
Packets Description
VM exit
TIP.PGE(HostIP)
The TIP.PGE indicates that trace packet generation is enabled and gives the IP of the first
instruction to be executed in VMX root operation.
Note, this packet could be preceded by a MODE.Exec packet (Section 36.4.2.8). This is
generated only in cases where CS.D or (CS.L & EFER.LMA) change during the transition.
VM entry
TIP.PGD()
The TIP indicates that trace packet generation was disabled. This ensure that all buffered
packets are flushed out.