Volume 3B System Programming Guide_ Part 2 (794104), страница 27
Текст из файла (страница 27)
Processor state is saved into the guest-state area onVM exits and loaded from there on VM entries.••Host-state area. Processor state is loaded from the host-state area on VM exits.•••VM-exit control fields. These fields control VM exits.VM-execution control fields. These fields control processor behavior in VMXnon-root operation. They determine in part the causes of VM exits.VM-entry control fields. These fields control VM entries.VM-exit information fields. These fields receive information on VM exits anddescribe the cause and the nature of VM exits. They are read-only.The VM-execution control fields, the VM-exit control fields, and the VM-entry controlfields are sometimes referred to collectively as VMX controls.20.4GUEST-STATE AREAThis section describes fields contained in the guest-state area of the VMCS.
As notedearlier, processor state is loaded from these fields on every VM entry (see Section22.3.2) and stored into these fields on every VM exit (see Section 23.3).20.4.1Guest Register StateThe following fields in the guest-state area correspond to processor registers:•Control registers CR0, CR3, and CR4 (64 bits each; 32 bits on processors that donot support Intel 64 architecture).•Debug register DR7 (64 bits; 32 bits on processors that do not support Intel 64architecture).1.
Alternatively, software may map any of these regions or structures with the UC memory type.Doing so is strongly discouraged unless necessary as it will cause the performance of transitionsusing those structures to suffer significantly. In addition, the processor will continue to use thememory type reported in the VMX capability MSR IA32_VMX_BASIC with exceptions noted inAppendix G.1.Vol. 3 20-3VIRTUAL-MACHINE CONTROL STRUCTURES•RSP, RIP, and RFLAGS (64 bits each; 32 bits on processors that do not supportIntel 64 architecture).1•The following fields for each of the registers CS, SS, DS, ES, FS, GS, LDTR, andTR:— Selector (16 bits).— Base address (64 bits; 32 bits on processors that do not support Intel 64architecture). The base-address fields for CS, SS, DS, and ES have only 32architecturally-defined bits; nevertheless, the corresponding VMCS fieldshave 64 bits on processors that support Intel 64 architecture.— Segment limit (32 bits). The limit field is always a measure in bytes.— Access rights (32 bits).
The format of this field is given in Table 20-2 anddetailed as follows:•The low 16 bits correspond to bits 23:8 of the upper 32 bits of a 64-bitsegment descriptor. While bits 19:16 of code-segment and data-segmentdescriptors correspond to the upper 4 bits of the segment limit, the corresponding bits (bits 11:8) are reserved in this VMCS field.•Bit 16 indicates an unusable segment. Attempts to use such a segmentfault except in 64-bit mode. In general, a segment register is unusable ifit has been loaded with a null selector.2•Bits 31:17 are reserved.Table 20-2. Format of Access RightsBit Position(s)Field3:0Segment type4S — Descriptor type (0 = system; 1 = code or data)6:5DPL — Descriptor privilege level1. This chapter uses the notation RAX, RIP, RSP, RFLAGS, etc.
for processor registers because mostprocessors that support VMX operation also support Intel 64 architecture. For processors that donot support Intel 64 architecture, this notation refers to the 32-bit forms of those registers(EAX, EIP, ESP, EFLAGS, etc.). In a few places, notation such as EAX is used to refer specifically tolower 32 bits of the indicated register.2. There are a few exceptions to this statement.
For example, a segment with a non-null selectormay be unusable following a task switch that fails after its commit point; see “Interrupt10—Invalid TSS Exception (#TS)” in Section 5.14, “Exception and Interrupt Handling in 64-bitMode,” of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A. Incontrast, the TR register is usable after processor reset despite having a null selector; see Table9-1 in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A.20-4 Vol. 3VIRTUAL-MACHINE CONTROL STRUCTURESTable 20-2.
Format of Access Rights (Contd.)Bit Position(s)Field7P — Segment present11:8Reserved12AVL — Available for use by system software13Reserved (except for CS)L — 64-bit mode active (for CS only)14D/B — Default operation size (0 = 16-bit segment; 1 = 32-bit segment)15G — Granularity16Segment unusable (0 = usable; 1 = unusable)31:17ReservedThe base address, segment limit, and access rights compose the “hidden” part(or “descriptor cache”) of each segment register. These data are included in theVMCS because it is possible for a segment register’s descriptor cache to be inconsistent with the segment descriptor in memory (in the GDT or the LDT)referenced by the segment register’s selector.Note that the value of the DPL field for SS is always equal to the logicalprocessor’s current privilege level (CPL).1•The following fields for each of the registers GDTR and IDTR:— Base address (64 bits; 32 bits on processors that do not support Intel 64architecture).— Limit (32 bits).
The limit fields contain 32 bits even though these fields arespecified as only 16 bits in the architecture.•The following MSRs:— IA32_DEBUGCTL (64 bits)— IA32_SYSENTER_CS (32 bits)— IA32_SYSENTER_ESP and IA32_SYSENTER_EIP (64 bits; 32 bits onprocessors that do not support Intel 64 architecture)•The register SMBASE (32 bits). This register contains the base address of thelogical processor’s SMRAM image.1. In protected mode, CPL is also associated with the RPL field in the CS selector.
However, the RPLfields are not meaningful in real-address mode or in virtual-8086 mode.Vol. 3 20-5VIRTUAL-MACHINE CONTROL STRUCTURES20.4.2Guest Non-Register StateIn addition to the register state described in Section 20.4.1, the guest-state areaincludes the following fields that characterize guest state but which do not correspond to processor registers:•Activity state (32 bits). This field identifies the logical processor’s activity state.When a logical processor is executing instructions normally, it is in the activestate. Execution of certain instructions and the occurrence of certain events maycause a logical processor to transition to an inactive state in which it ceases toexecute instructions.The following activity states are defined:1— 0: Active.
The logical processor is executing instructions normally.— 1: HLT. The logical processor is inactive because it executed the HLTinstruction.— 2: Shutdown. The logical processor is inactive because it incurred a triplefault2 or some other serious error.— 3: Wait-for-SIPI. The logical processor is inactive because it is waiting for astartup-IPI (SIPI).Future processors may include support for other activity states. Software shouldread the VMX capability MSR IA32_VMX_MISC (see Appendix G.5) to determinewhat activity states are supported.•Interruptibility state (32 bits).
The IA-32 architecture includes features thatpermit certain events to be blocked for a period of time. This field containsinformation about such blocking. Details and the format of this field are given inTable 20-3.Table 20-3. Format of Interruptibility StateBitPosition(s)Bit NameNotes0Blocking by STISee the “STI—Set Interrupt Flag” section in Chapter 4 of theIntel® 64 and IA-32 Architectures Software Developer’sManual, Volume 2B.Execution of STI with RFLAGS.IF = 0 blocks interrupts (and,optionally, other events) for one instruction after itsexecution.
Setting this bit indicates that this blocking is ineffect.1. Execution of the MWAIT instruction may put a logical processor into an inactive state. However,this VMCS field never reflects this state. See Section 23.1.2. A triple fault occurs when a logical processor encounters an exception while attempting todeliver a double fault.20-6 Vol.
3VIRTUAL-MACHINE CONTROL STRUCTURESTable 20-3. Format of Interruptibility State (Contd.)BitPosition(s)Bit NameNotes1Blocking byMOV SSSee the “MOV—Move a Value from the Stack” and “POP—Popa Value from the Stack” sections in Chapter 3 and Chapter 4of the Intel® 64 and IA-32 Architectures SoftwareDeveloper’s Manual, Volumes 2A & 2B, and Section 5.8.3 inthe Intel® 64 and IA-32 Architectures Software Developer’sManual, Volume 3A.Execution of a MOV to SS or a POP to SS blocks interrupts forone instruction after its execution. In addition, certain debugexceptions are inhibited between a MOV to SS or a POP to SSand a subsequent instruction. Setting this bit indicates thatthe blocking of all these events is in effect.
This documentuses the term “blocking by MOV SS,” but it applies equally toPOP SS.2Blocking by SMISee Section 24.2 in the Intel® 64 and IA-32 ArchitecturesSoftware Developer’s Manual, Volume 3A.System-management interrupts (SMIs) are disabled while theprocessor is in system-management mode (SMM). Setting thisbit indicates that blocking of SMIs is in effect.3Blocking by NMISee Section 5.7.1 in the Intel® 64 and IA-32 ArchitecturesSoftware Developer’s Manual, Volume 3A and Section 24.8 inthe Intel® 64 and IA-32 Architectures Software Developer’sManual, Volume 3B.Delivery of a non-maskable interrupt (NMI) or a systemmanagement interrupt (SMI) blocks subsequent NMIs until thenext execution of IRET.
See Section 21.4 for how thisbehavior of IRET may change in VMX non-root operation.Setting this bit indicates that blocking of NMIs is in effect.Clearing this bit does not imply that NMIs are not(temporarily) blocked for other reasons.If the “virtual NMIs” VM-execution control (see Section20.6.1) is 1, this bit does not control the blocking of NMIs.Instead, it refers to “virtual-NMI blocking” (the fact that guestsoftware is not ready for an NMI).31:4•ReservedVM entry will fail if these bits are not 0. See Section 22.3.1.5.Pending debug exceptions (64 bits; 32 bits on processors that do not supportIntel 64 architecture). IA-32 processors may recognize one or more debugexceptions without immediately delivering them.1 This field contains informationabout such exceptions. This field is described in Table 20-4.Vol.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
