Volume 3B System Programming Guide_ Part 2 (794104), страница 33
Текст из файла (страница 33)
For example, RDMSR of a non-existent MSR withCPL = 0 generates a VM exit and not a general-protection exception.When Section 21.1.2 or Section 21.1.3 (below) identify an instruction execution thatmay lead to a VM exit, it is assumed that the instruction does not incur a fault thattakes priority over a VM exit.21.1.2Instructions That Cause VM Exits UnconditionallyThe following instructions cause VM exits when they are executed in VMX non-rootoperation: CPUID, INVD, MOV from CR3. This is also true of instructions introducedwith VMX, which include: VMCALL,2 VMCLEAR, VMLAUNCH, VMPTRLD, VMPTRST,VMREAD, VMRESUME, VMWRITE, VMXOFF, and VMXON.21.1.3Instructions That Cause VM Exits ConditionallyCertain instructions cause VM exits in VMX non-root operation depending on thesetting of the VM-execution controls. The following instructions can cause “fault-like”VM exits based on the conditions described:•CLTS.
The CLTS instruction causes a VM exit if the bits in position 3 (corresponding to CR0.TS) are set in both the CR0 guest/host mask and the CR0 readshadow.1. MOV DR is an exception to this rule; see Section 21.1.3.2. Under the dual-monitor treatment of SMIs and SMM, executions of VMCALL cause SMM VM exitsin VMX root operation outside SMM. See Section 24.16.2.21-2 Vol. 3VMX NON-ROOT OPERATION•HLT. The HLT instruction causes a VM exit if the “HLT exiting” VM-executioncontrol is 1.•IN, INS/INSB/INSW/INSD, OUT, OUTS/OUTSB/OUTSW/OUTSD. Thebehavior of each of these instructions is determined by the settings of the“unconditional I/O exiting” and “use I/O bitmaps” VM-execution controls:— If both controls are 0, the instruction executes normally.— If the “unconditional I/O exiting” VM-execution control is 1 and the “use I/Obitmaps” VM-execution control is 0, the instruction causes a VM exit.— If the “use I/O bitmaps” VM-execution control is 1, the instruction causes aVM exit if it attempts to access an I/O port corresponding to a bit set to 1 inthe appropriate I/O bitmap (see Section 20.6.4).
If an I/O operation “wrapsaround” the 16-bit I/O-port space (accesses ports FFFFH and 0000H), the I/Oinstruction causes a VM exit (the “unconditional I/O exiting” VM-executioncontrol is ignored if the “use I/O bitmaps” VM-execution control is 1).See Section 21.1.1 for information regarding the priority of VM exits relative tofaults that may be caused by the INS and OUTS instructions.•INLVPG. The INLVPG instruction causes a VM exit if the “INLVPG exiting”VM-execution control is 1.•LMSW.
In general, the LMSW instruction causes a VM exit if it would write, forany bit set in the low 4 bits of the CR0 guest/host mask, a value different than thecorresponding bit in the CR0 read shadow. Note that LMSW never clears bit 0 ofCR0 (CR0.PE). Thus, LMSW causes a VM exit if either of the following are true:— The bits in position 0 (corresponding to CR0.PE) are set in both the CR0guest/mask and the source operand, and the bit in position 0 is clear in theCR0 read shadow.— For any bit position in the range 3:1, the bit in that position is set in the CR0guest/mask and the values of the corresponding bits in the source operandand the CR0 read shadow differ.•MONITOR. The MONITOR instruction causes a VM exit if the “MONITOR exiting”VM-execution control is 1.•MOV from CR8.
The MOV from CR8 instruction (which can be executed only in64-bit mode) causes a VM exit if the “CR8-store exiting” VM-execution control is1. Note that, if this control is 0, the behavior of the MOV from CR8 instruction ismodified if the “use TPR shadow” VM-execution control is 1 (see Section 21.4).•MOV to CR0. The MOV to CR0 instruction causes a VM exit unless the value of itssource operand matches, for the position of each bit set in the CR0 guest/hostmask, the corresponding bit in the CR0 read shadow. (If every bit is clear in theCR0 guest/host mask, MOV to CR0 cannot cause a VM exit.)•MOV to CR3. The MOV to CR3 instruction causes a VM exit unless the value of itssource operand is equal to one of the CR3-target values specified in the VMCS.Note that, if the CR3-target count in n, only the first n CR3-target values areconsidered; if the CR3-target count is 0, MOV to CR3 always causes a VM exit.Vol.
3 21-3VMX NON-ROOT OPERATION•MOV to CR4. The MOV to CR4 instruction causes a VM exit unless the value of itssource operand matches, for the position of each bit set in the CR4 guest/hostmask, the corresponding bit in the CR4 read shadow.•MOV to CR8. The MOV to CR8 instruction (which can be executed only in 64-bitmode) causes a VM exit if the “CR8-load exiting” VM-execution control is 1. Notethat, if this control is 0, the behavior of the MOV to CR8 instruction is modified ifthe “use TPR shadow” VM-execution control is 1 (see Section 21.4) and it maycause a trap-like VM exit (see below).•MOV DR.
The MOV DR instruction causes a VM exit if the “MOV-DR exiting”VM-execution control is 1. Such VM exits represent an exception to the principlesidentified in Section 21.1.1; they take priority over all faults that may occur in theexecution of MOV DR.•MWAIT. The MWAIT instruction causes a VM exit if the “MWAIT exiting”VM-execution control is 1.•PAUSE. The PAUSE instruction causes a VM exit if the “PAUSE exiting”VM-execution control is 1.•RDMSR.
The RDMSR instruction causes a VM exit if any of the following are true:— The “use MSR bitmaps” VM-execution control is 0.— The value of RCX is not in the range 00000000H – 00001FFFH orC0000000H – C0001FFFH.— The value of RCX is in the range 00000000H – 00001FFFH and the nth bit inread bitmap for low MSRs is 1, where n is the value of RCX.— The value of RCX is in the range C0000000H – C0001FFFH and the nth bit inread bitmap for high MSRs is 1, where n is the value of RCX & 00001FFFH.See Section 20.6.9 for details regarding how these bitmaps are identified.•RDPMC.
The RDPMC instruction causes a VM exit if the “RDPMC exiting”VM-execution control is 1.•RDTSC. The RDTSC instruction causes a VM exit if the “RDTSC exiting”VM-execution control is 1.•RSM. The RSM instruction causes a VM exit if executed in system-managementmode (SMM).1•WRMSR. The WRMSR instruction causes a VM exit if any of the following aretrue:— The “use MSR bitmaps” VM-execution control is 0.— The value of RCX is not in the range 00000000H – 00001FFFH orC0000000H – C0001FFFH.1. Execution of the RSM instruction outside SMM causes an invalid-opcode exception regardless ofwhether the processor is in VMX operation.
It also does so in VMX root operation in SMM; seeSection 24.16.3.21-4 Vol. 3VMX NON-ROOT OPERATION— The value of RCX is in the range 00000000H – 00001FFFH and the nth bit inwrite bitmap for low MSRs is 1, where n is the value of RCX.— The value of RCX is in the range C0000000H – C0001FFFH and the nth bit inwrite bitmap for high MSRs is 1, where n is the value of RCX & 00001FFFH.See Section 20.6.9 for details regarding how these bitmaps are identified.The MOV to CR8 instruction (which can be executed only in 64-bit mode) may causea “trap-like” VM exit. This means that the instruction completes before the VM exitoccurs and that processor state is updated by the instruction (for example, the valueof RIP saved in the guest-state area of the VMCS references the next instruction).Specifically, a VM exit occurs after execution of MOV to CR8 if the following are true:•••The “CR8-load exiting” VM-execution control is 0.The “use TPR shadow” VM-execution control is 1.The execution of MOV to CR8 reduces the value of the TPR shadow below that ofthe TPR threshold VM-execution control field (see Section 20.6.8 and Section21.4).21.2APIC-ACCESS VM EXITSIf the “virtualize APIC accesses” VM-execution control is 1, an attempt to accessmemory using a physical address on the APIC-access page (see Section 20.6.8)causes a VM exit.
Such a VM exit is called an APIC-access VM exit.In general, an operation that attempts to access memory with a physical address onthe APIC-access page causes an APIC-access VM exit. This may be qualified based onthe type of access. Section 21.2.1 describes the treatment of linear accesses, whileSection 21.2.2 describes that of physical accesses.
Section 21.2.3 discussesaccesses to the TPR field on the APIC-access page (called VTPR accesses), which donot, if the “use TPR shadow” VM-execution control is 1, cause APIC-access VM exits.21.2.1Linear Accesses to the APIC-Access PageAn access to the APIC-access page is called a linear access if (1) it results from amemory access using a linear address; and (2) the access’s physical address is thetranslation of that linear address.
Section 21.2.1.1 specifies which linear accesses tothe APIC-access page cause APIC-access VM exits.In general, the treatment of APIC-access VM exits caused by linear accesses issimilar to that of page faults. Based upon this treatment, Section 21.2.1.2 specifiesthe priority of such VM exits with respect to other events, while Section 21.2.1.3discusses instructions that may cause page faults without accessing memory and thetreatment when they access the APIC-access page.Vol. 3 21-5VMX NON-ROOT OPERATION21.2.1.1Linear Accesses That Cause APIC-Access VM ExitsWhether a linear access to the APIC-access page causes an APIC-access VM exitdepends in part of the nature of the translation used by the linear address:•If the linear access uses a translation with a 4-KByte page, it causes an APICaccess VM exit.•If the linear access uses a translation with a large page (2-MByte or 4-MByte),the access may or may not cause an APIC-access VM exit.
Section 21.5.1describes the treatment of such accesses that do not cause an APIC-accessVM exits.It is recommended that software configure the paging structures so that any translation to the APIC-access page uses a 4-KByte page.21.2.1.2Priority of APIC-Access VM Exits Caused by Linear AccessesThe following items specify the priority relative to other events of APIC-accessVM exits caused by linear accesses.•The priority of an APIC-access VM exit on a linear access to memory is below thatof any page fault that that access may incur.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
