Volume 3B System Programming Guide_ Part 2 (794104), страница 36
Текст из файла (страница 36)
For each position corresponding to a bit clear in the CR0guest/host mask, the destination operand is loaded with the value of the corresponding bit in CR0. For each position corresponding to a bit set in the CR0guest/host mask, the destination operand is loaded with the value of the corresponding bit in the CR0 read shadow. Thus, if every bit is cleared in the CR0guest/host mask, MOV from CR0 reads normally from CR0; if every bit is set inthe CR0 guest/host mask, MOV from CR0 returns the value of the CR0 readshadow.Note the following: (1) for any memory destination or for a 16-bit register destination, only the low 16 bits of the CR0 guest/host mask and the CR0 read shadoware used (bits 63:16 of a register destination are left unchanged); (2) for a 32-bitregister destination, only the low 32 bits of the CR0 guest/host mask and the CR0read shadow are used (bits 63:32 of the destination are cleared); and(3) depending on the contents of the CR0 guest/host mask and the CR0 readshadow, bits may be set in the destination that would never be set when readingdirectly from CR0.•WRMSR.
Section 21.1.3 identifies when executions of the WRMSR instructioncause VM exits. If an execution of WRMSR causes neither a fault or a VM exit andif RCX contains 79H (indicating IA32_BIOS_UPDT_TRIG MSR); no microcodeupdate is loaded and control passes to the next instruction.
This implies thatmicrocode updates cannot be loaded in VMX non-root operation.Vol. 3 21-13VMX NON-ROOT OPERATION21.5APIC ACCESSES THAT DO NOT CAUSE VM EXITSAs noted in Section 21.2, if the “virtualize APIC accesses” VM-execution control is 1,most memory accesses to the APIC-access page (see Section 20.6.8) cause APICaccess VM exits. Section 21.2 identifies potential exceptions. These are covered inSection 21.5.1 through Section 21.5.3.In some cases, an attempt to access memory on the APIC-access page is convertedto an access to the virtual-APIC page (see Section 20.6.8).
In these cases, the accessuses the memory type reported in bit 53:50 of the IA32_VMX_BASIC MSR (seeAppendix G.1).21.5.1Linear Accesses to the APIC-Access Page Using Large-PageTranslationsAs noted in Section 21.2.1, a linear access to the APIC-access page using translationwith a large page (2-MByte or 4-MByte) may or may not cause an APIC-accessVM exit. If it does not and the access is not a VTPR access (see Section 21.2.3), theaccess operates on memory on the APIC-access page. Section 21.5.3 describes thetreatment if there is no APIC-access VM exit and the access is a VTPR access.21.5.2Physical Accesses to the APIC-Access PageAs noted in Section 21.2.2, a physical access to the APIC-access page may or maynot cause an APIC-access VM exit. If it does not and the access is not a VTPR access(see Section 21.2.3), the access operates on memory on the APIC-access page.Section 21.5.3 describes the treatment if there is no APIC-access VM exit and theaccess is a VTPR access.21.5.3VTPR AccessesAs noted in Section 21.2.3, VTPR refers to the 16-byte field at offset 128 on the APICaccess page.
A memory access is a VTPR access if all of the following hold: (1) the“use TPR shadow” VM-execution control is 1; (2) the access is not for an instructionfetch; (3) the access is at most 32 bits in width; and (4) the access is to offset 128on the APIC-access page.The treatment of VTPR accesses depends on the nature of the access:•A linear VTPR access using a translation with a 4-KByte page does not cause anAPIC-access VM exit.
Instead, it is converted so that, instead of accessing offset128 on the APIC-access page, it accesses offset 128 on the virtual-APIC page.Further details are provided in Section 21.5.3.1 to Section 21.5.3.3.21-14 Vol. 3VMX NON-ROOT OPERATION•A linear VTPR access using a translation with a large page (2-MByte or 4-MByte)may be treated in either of two ways:— It may operate on memory on the APIC-access page. The details in Section21.5.3.1 to Section 21.5.3.3 do not apply.— It may be converted so that, instead of accessing offset 128 on the APICaccess page, it accesses offset 128 on the virtual-APIC page.
Further detailsare provided in Section 21.5.3.1 to Section 21.5.3.3.•A physical VTPR access may be treated in one of three ways:— It may cause an APIC-access VM exit. The details in Section 21.5.3.1 toSection 21.5.3.3 do not apply.— It may operate on memory on the APIC-access page. The details in Section21.5.3.1 to Section 21.5.3.3 do not apply.— It may be converted so that, instead of accessing offset 128 on the APICaccess page, it accesses offset 128 on the virtual-APIC page. Further detailsare provided in Section 21.5.3.1 to Section 21.5.3.3.Linear VTPR accesses never cause APIC-access VM exits (recall that an access is aVTPR access only if the “use TPR shadow” VM-execution control is 1).21.5.3.1Treatment of Individual VTPR AccessesThe following items detail the treatment of VTPR accesses:•VTPR read accesses.
Such an access completes normally (reading data from thefield at offset 128 on the virtual-APIC page).The following items detail certain instructions that are considered to performread accesses and how they behavior when accessing the VTPR:— A VTPR access using the CLFLUSH instruction flushes data for offset 128 onthe virtual-APIC page.— A VTPR access using the LMSW instruction may cause a VM exit due to theCR0 guest/host mask and the CR0 read shadow.— A VTPR access using the MONITOR instruction causes the logical processor tomonitor offset 128 on the virtual-APIC page.— A VTPR access using the PREFETCH instruction may prefetch data; if so, it isfrom offset 128 on the virtual-APIC page.•VTPR write accesses.
Such an access completes normally (writing data to thefield at offset 128 on the virtual-APIC page) and causes a TPR-shadow update(see Section 21.5.3.3).The following items detail certain instructions that are considered to performwrite accesses and how they behavior when accessing the VTPR:— The ENTER instruction is considered to write to VTPR if the byte referenced bythe final value of the stack pointer is at offset 128 on the APIC-access pageVol. 3 21-15VMX NON-ROOT OPERATION(even though ENTER does not write to that byte if its size operand is nonzero).
The instruction is followed by a TPR-shadow update.— A VTPR access using the SMSW instruction stores data determined by thecurrent CR0 contents, the CR0 guest/host mask, and the CR0 read shadow.The instruction is followed by a TPR-shadow update.21.5.3.2Operations with Multiple AccessesSome operations may access multiple addresses. These operations include theexecution of some instructions and the delivery of events through the IDT (includingthose injected with VM entry).
In some cases, the Intel® 64 architecture specifies theordering of these memory accesses. The following items describe the treatment ofVTPR accesses that are part of such multi-access operations:•Read-modify-write instructions may first perform a VTPR read access and then aVTPR write access. Both accesses complete normally (as described in Section21.5.3.1). The instruction is followed by a TPR-shadow update (see Section21.5.3.3).•Some operations may perform a VTPR write access and subsequently cause afault.
This situation is treated as follows:— If the fault leads to a VM exit, no TPR-shadow update occurs.— If the fault does not lead to a VM exit, a TPR-shadow update occurs after faultdelivery completes and before execution of the fault handler.•If an operation includes a VTPR access and an access to some other field on theAPIC-access page, the latter access causes an APIC-access VM exit as describedin Section 21.2.If the operation performs a VTPR write access before the APIC-access VM exit,there is no TPR-shadow update.•Suppose that the first iteration of a repeated string instruction (including OUTS)that accesses the APIC-access page performs a VTPR read access and that thenext iteration would read from the APIC-access page using an offset other than128.
The following items describe the behavior of the logical processor:— The iteration that performs the VTPR read access completes successfully,reading data from offset 128 on the virtual-APIC page.— The iteration that would read from the other offset causes an APIC-accessVM exit. The instruction pointer saved in the VMCS references the repeatedstring instruction and the values of the general-purpose registers are suchthat iteration would be repeated if the instruction were restarted.•Suppose that the first iteration of a repeated string instruction (including INS)that accesses the APIC-access page performs a VTPR write access and that thenext iteration would write to the APIC-access page using an offset other than128.
The following items describe the behavior of the logical processor:21-16 Vol. 3VMX NON-ROOT OPERATION— The iteration that performs the VTPR write access writes data to offset 128 onthe virtual-APIC page. The write is followed by a TPR-shadow update, whichmay cause a VM exit (see Section 21.5.3.3).••If the TPR-shadow update does cause a VM exit, the instruction pointersaved in the VMCS references the repeated string instruction and thevalues of the general-purpose registers are such that the next iterationwould be performed if the instruction were restarted.•If the TPR-shadow update does not cause a VM exit, the iteration thatwould write to the other offset causes an APIC-access VM exit. Theinstruction pointer saved in the VMCS references the repeated stringinstruction and the values of the general-purpose registers are such thatthat iteration would be repeated if the instruction were restarted.Suppose that the last iteration of a repeated string instruction (including INS)performs a VTPR write access.
The iteration writes data to offset 128 on thevirtual-APIC page. The write is followed by a TPR-shadow update, which maycause a VM exit (see Section 21.5.3.3). If it does, the instruction pointer saved inthe VMCS references the instruction after the string instruction and the values ofthe general-purpose registers reflect completion of the string instruction.21.5.3.3TPR-Shadow UpdatesIf the “use TPR shadow” and “virtualize APIC accesses” VM-execution controls areboth 1, a logical processor performs certain actions after any operation (or iterationof a repeated string instruction) with a VTPR write access. These actions are called aTPR-shadow update.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
