Volume 3B System Programming Guide_ Part 2 (794104), страница 38
Текст из файла (страница 38)
If the current privilege level (CPL) is not zero, a general-protection exception isgenerated.3. If there is no current VMCS, RFLAGS.CF is set to 1 and control passes to the nextinstruction.4. If there is a current VMCS, the following conditions are evaluated in order; any ofthese cause VM entry to fail:a. if there is MOV-SS blocking (see Table 20-3)b. if the VM entry is invoked by VMLAUNCH and the VMCS launch state is notclearc.if the VM entry is invoked by VMRESUME and the VMCS launch state is notlaunchedIf any of these checks fail, RFLAGS.ZF is set to 1 and control passes to the nextinstruction.
An error number indicating the cause of the failure is stored in theVM-instruction error field. See Appendix J for the error numbers.22-2 Vol. 3VM ENTRIES22.2CHECKS ON VMX CONTROLS AND HOST-STATE AREAIf the checks in Section 22.1 do not cause VM entry to fail, the control and host-stateareas of the VMCS are checked to ensure that they are proper for supporting VMXnon-root operation, that the VMCS is correctly configured to support the nextVM exit, and that, after the next VM exit, the processor’s state is consistent with theIntel 64 and IA-32 architectures.VM entry fails if any of these checks fail.
When such failures occur, control is passedto the next instruction, RFLAGS.ZF is set to 1 to indicate the failure, and theVM-instruction error field is loaded with an error number that indicates whether thefailure was due to the controls or the host-state area (see Appendix J).These checks may be performed in any order. Thus, an indication by error number ofone cause (for example, host state) does not imply that there are not also othererrors. Different processors may thus give different error numbers for the sameVMCS.The checks on the controls and the host-state area are presented in Section 22.2.1through Section 22.2.4.
These sections reference VMCS fields that correspond toprocessor state. Unless otherwise stated, these references are to fields in the hoststate area.22.2.1Checks on VMX ControlsThis section identifies VM-entry checks on the VMX control fields.22.2.1.1VM-Execution Control FieldsVM entries perform the following checks on the VM-execution control fields:1•Reserved bits in the pin-based VM-execution controls must be set properly.Software may consult the VMX capability MSR IA32_VMX_PINBASED_CTLS todetermine the proper settings (see Appendix G.2).•Reserved bits in the primary processor-based VM-execution controls must be setproperly. Software may consult the VMX capability MSRIA32_VMX_PROCBASED_CTLS to determine the proper settings (see AppendixG.2).•If the “activate secondary controls” primary processor-based VM-executioncontrol is 1, reserved bits in the secondary processor-based VM-executioncontrols must be set properly.
Software may consult the VMX capability MSRIA32_VMX_PROCBASED_CTLS2 to determine the proper settings (see AppendixG.2).1. Each secondary processor-based VM-execution controls is considered to be 0 if the “activate secondary controls” primary processor-based VM-execution control is 0.Vol. 3 22-3VM ENTRIESIf the “activate secondary controls” primary processor-based VM-executioncontrol is 0 (or if the processor does not support the 1-setting of that control),no checks are performed on the secondary processor-based VM-executioncontrols.
The logical processor operates as if all the secondary processor-basedVM-execution controls were 0.•The CR3-target count must not be greater than 4. Future processors may supporta different number of CR3-target values. Software should read the VMX capabilityMSR IA32_VMX_MISC to determine the number of values supported (seeAppendix G.5).•If the “use I/O bitmaps” VM-execution control is 1, bits 11:0 of each I/O-bitmapaddress must be 0. On processors that support Intel 64 architecture, neitheraddress should set any bits beyond the processor’s physical-address width.1 Onprocessors that do not support Intel 64 architecture, neither address should setany bits in the range 63:32.•If the “use TPR shadow” VM-execution control is 1, the virtual-APIC address mustsatisfy the following checks:— Bits 11:0 of the address must be 0.— On processors that support Intel 64 architecture, the address should not setany bits beyond the processor's physical-address width.— On processors that support the IA-32 architecture, the address should not setany bits in the range 63:32.The following items describe the treatment of bytes 81H-83H on the virtualAPIC page (see Section 20.6.8) if all of the above checks are satisfied and the“use TPR shadow” VM-execution control is 1:— If the “virtualize APIC accesses” VM-execution control is 0, the bytes may becleared.
(If the bytes are not cleared, they are left unmodified.)— If the “virtualize APIC accesses” VM-execution control is 1, the bytes arecleared.— Any clearing of the bytes occurs even if the VM entry subsequently fails.•If the “use TPR shadow” VM-execution control is 1, bits 31:4 of the TPR thresholdVM-execution control field must be 0.•The following check is performed if the “use TPR shadow” VM-execution control is1 and the “virtualize APIC accesses” VM-execution control is 0: the value ofbits 3:0 of the TPR threshold VM-execution control field should not be greaterthan the value of bits 7:4 in byte 80H on the virtual-APIC page (see Section20.6.8).•If the “NMI exiting” VM-execution control is 0, the “virtual NMIs” VM-executioncontrol must be 0.1. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX. The physical-address width is returned in bits 7:0 of EAX.22-4 Vol.
3VM ENTRIES•If the “virtual NMIs” VM-execution control is 0, the “NMI-window exiting” VMexecution control must be 0.•If the “virtualize APIC-accesses” VM-execution control is 1, the APIC-accessaddress must satisfy the following checks:1— Bits 11:0 of the address must be 0.— On processors that support Intel 64 architecture, the address should not setany bits beyond the processor's physical-address width.— On processors that support the IA-32 architecture, the address should not setany bits in the range 63:32.22.2.1.2VM-Exit Control FieldsVM entries perform the following checks on the VM-exit control fields.•Reserved bits in the VM-exit controls must be set properly. Software may consultthe VMX capability MSR IA32_VMX_EXIT_CTLS to determine the proper settings(see Appendix G.3).•The following checks are performed for the VM-exit MSR-store address if theVM-exit MSR-store count field is non-zero:— The lower 4 bits of the VM-exit MSR-store address must be 0.
On processorsthat support Intel 64 architecture, the address should not set any bits beyondthe processor’s physical-address width.2 On processors that do not supportIntel 64 architecture, the address should not set any bits in the range 63:32.— On processors that support Intel 64 architecture, the address of the last bytein the VM-exit MSR-store area should not set any bits beyond the processor’sphysical-address width.
On processors that do not support Intel 64 architecture, the address of the last byte in the VM-exit MSR-store area should notset any bits in the range 63:32. The address of this last byte is VM-exit MSRstore address + (MSR count * 16) – 1. (The arithmetic used for thecomputation uses more bits than the processor’s physical-address width.)•The following checks are performed for the VM-exit MSR-load address if theVM-exit MSR-load count field is non-zero:— The lower 4 bits of the VM-exit MSR-load address must be 0.
On processorsthat support Intel 64 architecture, the address should not set any bits beyondthe processor’s physical-address width. On processors that do not supportIntel 64 architecture, the address should not set any bits in the range 63:32.1. Because “virtualize APIC accesses” is a secondary processor-based VM-execution control, it isconsidered to be 0 if the “activate secondary controls” primary processor-based VM-executioncontrol is 0.2. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX. The physical-address width is returned in bits 7:0 of EAX.Vol.
3 22-5VM ENTRIES— On processors that support Intel 64 architecture, the address of the last bytein the VM-exit MSR-load area should not set any bits beyond the processor’sphysical-address width. On processors that do not support Intel 64 architecture, the address of the last byte in the VM-exit MSR-load area should notset any bits in the range 63:32. The address of this last byte is VM-exit MSRload address + (MSR count * 16) – 1. (The arithmetic used for thecomputation uses more bits than the processor’s physical-address width.)22.2.1.3VM-Entry Control FieldsVM entries perform the following checks on the VM-entry control fields.•Reserved bits in the VM-entry controls must be set properly. Software mayconsult the VMX capability MSR IA32_VMX_ENTRY_CTLS to determine the propersettings (see Appendix G.4).•Fields relevant to VM-entry event injection must be set properly.
These fields arethe VM-entry interruption-information field (see Table 20-11), the VM-entryexception error code, and the VM-entry instruction length. If the valid bit (bit 31)in the VM-entry interruption-information field is 1, the following must hold:— The field’s interruption type (bits 10:8) is not set to a reserved value (1 or 7).— The field’s vector (bits 7:0) is consistent with the interruption type:••If the interruption type is non-maskable interrupt (NMI), the vector is 2.If the interruption type is hardware exception, the vector is at most 31.— The field’s deliver-error-code bit (bit 11) is 1 if and only if the interruptiontype is hardware exception and the vector indicates an exception that wouldnormally deliver an error code (8 = #DF; 10 = TS; 11 = #NP; 12 = #SS;13 = #GP; 14 = #PF; or 17 = #AC).— Reserved bits in the field (30:12) are 0.— If the deliver-error-code bit (bit 11) is 1, bits 31:15 of the VM-entryexception error-code field are 0.— If the interruption type is software interrupt, software exception, orprivileged software exception, the VM-entry instruction-length field is in therange 1–15.•The following checks are performed for the VM-entry MSR-load address if theVM-entry MSR-load count field is non-zero:— The lower 4 bits of the VM-entry MSR-load address must be 0.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
