Volume 3B System Programming Guide_ Part 2 (794104), страница 39
Текст из файла (страница 39)
On processorsthat support Intel 64 architecture, the address should not set any bits beyondthe processor’s physical-address width.1 On processors that do not supportIntel 64 architecture, the address should not set any bits in the range 63:32.1. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX.
The physical-address width is returned in bits 7:0 of EAX.22-6 Vol. 3VM ENTRIES— On processors that support Intel 64 architecture, the address of the last bytein the VM-entry MSR-load area should not set any bits beyond the processor’sphysical-address width.
On processors that do not support Intel 64 architecture, the address of the last byte in the VM-entry MSR-load area shouldnot set any bits in the range 63:32. The address of this last byte is VM-entryMSR-load address + (MSR count * 16) – 1. (The arithmetic used for thecomputation uses more bits than the processor’s physical-address width.)•If the processor is not in SMM, the “entry to SMM” and “deactivate dual-monitortreatment” VM-entry controls must be 0.•The “entry to SMM” and “deactivate dual-monitor treatment” VM-entry controlscannot both be 1.22.2.2Checks on Host Control Registers and MSRsThe following checks are performed on fields in the host-state area that correspondto control registers and MSRs:•The CR0 field must not set any bit to a value not supported in VMX operation (seeSection 19.8).1•The CR4 field must not set any bit to a value not supported in VMX operation (seeSection 19.8).•On processors that support Intel 64 architecture, the CR3 field must be such thatbits 63:52 and bits in the range 51:32 beyond the processor’s physical-addresswidth must be 0.2•On processors that support Intel 64 architecture, the IA32_SYSENTER_ESP fieldand the IA32_SYSENTER_EIP field must each contain a canonical address.22.2.3Checks on Host Segment and Descriptor-Table RegistersThe following checks are performed on fields in the host-state area that correspondto segment and descriptor-table registers:•In the selector field for each of CS, SS, DS, ES, FS, GS and TR, the RPL (bits 1:0)and the TI flag (bit 2) must be 0.••The selector fields for CS and TR cannot be 0000H.The selector field for SS cannot be 0000H if the “host address-space size” VM-exitcontrol is 0.1.
The bits corresponding to NW (bit 29) and CD (bit 30) are never checked because the values ofthese bits are not changed by VM exit; see Section 23.5.1.2. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX. The physical-address width is returned in bits 7:0 of EAX.Vol. 3 22-7VM ENTRIES•On processors that support Intel 64 architecture, the base-address fields for FS,GS, GDTR, IDTR, and TR must contain canonical addresses.22.2.4Checks Related to Address-Space SizeOn processors that support Intel 64 architecture, the following checks related toaddress-space size are performed on VMX controls and fields in the host-state area:•If the logical processor is outside IA-32e mode (if IA32_EFER.LMA = 0) at thetime of VM entry, the following must hold:— The “IA-32e mode guest” VM-entry control is 0.— The “host address-space size” VM-exit control is 0.•If the logical processor is in IA-32e mode (if IA32_EFER.LMA = 1) at the time ofVM entry, the “host address-space size” VM-exit control must be 1.•If the “host address-space size” VM-exit control is 0, the following must hold:— The “IA-32e mode guest” VM-entry control is 0.— Bits 63:32 in the RIP field is 0.•If the “host address-space size” VM-exit control is 1, the following must hold:— Bit 5 of the CR4 field (corresponding to CR4.PAE) is 1.— The RIP field contains a canonical address.On processors that do not support Intel 64 architecture, checks are performed toensure that the “IA-32e mode guest” VM-entry control and the “host address-spacesize” VM-exit control are both 0.22.3 CHECKING AND LOADING GUEST STATEIf all checks on the VMX controls and the host-state area pass (see Section 22.2), thefollowing operations take place concurrently: (1) the guest-state area of the VMCS ischecked to ensure that, after the VM entry completes, the state of the logicalprocessor is consistent with IA-32 and Intel 64 architectures; (2) processor state isloaded from the guest-state area or as specified by the VM-entry control fields; and(3) address-range monitoring is cleared.Because the checking and the loading occur concurrently, a failure may be discovered only after some state has been loaded.
For this reason, the logical processorresponds to such failures by loading state from the host-state area, as it would for aVM exit. See Section 22.7.22-8 Vol. 3VM ENTRIES22.3.1Checks on the Guest State AreaThis section describes checks performed on fields in the guest-state area. Thesechecks may be performed in any order. The following subsections reference fieldsthat correspond to processor state. Unless otherwise stated, these references are tofields in the guest-state area.22.3.1.1Checks on Guest Control Registers, Debug Registers, and MSRsThe following checks are performed on fields in the guest-state area corresponding tocontrol registers, debug registers, and MSRs:•The CR0 field must not set any bit to a value not supported in VMX operation(see Section 19.8).1•The CR4 field must not set any bit to a value not supported in VMX operation(see Section 19.8).••Bits reserved in the IA32_DEBUGCTL MSR must be 0 in the field for that register.The following checks are performed on processors that support Intel 64 architecture:— If the “IA-32e mode guest” VM-entry control is 1, bit 5 in the CR4 field (corresponding to CR4.PAE) must be 1.— The CR3 field must be such that bits 63:52 and bits in the range 51:32beyond the processor’s physical-address width are 0.2— Bits 63:32 in the DR7 field must be 0.— The IA32_SYSENTER_ESP field and the IA32_SYSENTER_EIP field must eachcontain a canonical address.22.3.1.2Checks on Guest Segment RegistersThis section specifies the checks on the fields for CS, SS, DS, ES, FS, GS, TR, andLDTR.
The following terms are used in defining these checks:•The guest will be virtual-8086 if the VM flag (bit 17) is 1 in the RFLAGS field inthe guest-state area.•The guest will be IA-32e mode if the “IA-32e mode guest” VM-entry control is 1.(This is possible only on processors that support Intel 64 architecture.)•Any one of these registers is said to be usable if the unusable bit (bit 16) is 0 inthe access-rights field for that register.1. The bits corresponding to NW (bit 29) and CD (bit 30) are never checked because the values ofthese bits are not changed by VM entry; see Section 22.3.2.1.2. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX. The physical-address width is returned in bits 7:0 of EAX.Vol.
3 22-9VM ENTRIESThe following are the checks on these fields:•Selector fields.— TR. The TI flag (bit 2) must be 0.— LDTR. If LDTR is usable, the TI flag (bit 2) must be 0.— SS. If the guest will not be virtual-8086, the RPL (bits 1:0) must equal theRPL of the selector field for CS.•Base-address fields.— CS, SS, DS, ES, FS, GS. If the guest will be virtual-8086, the address must bethe selector field shifted right 4 bits.— The following checks are performed on processors that support Intel 64 architecture:••••TR, FS, GS. The address must be canonical.LDTR.
If LDTR is usable, the address must be canonical.CS. Bits 63:32 of the address must be zero.SS, DS, ES. If the register is usable, bits 63:32 of the address must bezero.•Limit fields for CS, SS, DS, ES, FS, GS. If the guest will be virtual-8086, the fieldmust be 0000FFFFH.•Access-rights fields.— CS, SS, DS, ES, FS, GS.•If the guest will be virtual-8086, the field must be 000000F3H. Note thatthis implies the following:— Bits 3:0 (Type) must be 3, indicating an expand-up read/writeaccessed data segment.— Bit 4 (S) must be 1.— Bits 6:5 (DPL) must be 3.— Bit 7 (P) must be 1.— Bits 11:8 (reserved), bit 12 (software available), bit 13 (reserved/L),bit 14 (D/B), bit 15 (G), bit 16 (unusable), and bits 31:17 (reserved)must all be 0.•If the guest will not be virtual-8086, the different sub-fields areconsidered separately:— Bits 3:0 (Type).22-10 Vol. 3•CS. Bit 0 of the Type must be 1 (accessed) and bit 3 of the Typemust be 1 (code segment).•SS.
If SS is usable, the Type must be 3 or 7 (read/write,accessed data segment).VM ENTRIES•DS, ES, FS, GS. The following checks apply if the register isusable:— Bit 0 of the Type must be 1 (accessed).— If bit 3 of the Type is 1 (code segment), then bit 1 of theType must be 1 (readable).— Bit 4 (S). If the register is CS or if the register is usable, S mustbe 1.— Bits 6:5 (DPL).•CS.— If the Type is in the range 8–11 (non-conforming codesegment), the DPL must equal the RPL (bits 1:0) from theselector field.— If the Type is in the range 12–15 (conforming codesegment), the DPL cannot be greater than the RPL from theselector field.••SS. The DPL must equal the RPL from the selector fieldDS, ES, FS, GS.
If the register is usable and the register’s Type isin the range 0 – 11 (data segment or non-conforming codesegment), then the DPL cannot be less than the RPL from theselector field— Bit 7 (P). If the register is CS or if the register is usable, P must be 1.— Bits 11:8 (reserved). If the register is CS or if the register is usable,these bits must all be 0.— Bit 14 (D/B). For CS, D/B must be 0 if the guest will be IA-32e modeand the L bit (bit 13) in the access-rights field is 1.— Bit 15 (G). The following checks apply if the register is CS or if theregister is usable:••If any bit in the limit field in the range 11:0 is 0, G must be 0.If any bit in the limit field in the range 31:20 is 1, G must be 1.— Bits 31:17 (reserved).
If the register is CS or if the register isusable, these bits must all be 0.— TR. The different sub-fields are considered separately:•Bits 3:0 (Type).— If the guest will not be IA-32e mode, the Type must be 3 (16-bitbusy TSS) or 11 (32-bit busy TSS).— If the guest will be IA-32e mode, the Type must be 11 (64-bit busyTSS).•Bit 4 (S). S must be 0.Vol.
3 22-11VM ENTRIES•••Bit 7 (P). P must be 1.Bits 11:8 (reserved). These bits must all be 0.Bit 15 (G).— If any bit in the limit field in the range 11:0 is 0, G must be 0.— If any bit in the limit field in the range 31:20 is 1, G must be 1.••Bit 16 (Unusable). The unusable bit must be 0.Bits 31:17 (reserved). These bits must all be 0.— LDTR. The following checks on the different sub-fields apply only if LDTR isusable:•••••Bits 3:0 (Type).
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
