Volume 3B System Programming Guide_ Part 2 (794104), страница 48
Текст из файла (страница 48)
Format of the VM-Exit Instruction-Information Field as Used forVMCLEAR, VMPTRLD, VMPTRST, VMREAD, VMWRITE, and VMXONBit Position(s) Content1:0Scaling:0: no scaling1: scale by 22: scale by 43: scale by 8 (used only on processors that support Intel 64 architecture)Undefined for register instructions (bit 10 is set) or for memory instructions withno index register (bit 10 is clear and bit 22 is set).2Reserved (cleared to 0)Vol. 3 23-15VM EXITSTable 23-7. Format of the VM-Exit Instruction-Information Field as Used forVMCLEAR, VMPTRLD, VMPTRST, VMREAD, VMWRITE, and VMXON (Contd.)Bit Position(s) Content6:3Reg1:0 = RAX1 = RCX2 = RDX3 = RBX4 = RSP5 = RBP6 = RSI7 = RDI8–15 represent R8–R15, respectively (used only on processors that support Intel64 architecture)Undefined for memory instructions (bit 10 is clear).9:7Address size:0: 16-bit1: 32-bit2: 64-bit (used only on processors that support Intel 64 architecture)Other values not used.
Undefined for register instructions (bit 10 is set).10Mem/Reg (0 = memory; 1 = register)Note that VMCLEAR, VMPTRLD, VMPTRST, and VMXON are always memoryinstructions and thus clear this bit.14:11Reserved (cleared to 0)17:15Segment register:0: ES1: CS2: SS3: DS4: FS5: GSOther values unused.Undefined for register instructions (bit 10 is set).21:18IndexReg (encoded as Reg1 above)Undefined if bit 22 is set or undefined.22IndexReg invalid (0 = valid; 1 = invalid)Undefined for register instructions (bit 10 is set).23-16 Vol.
3VM EXITSTable 23-7. Format of the VM-Exit Instruction-Information Field as Used forVMCLEAR, VMPTRLD, VMPTRST, VMREAD, VMWRITE, and VMXON (Contd.)Bit Position(s) Content26:23BaseReg (encoded as Reg1 above)Undefined if bit 27 is set or undefined.27BaseReg invalid (0 = valid; 1 = invalid)31:28Reg2 (same encoding as Reg1 above)Undefined for register instructions (bit 10 is set).Undefined on VM exits due to VMCLEAR, VMPTRLD, VMPTRST, and VMXON.— For VM exits due to attempts to execute INS or OUTS on some processors,this field receives information about the instruction that caused the VM exitand has the format is given in Table 23-8.1Table 23-8.
Format of the VM-Exit Instruction-Information Field as Used for INS andOUTSBit Position(s) Content1:0Undefined.2Reserved (cleared to 0).6:3Undefined.9:7Address size:0: 16-bit1: 32-bit2: 64-bit (used only on processors that support Intel 64 architecture)Other values not used.10Undefined.14:11Reserved (cleared to 0)1. Whether the processor provides this information on these VM exits can be determined by consulting the VMX capability MSR IA32_VMX_BASIC (see Appendix G.1).Vol.
3 23-17VM EXITSTable 23-8. Format of the VM-Exit Instruction-Information Field as Used for INS andOUTS (Contd.)Bit Position(s) Content17:15Segment register:0: ES1: CS2: SS3: DS4: FS5: GSOther values unused.Undefined for INS.31:18Undefined.— For all other VM exits, the field is undefined.•I/O RCX, I/O RSI, I/O RDI, I/O RIP. These fields are undefined except forSMM VM exits due to system-management interrupts (SMIs) that arriveimmediately after retirement of I/O instructions. See Section 24.16.2.3.23.3SAVING GUEST STATEEach field in the guest-state area of the VMCS (see Section 20.4) is written with thecorresponding component of processor state.
On processors that support Intel 64architecture, the full values of each natural-width field (see Section 20.10.2) is savedregardless of the mode of the logical processor before and after the VM exit.In general, the state saved is that which was in the logical processor at the time theVM exit commences. See Section 23.1 for a discussion of which architectural updatesoccur at that time.Section 23.3.1 through Section 23.3.4 provide details for how certain components ofprocessor state are saved. These sections reference VMCS fields that correspond toprocessor state. Unless otherwise stated, these references are to fields in the gueststate area.23.3.1Saving Control Registers, Debug Registers, and MSRsThe contents of CR0, CR3, CR4, DR7, and the IA32_DEBUGCTL,IA32_SYSENTER_CS, IA32_SYSENTER_ESP, and IA32_SYSENTER_EIP MSRs aresaved into the corresponding fields.
Bits 63:32 of the IA32_SYSENTER_CS MSR arenot saved. On processors that do not support Intel 64 architecture, bits 63:32 of theIA32_SYSENTER_ESP and IA32_SYSENTER_EIP MSRs are not saved.23-18 Vol. 3VM EXITSThe value of the SMBASE field is undefined after all VM exits except SMM VM exits.See Section 24.16.2.23.3.2Saving Segment Registers and Descriptor-Table RegistersFor each segment register (CS, SS, DS, ES, FS, GS, LDTR, or TR), the values savedfor the base-address, segment-limit, and access rights are based on whether theregister was unusable (see Section 20.4.1) before the VM exit:•If the register was unusable, the values saved into the following fields areundefined: (1) base address; (2) segment limit; and (3) bits 7:0 and bits 15:12in the access-rights field. The following exceptions apply:— CS.••The base-address and segment-limit fields are saved.The L, D, and G bits are saved in the access-rights field.— SS.••DPL is saved in the access-rights field.On processors that support Intel 64 architecture, bits 63:32 of the valuesaved for the base address are always zero.— DS and ES.
On processors that support Intel 64 architecture, bits 63:32 ofthe values saved for the base addresses are always zero.— FS and GS. The base-address field is saved.— LDTR. The value saved for the base address is always canonical.•If the register was not unusable, the values saved into the following fields arethose which were in the register before the VM exit: (1) base address;(2) segment limit; and (3) bits 7:0 and bits 15:12 in access rights.•Bits 31:17 and 11:8 in the access-rights field are always cleared. Bit 16 is set to1 if and only if the segment is unusable.The contents of the GDTR and IDTR registers are saved into the corresponding baseaddress and limit fields.23.3.3Saving RIP, RSP, and RFLAGSThe contents of the RIP, RSP, and RFLAGS registers are saved as follows:•The value saved in the RIP field is determined by the nature and cause of theVM exit:— If the VM exit occurs due to by an attempt to execute an instruction thatcauses VM exits unconditionally or that has been configured to cause aVM exit via the VM-execution controls, the value saved references thatinstruction.Vol.
3 23-19VM EXITS— If the VM exit is caused by an occurrence of an INIT signal, a start-up IPI(SIPI), or system-management interrupt (SMI), the value saved is that whichwas in RIP before the event occurred.— If the VM exit occurs due to the 1-setting of either the “interrupt-windowexiting” VM-execution control or the “NMI-window exiting” VM-executioncontrol, the value saved is that which would be in the register had the VM exitnot occurred.— If the VM exit is due to an external interrupt, non-maskable interrupt (NMI),or hardware exception (as defined in Section 23.2.2), the value saved is thereturn pointer that would have been saved (either on the stack had the eventbeen delivered through a trap or interrupt gate,1 or into the old task-statesegment had the event been delivered through a task gate).— If the VM exits is due to a triple fault, the value saved is the return pointerthat would have been saved (either on the stack had the event been deliveredthrough a trap or interrupt gate,1 or into the old task-state segment had theevent been delivered through a task gate) had delivery of the double fault notencountered the nested exception that caused the triple fault.— If the VM exit is due to a software exception (due to an execution of INT3 orINTO), the value saved references the INT3 or INTO instruction that causedthat exception.— Suppose that the VM exit is due to a task switch that was caused by executionof CALL, IRET, or JMP or by execution of a software interrupt (INT n) orsoftware exception (due to execution of INT3 or INTO) that encountered atask gate in the IDT.
The value saved references the instruction that causedthe task switch (CALL, IRET, JMP, INT n, INT3, or INTO).— Suppose that the VM exit is due to a task switch that was caused by a taskgate in the IDT that was encountered for any reason except the direct accessby a software interrupt or software exception. The value saved is that whichwould have been saved in the old task-state segment had the task switchcompleted normally.— If the VM exit is due to a MOV to CR8 that reduced the value of the TPRshadow2 below that of TPR threshold VM-execution control field, the valuesaved references the instruction following the MOV to CR8.
(Such VM exitscan occur only from 64-bit mode and thus only on processors that supportIntel 64 architecture.)— If the VM exit was caused by a TPR-shadow update (see Section 21.5.3.3)that results from an APIC access as part of instruction execution, the value1. The reference here is to the full value of RIP before any truncation that would occur had thestack width been only 32 bits or 16 bits.2. The TPR shadow is bits 7:4 of the byte at offset 128 of the virtual-APIC page (see Section20.6.8).23-20 Vol. 3VM EXITSsaved references the instruction following the one whose execution causedthe VTPR access.••The contents of the RSP register are saved into the RSP field.With the exception of the RF (bit 16), the contents of the RFLAGS register issaved into the RFLAGS field.
The RF is saved as follows:— If the VM exit is caused directly by an event that would normally be deliveredthrough the IDT, the value saved is that which would appear in the savedRFLAGS image (either that which would be saved on the stack had the eventbeen delivered through a trap or interrupt gate1 or into the old task-statesegment had the event been delivered through a task gate) had the eventbeen delivered through the IDT. See below for VM exits due to task switchescaused by task gates in the IDT.— If the VM exit is caused by a triple fault, the value saved is that which thelogical processor would have in RF in the RFLAGS register had the triple faulttaken the logical processor to the shutdown state.— If the VM exit is caused by a task switch (including one caused by a task gatein the IDT), the value saved is that which would have been saved in theRFLAGS image in the old task-state segment (TSS) had the task switchcompleted normally without exception.— If the VM exit is caused by an attempt to execute an instruction that unconditionally causes VM exits or one that was configured to do with a VM-executioncontrol, the value saved is 0.2— For APIC-access VM exits, the value saved is determined based on bits 13:12(access type) in the exit qualification (see Section 23.2.1):•0 (data read during instruction execution), 1 (data write duringinstruction execution), or 2 (instruction fetch): the value saved as 1.•3 (access during event delivery): the value saved is the value that wouldhave appeared in the saved RFLAGS image had the event been deliveredthrough the IDT.— For all other VM exits, the value saved is the value RFLAGS.RF had before theVM exit occurred.1.
The reference here is to the full value of RFLAGS before any truncation that would occur had thestack width been only 32 bits or 16 bits.2. This is true even if RFLAGS.RF was 1 before the instruction was executed. If, in response to sucha VM exit, a VM monitor re-enters the guest to re-execute the instruction that caused theVM exit (for example, after clearing the VM-execution control that caused the VM exit), theinstruction may encounter a code breakpoint that has already been processed.
A VM monitor canavoid this by setting the guest value of RFLAGS.RF to 1 before resuming guest software.Vol. 3 23-21VM EXITS23.3.4Saving Non-Register StateInformation corresponding to guest non-register state is saved as follows:•The activity-state field is saved with the logical processor’s activity state beforethe VM exit.1 See Section 23.1 for details of how events leading to a VM exit mayaffect the activity state.•The interruptibility-state field is saved to reflect the logical processor’s interruptibility before the VM exit. See Section 23.1 for details of how events leading to aVM exit may affect this state.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
