Volume 3B System Programming Guide_ Part 2 (794104), страница 49
Текст из файла (страница 49)
VM exits that end outside system-managementmode (SMM) save bit 2 (blocking by SMI) as 0 regardless of the state of suchblocking before the VM exit.Bit 3 (blocking by NMI) is treated specially if the “virtual NMIs” VM-executioncontrol is 1. In this case, the value saved for this field does not indicate theblocking of NMIs but rather the state of virtual-NMI blocking.•The pending debug exceptions field is saved as clear for all VM exits except thefollowing:— A VM exit caused by an INIT signal, a machine-check exception, or a systemmanagement interrupt (SMI), or VM exit with basic exit reason “TPR belowthreshold.”— VM exits that are not caused by debug exceptions and that occur while thereis MOV-SS blocking of debug exceptions.For VM exits that do not clear the field, the value saved is determined as follows:— Each of bits 3:0 may be set if it corresponds to a matched breakpoint. Thismay be true even if the corresponding breakpoint is not enabled in DR7.— Suppose that a VM exit is due to an INIT signal, a machine-check exception,or an SMI; or that a VM exit has basic exit reason “TPR below threshold.” Inthis case, the value saved sets bits corresponding to the causes of any debugexceptions that were pending at the time of the VM exit.
If an INIT signal,machine check, or SMI occurs immediately after VM entry, the value savedmay match that which was loaded on VM entry (see Section 22.6.3).Otherwise, the following items apply:•Bit 12 (enabled breakpoint) is set to 1 if there was at least one matcheddata or I/O breakpoint that was enabled in DR7. Bit 12 is also set if it hadbeen set on VM entry, causing there to be valid pending debug exceptions(see Section 22.6.3) and the VM exit occurred before those exceptionswere either delivered or lost.
In other cases, bit 12 is cleared to 0.•Bit 14 (BS) is set if RFLAGS.TF = 1 in either of the following cases:•IA32_DEBUGCTL.BTF = 0 and the cause of a pending debugexception was the execution of a single instruction.1. If this activity state was an inactive state resulting from execution of a specific instruction (HLTor MWAIT), the value saved for RIP by that VM exit will reference the following instruction.23-22 Vol. 3VM EXITS•IA32_DEBUGCTL.BTF = 1 and the cause of a pending debugexception was a taken branch.— Suppose that a VM exit is due to another reason (but not a debug exception)and occurs while there is MOV-SS blocking of debug exceptions.
In this case,the value saved sets bits corresponding to the causes of any debugexceptions that were pending at the time of the VM exit. If the VM exit occursimmediately after VM entry (no instructions were executed in VMX non-rootoperation), the value saved may match that which was loaded on VM entry(see Section 22.6.3). Otherwise, the following items apply:•Bit 12 (enabled breakpoint) is set to 1 if there was at least one matcheddata or I/O breakpoint that was enabled in DR7. Bit 12 is also set if it hadbeen set on VM entry, causing there to be valid pending debug exceptions(see Section 22.6.3) and the VM exit occurred before those exceptionswere either delivered or lost.
In other cases, bit 12 is cleared to 0.•The setting of bit 14 (BS) is implementation-specific. However, it is notset if RFLAGS.TF = 0 or IA32_DEBUGCTL.BTF = 1.— The reserved bits in the field are cleared.23.4SAVING MSRSAfter processor state is saved to the guest-state area, values of MSRs may be storedinto the VM-exit MSR-store area (see Section 20.7.2). Specifically each entry in thatarea (up to the number specified in the VM-exit MSR-store count) is processed inorder by storing the value of the MSR indexed by bits 31:0 (as they would be read byRDMSR) into bits 127:64. Processing of an entry fails in either of the following cases:•The value of bits 31:0 indicates an MSR that can be read only in systemmanagement mode (SMM) and the VM exit will not end in SMM.•The value of bits 31:0 indicates an MSR that cannot be saved on VM exits formodel-specific reasons.
A processor may prevent certain MSRs (based on thevalue of bits 31:0) from being stored on VM exits, even if they can normally beread by RDMSR. Such model-specific behavior is documented in Appendix B.••Bits 63:32 of the entry are not all 0.An attempt to read the MSR indexed by bits 31:0 would cause a generalprotection exception if executed via RDMSR with CPL = 0.A VMX abort occurs if processing fails for any entry. See Section 23.7.Vol. 3 23-23VM EXITS23.5LOADING HOST STATEProcessor state is updated on VM exits in the following ways:•Some state is loaded from or otherwise determined by the contents of the hoststate area.•••Some state is determined by VM-exit controls.Some state is established in the same way on every VM exit.The page-directory pointers are loaded based on the values of certain controlregisters.This loading may be performed in any order.On processors that support Intel 64 architecture, the full values of each 64-bit fieldloaded (for example, the base address for GDTR) is loaded regardless of the mode ofthe logical processor before and after the VM exit.The loading of host state is detailed in Section 23.5.1 to Section 23.5.5.
Thesesections reference VMCS fields that correspond to processor state. Unless otherwisestated, these references are to fields in the host-state area.In addition to loading host state, VM exits clear address-range monitoring (Section23.5.6).After the state loading described in this section, VM exits may load MSRs from theVM-exit MSR-load area (see Section 23.6). This loading occurs only after the stateloading described in this section.23.5.1Loading Host Control Registers, Debug Registers, MSRsVM exits load new values for controls registers, debug registers, and some MSRs:•CR0, CR3, and CR4 are loaded from the CR0 field, the CR3 field, and the CR4field, respectively, with the following exceptions:— The following bits are not modified:•For CR0, ET, CD, NW; bits 63:32 (on processors that support Intel 64architecture), 28:19, 17, and 15:6; and any bits that are fixed in VMXoperation (see Section 19.8).1•For CR3, bits 63:52 and bits in the range 51:32 beyond the processor’sphysical-address width (they are cleared to 0).2 (This item applies only toprocessors that support Intel 64 architecture.)1.
Note that bits 28:19, 17, and 15:6 of CR0 and CR0.ET are unchanged by executions of MOV toCR0. CR0.ET is always 1 and the other bits are always 0.2. Software can determine a processor’s physical-address width by executing CPUID with80000008H in EAX.
The physical-address width is returned in bits 7:0 of EAX.23-24 Vol. 3VM EXITS•For CR4, any bits that are fixed in VMX operation (see Section 19.8).— CR4.PAE is set to 1 if the “host address-space size” VM-exit control is 1.••DR7 is set to 400H.The following MSRs are established as follows:— The IA32_DEBUGCTL MSR is cleared to 00000000_00000000H.— The IA32_SYSENTER_CS MSR is loaded from the IA32_SYSENTER_CS field.Since that field has only 32 bits, bits 63:32 of the MSR are cleared to 0.— IA32_SYSENTER_ESP MSR and IA32_SYSENTER_EIP MSR are loaded fromthe IA32_SYSENTER_ESP field and the IA32_SYSENTER_EIP field, respectively.
On processors that do not support Intel 64 architecture, these fieldshave only 32 bits; bits 63:32 of the MSRs are cleared to 0.— The following are performed on processors that support Intel 64 architecture:•The MSRs FS.base and GS.base are loaded from the base-address fieldsfor FS and GS, respectively (see Section 23.5.2).•The LMA and LME bits in the IA32_EFER MSR are each loaded with thesetting of the “host address-space size” VM-exit control.With the exception of FS.base and GS.base, any of these MSRs is subsequentlyoverwritten if it appears in the VM-exit MSR-load area.
See Section 23.6.If any of CR3[63:5] (CR3[31:5] on processors that do not support Intel 64 architecture), CR4.PAE, CR4.PSE, or IA32_EFER.LMA is changing, the TLBs are updated sothat, after VM exit, the logical processor does not use translations that were cachedbefore the transition. This is not necessary for changes that would not affect pagingdue to the settings of other bits (for example, changes to CR4.PSE if CR4.PAE was 1before and after the transition).23.5.2Loading Host Segment and Descriptor-Table RegistersEach of the registers CS, SS, DS, ES, FS, GS, and TR is loaded as follows (see belowfor the treatment of LDTR):•The selector is loaded from the selector field. The segment is unusable if itsselector is loaded with zero. Note that the checks specified Section 22.3.1.2 limitthe selector values that may be loaded.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
