VMX NON-ROOT OPERATION && VM ENTRIES && VMX SUPPORT FOR ADDRESS TRANSLATION

CHAPTER 25 VMX NON-ROOT OPERATION

25.3  CHANGES TO INSTRUCTION BEHAVIOR IN VMX NON-ROOT OPERATION

• MOV from CR3. If the “enable EPT” VM-execution control is 1 and an execution of MOV from CR3 does not 
cause a VM exit (see Section 25.1.3), the value loaded from CR3 is a guest-physical address; see Section 
28.2.1.


• MOV to CR3. If the “enable EPT” VM-execution control is 1 and an execution of MOV to CR3 does not cause a 
VM exit (see Section 25.1.3), the value loaded into CR3 is treated as a guest-physical address; see Section 
28.2.1.

CHAPTER 26 VM ENTRIES

26.5  EVENT INJECTION

If the valid bit in the VM-entry interruption-information field (see Section 24.8.3) is 1, VM entry causes an event to 
be delivered (or made pending) after all components of guest state have been loaded (including MSRs) and after 
the VM-execution control fields have been established.
• If the interruption type in the field is 0 (external interrupt), 2 (non-maskable interrupt); 3 (hardware 
exception), 4 (software interrupt), 5 (privileged software exception), or 6 (software exception), the event is 
delivered as described in Section 26.5.1.
• If the interruption type in the field is 7 (other event) and the vector field is 0, an MTF VM exit is pending after 
VM entry. See Section 26.5.2.

26.5.1  Vectored-Event Injection

VM entry delivers an injected vectored event within the guest context established by VM entry. This means that 
delivery occurs after all components of guest state have been loaded (including MSRs) and after the VM-execution 
control fields have been established. The event is delivered using the vector in that field to select a descriptor in 
the IDT. Since event injection occurs after loading IDTR from the guest-state area, this is the guest IDT.
Section 26.5.1.1 provides details of vectored-event injection. In general, the event is delivered exactly as if it had 
been generated normally.

CHAPTER 28 VMX SUPPORT FOR ADDRESS TRANSLATION

The architecture for VMX operation includes two features that support address translation: virtual-processor iden-
tifiers (VPIDs) and the extended page-table mechanism (EPT). VPIDs are a mechanism for managing translations 
of linear addresses. EPT defines a layer of address translation that augments the translation of linear addresses.

28.1  VIRTUAL PROCESSOR IDENTIFIERS (VPIDS)

    VMCS-> VM-EXECUTION CONTROL FIELDS->VPID
    
    The current VPID is 0000H in the following situations:
    — Outside VMX operation. 
    — In VMX root operation.
    — In VMX non-root operation when the “enable VPID” VM-execution control is 0.
    

28.2  THE EXTENDED PAGE TABLE MECHANISM (EPT)

    某些 GLA 直接翻译为 HPA, 而不是 GPA (GPA再次翻译为HPA)
    其过程是在GLA在翻译为物理过程中, 先查找Guset Page table, 再立即查找 EPT paging structures, 直接产生HPA，而不是产生GPA
    
    If CR0.PG = 1, the translation of a linear address to a physical address requires multiple translations of guest-phys-
    ical addresses using EPT. Assume, for example, that CR4.PAE = CR4.PSE = 0. The translation of a 32-bit linear 
    address then operates as follows:
    • Bits 31:22 of the linear address select an entry in the guest page directory located at the guest-physical 
    address in CR3. The guest-physical address of the guest page-directory entry (PDE) is translated through EPT 
    to determine the guest PDE’s physical address.
    • Bits 21:12 of the linear address select an entry in the guest page table located at the guest-physical address in 
    the guest PDE. The guest-physical address of the guest page-table entry (PTE) is translated through EPT to 
    determine the guest PTE’s physical address.
    • Bits 11:0 of the linear address is the offset in the page frame located at the guest-physical address in the guest 
    PTE. The guest-physical address determined by this offset is translated through EPT to determine the physical 
    address to which the original linear address translates.