1 Reply Latest reply on Sep 23, 2011 10:49 AM by Adolfo_Intel

    VMX bug or (undocumented) feature?



      I'm working on some low-level operating system/virtualization software and I've run into some very strange behavior.

      The hardware is dual quad-core Intel Xeon E5430 and the scenario is as follows:


      An entry into and exit from a VMX-supported VM is performed using vmresume/vmcall. 

      Upon exit from the VM into VMX root mode, the host state is correctly restored from the VMCS with one exception:

      the TR register.  Reading from the TR register in root mode returns

      the appropriate descriptor, which indicates that the TR selector has been retrieved

      from the host part of the VMCS and written to the TR register upon VM exit.

      However, after VM exit, privilege level switches that make use of the TSS fail

      (e.g. from CPL 3->0 triggered by an exception/interrupt; sysenter/sysret works fine). 

      From what I can deduce it seems like TR is initialized

      with the host value from the VMCS, but the hidden parts of the TR register

      are not loaded.   To be able to perform privilege switches after VM exit,

      the hidden parts of the TR register have to be updated by explicitly

      writing to the TR register. 


      It should be noted that in this scenario the VM runs without a

      TSS (i.e. the VMCS guest state for TR is a null selector) and 

      both the host and the VM runs in IA-32e mode.


      Have I missed a line somewhere in the documentation or is this a bug?