Hi,

I'm working on some low-level operating system/virtualization software and I've run into some very strange behavior.

The hardware is dual quad-core Intel Xeon E5430 and the scenario is as follows:

An entry into and exit from a VMX-supported VM is performed using vmresume/vmcall.

Upon exit from the VM into VMX root mode, the host state is correctly restored from the VMCS with one exception:

the TR register. Reading from the TR register in root mode returns

the appropriate descriptor, which indicates that the TR selector has been retrieved

from the host part of the VMCS and written to the TR register upon VM exit.

However, after VM exit, privilege level switches that make use of the TSS fail

(e.g. from CPL 3->0 triggered by an exception/interrupt; sysenter/sysret works fine).

From what I can deduce it seems like TR is initialized

with the host value from the VMCS, but the hidden parts of the TR register

are not loaded. To be able to perform privilege switches after VM exit,

the hidden parts of the TR register have to be updated by explicitly

writing to the TR register.

It should be noted that in this scenario the VM runs without a

TSS (i.e. the VMCS guest state for TR is a null selector) and

both the host and the VM runs in IA-32e mode.

Have I missed a line somewhere in the documentation or is this a bug?