I'm working on some low-level operating system/virtualization software and I've run into some very strange behavior.
The hardware is dual quad-core Intel Xeon E5430 and the scenario is as follows:
An entry into and exit from a VMX-supported VM is performed using vmresume/vmcall.
Upon exit from the VM into VMX root mode, the host state is correctly restored from the VMCS with one exception:
the TR register. Reading from the TR register in root mode returns
the appropriate descriptor, which indicates that the TR selector has been retrieved
from the host part of the VMCS and written to the TR register upon VM exit.
However, after VM exit, privilege level switches that make use of the TSS fail
(e.g. from CPL 3->0 triggered by an exception/interrupt; sysenter/sysret works fine).
From what I can deduce it seems like TR is initialized
with the host value from the VMCS, but the hidden parts of the TR register
are not loaded. To be able to perform privilege switches after VM exit,
the hidden parts of the TR register have to be updated by explicitly
writing to the TR register.
It should be noted that in this scenario the VM runs without a
TSS (i.e. the VMCS guest state for TR is a null selector) and
both the host and the VM runs in IA-32e mode.
Have I missed a line somewhere in the documentation or is this a bug?
For assistance on this matter, I would suggest contacting a Field Application Engineer (FAE). In order to talk to a FAE, please call any of our local Authorized Intel® Distributors.
You can find a list of Authorized Intel® Distributors at:
If you are outside the United States, please access the following link and select a location, to find the closest authorized distributor:
Once you call the Authorized Intel® Distributor, ask them to put you in contact with the Field Application Engineer (FAE).