List of x86 virtualization instructions

See also: x86 virtualization
Part of a series on
x86 instruction listings

Instruction set extensions that have been added to the x86 instruction set in order to support hardware virtualization. These extensions provide instructions for entering and leaving a virtualized execution context and for loading virtual-machine control structures (VMCSs), which hold the state of the guest and host, along with fields which control processor behavior within the virtual machine.

AMD-V instructions

Instruction Opcode Instruction Description Used by Added in
Basic SVM (Secure Virtual Machine) instructions[1]
INVLPGA rAX,ECX[a] 0F 01 DF Invalidate TLB mappings for the virtual page specified in rAX and the ASID (Address Space IDentifier) specified in ECX. VMM K8[b]
VMRUN rAX[a] 0F 01 D8 Run virtual machine managed by the VMCB (Virtual Machine Control Block) specified by physical address in rAX.
VMLOAD rAX[a] 0F 01 DA Load a specific subset of processor state from the VMCB specified by the physical address in the rAX register.[c] Usually the VMM[d]
VMSAVE rAX[a] 0F 01 DB Save a specific subset of processor state to the VMCB specified by the physical address in the rAX register.[c]
STGI 0F 01 DC Set GIF (Global Interrupt Flag). Usually the VMM[e]
CLGI 0F 01 DD Clear GIF.
VMMCALL NFx 0F 01 D9 Call to VM monitor from guest by causing a VMEXIT. Guest
SKINIT EAX 0F 01 DE Secure Init and Jump with Attestation.
Initializes CPU to known state, designates a 64 Kbyte memory area specified by EAX as an SLB ("Secure Loader Block"), submits a copy of the memory area to the system TPM for validation using a digital signature, then jumps into the SLB. 		VMM Turion "Lion",[2]
Opteron "Shanghai",
Phenom II
Secure Encrypted Virtualization (SEV): Encrypted State (SEV-ES) instructions
VMGEXIT F2/F3 0F 01 D9 SEV-ES Exit to VMM.
Explicit communication with the VMM for SEV-ES VMs.[f]		 Guest Zen 1
Secure Nested Paging (SEV-SNP): Reverse-Map Table (RMP) instructions
PSMASH F3 0F 01 FF Page Smash: expands a 2MB-page RMP entry into a corresponding set of contiguous 4KB-page RMP entries. The 2 MB page's system physical address is specified in the RAX register. VMM Zen 3
RMPUPDATE F2 0F 01 FE Write a new RMP entry. The system physical address of a page whose RMP entry is modified is specified in the RAX register. The RCX register provides the effective address of a 16-byte data structure which contains the new RMP state.
PVALIDATE F2 0F 01 FF Validate or rescind validation of a guest page's RMP entry. The guest virtual address is specified in the register operand rAX.[a] Guest
RMPADJUST F3 0F 01 FE Adjust RMP permissions for a guest page. The guest virtual address is specified in the RAX register. The page size is specified in RCX[0]. The target VMPL (Virtual Machine Privilege Level) and its permissions are specified in the RDX register.
RMPQUERY F3 0F 01 FD Reads an RMP permission mask for a guest page. The guest virtual address is specified in the RAX register. The target VMPL is specified in RDX[7:0]. RMP permissions for the specified VMPL are returned in RDX[63:8] and the RCX register. Guest Zen 4
RMPREAD F2 0F 01 FD Read an RMP entry. The system physical address of the page whose RMP entry is to be read is specified in the RAX register. The RCX register provides the effective address of a 16-byte data structure that the RMP entry will be written to. VMM (Zen 5)
  1. ^ a b c d e For the rAX argument to the VMRUN, VMLOAD, VMSAVE, INVLPGA and PVALIDATE instructions, the choice of AX/EAX/RAX depends on address-size, which can be overridden with the 67h prefix.
  2. ^ Support for AMD-V was added in stepping F of the AMD K8, and is not available on earlier steppings.
  3. ^ a b The VMRUN instruction will load only a limited subset of CPU state - VMLOAD should be run before VMRUN to load additional state.
    Similarly, #VMEXIT will store only a limited amount of guest state to the VMCB, and VMSAVE is needed to store additional state.
    For simple intercept conditions where the VMM doesn't need to make use of the state items handled by VMSAVE/VMLOAD, the VMM may improve performance by abstaining from performing VMSAVE/VMLOAD before re-entering the virtual machine with VMRUN.
  4. ^ On CPUs that support VMLOAD/VMSAVE virtualization (Excavator and later), the VMLOAD and VMSAVE instructions can be executed in guest mode as well.
  5. ^ On CPUs that support Virtual GIF (Excavator and later), the STGI and CLGI instructions can be executed in guest mode as well.
  6. ^ VMGEXIT is executed as VMMCALL if not executed by a SEV-ES guest.

Intel VT-x instructions

Intel virtualization instructions. VT-x is also supported on some processors from VIA and Zhaoxin.

Instruction Opcode Instruction Description Used by[a] Added in
Basic VMX (Virtual Machine Extensions) instructions
VMXON m64[b] F3 0F C7 /6 Enter VMX Operation – enters hardware supported virtualisation environment.[c] VMM Prescott 2M,
Yonah,
Centerton,
Nano 3000
VMXOFF NP 0F 01 C4 Leave VMX Operation – stops hardware supported virtualisation environment.
VMPTRLD m64[b] NP 0F C7 /6 Load pointer to Virtual-Machine Control Structure (VMCS) from memory and mark it valid.
VMPTRST m64[b] NP 0F C7 /7 Store pointer to current VMCS to memory.
VMCLEAR m64[b] 66 0F C7 /6 Flush VMCS data from CPU to VMCS region in memory. If the specified VMCS is the current VMCS, then the current-VMCS is marked as invalid.
VMLAUNCH NP 0F 01 C2 Launch virtual machine managed by current VMCS.
VMRESUME NP 0F 01 C3 Resume virtual machine managed by current VMCS.
VMREAD r/m,reg NP 0F 78 /r Read a specified field from the current-VMCS. The reg argument specifies which field to read – the result is stored to r/m. Usually the VMM[d]
VMWRITE reg,r/m NP 0F 79 /r Write to specified field of current-VMCS. The reg argument specifies which field to write, and the r/m argument provides the data item to write to the field.
VMCALL NP 0F 01 C1 Call to VM monitor from guest by causing a VMEXIT. Usually the guest[e]
Extended Page Tables (EPT) instructions
INVEPT reg,m128 66 0F 38 80 /r Invalidates EPT-derived entries in the TLBs and paging-structure caches. The reg argument specifies an invalidation type, the memory argument specifies a 128-bit descriptor.[f] VMM Nehalem,
Centerton,[3]
ZhangJiang
INVVPID reg,m128 66 0F 38 81 /r Invalidates entries in the TLBs and paging-structure caches based on VPID (Virtual Processor ID). The reg argument specifies an invalidation type, the memory argument specifies a 128-bit descriptor.[g]
VMFUNC NP 0F 01 D4 Invoke VM function specified in EAX.[h] Guest Haswell,
Silvermont,
LuJiaZui
Trust Domain Extensions (TDX): Secure Arbitration Mode (SEAM) instructions[5]
SEAMOPS 66 0F 01 CE Invoke SEAM specific operations. Operation to perform is specified in RAX.[i] SEAM
root 		(Sapphire Rapids[6]),
Emerald Rapids[7]
SEAMRET 66 0F 01 CD Return to legacy VMX root operation from SEAM VMX root operation.
SEAMCALL 66 0F 01 CF Call to SEAM VMX root operation from legacy VMX root operation. VMM
TDCALL 66 0F 01 CC Call to VM monitor from TD guest by causing a VMEXIT. TD Guest
  1. ^ Executing any of the VT-x VMM instructions while within the VM guest will cause a VMEXIT.
    If VMX operation has not been entered through VMXON, then all of the VT-x instructions (except VMXON) will cause #UD.
  2. ^ a b c d The m64 argument to VMPTRLD, VMPTRST, VMCLEAR and VMXON is a 64-bit physical address.
  3. ^ The m64 argument to VMXON is the 64-bit physical address to a "VMXON region", which is a 4Kbyte region that must be 4 Kbyte aligned. This region may be used by the processor to support VMX operation in an implementation-dependent manner and should never be accessed by software until the processor has left VMX operation through the VMXOFF instruction.
  4. ^ If "VMCS Shadowing" is enabled (available on Haswell and later), the VMREAD and VMWRITE instructions can be executed by the guest as well.
  5. ^ The VMCALL instruction can be executed by the VMM as well – doing so will cause a special SMM VM exit.
  6. ^ The invalidation types available for the reg argument of INVEPT are:
    Value Function
    1 Single-context invalidation: invalidate all mappings associated with EPT-pointer in bits 63:0 of descriptor.
    2 Global invalidation: invalidate all mappings associated with all EPT-pointers.
  7. ^ The invalidation types available for the reg argument of INVVPID are:
    Value Function
    0 Invalidate mapping for linear address and VPID specified in descriptor.
    (Unlike INVLPG, INVVPID will fail when used with non-canonical addresses.[4])
    1 Invalidate all mappings for VPID specified in descriptor.
    2 All-contexts invalidation: invalidate all mappings for all VPIDs except VPID 0.
    3 Invalidate all mappings for VPID specified in descriptor, except global translations.
  8. ^ The functions available for VMFUNC in the EAX register are:
    EAX Function
    0 EPTP switching: switch extended page table pointer to one of up to 512 table pointers prepared in advance by the VM host.
    ECX specifies which one of the 512 pointers to use.
    1-63 (Reserved, will cause VMEXIT)
    ≥64 Invalid, will cause #UD.
  9. ^ The operations available for SEAMOPS in the RAX register are:
    RAX Operation
    0 (CAPABILITIES) Return bitmap of supported SEAMOPS leaves in RAX.
    1 (SEAMREPORT) Generate SEAMREPORT structure.

    Any unsupported value in RAX will cause a #GP(0) exception.

References

  1. ^ AMD, AMD64 Virtualization Codenamed “Pacifica” Technology, publication no. 33407, rev 3.01, May 2005. Archived on Jun 13, 2011.
  2. ^ CPU-World, CPUID for AMD Turion 64 X2 RM-75, 2022-03-05. Archived on Apr 19, 2023.
  3. ^ Intel, Intel® Atom™ Processor S1200 Product Family for Microserver Datasheet, Volume 1 of 2, order no. 328194-001, dec 2012, page 44
  4. ^ Vulners, VMX: intercept issue with INVLPG on non-canonical address, 20 Jan 2016.
  5. ^ Intel, Trust Domain CPU Architectural Extensions, order no. 343754-002, may 2021.
  6. ^ SecurityWeek, Intel Adds TDX to Confidential Computing Portfolio With Launch of 4th Gen Xeon Processors, 10 jan 2023
  7. ^ Intel, What Intel Xeon Processors Support for Intel Trust Domain Extensions (Intel TDX)?, 11 Jun 2024 - indicates general market availability of TDX on Emerald Rapids CPUs but limited availability on Sapphire Rapids CPUs. Archived on 13 Jun 2024.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi

Kembali kehalaman sebelumnya