Data Sheet
Datasheet, Volume 1 of 2 55
Technologies
• More secure: The use of hardware transitions in the VMM strengthens the isolation
of VMs and further prevents corruption of one VM from affecting others on the
same system.
Intel
®
VT-x Key Features
The processor supports the following added new Intel VT-x features:
• Extended Page Table (EPT) Accessed and Dirty Bits
— EPT A/D bits enabled VMMs to efficiently implement memory management and
page classification algorithms to optimize VM memory operations, such as de-
fragmentation, paging, live migration, and check-pointing. Without hardware
support for EPT A/D bits, VMMs may need to emulate A/D bits by marking EPT
paging-structures as not-present or read-only, and incur the overhead of EPT
page-fault VM exits and associated software processing.
• EPTP (EPT pointer) switching
— EPTP switching is a specific VM function. EPTP switching allows guest software
(in VMX non-root operation, supported by EPT) to request a different EPT
paging-structure hierarchy. This is a feature by which software in VMX non-root
operation can request a change of EPTP without a VM exit. Software will be able
to choose among a set of potential EPTP values determined in advance by
software in VMX root operation.
• Pause loop exiting
— Support VMM schedulers referring to determine when a virtual processor of a
multiprocessor virtual machine is not performing useful work. This situation
may occur when not all virtual processors of the virtual machine are currently
scheduled and when the virtual processor in question is in a loop involving the
PAUSE instruction. The new feature allows detection of such loops and is thus
called PAUSE-loop exiting.
The processor IA core supports the following Intel VT-x features:
• Mode based (XU/XS) EPT Execute Control - New Feature for this processor
— A new mode of EPT operation which enables different controls for executability
of GPA based on Guest specified mode (User/Supervisor) of linear address
translating to the GPA. When the mode is enabled, the executability of a GPA is
defined by two bits in EPT entry. One bit for accesses to user pages and other
one for accesses to supervisor pages.
— The new mode requires changes in VMCS, and EPT entries. VMCS includes a bit
“mode based EPT execute control” which is used to enable/disable the mode.
An additional bit in EPT entry is defined as “supervisor-execute access”; the
original execute control bit is considered as “user-execute access”. If the “mode
based EPT execute control” is disabled the additional bit is ignored and the
system works with one bit execute control for both user pages and supervisor
pages.
— Behavioral changes - Behavioral changes are across three areas:
• Access to GPA- If the “mode-based EPT execute control” VM-execution
control is 1, treatment of guest-physical accesses by instruction fetches
depends on the linear address from which an instruction is being fetched
1.If the translation of the linear address specifies user mode (the U/S bit
was set in every paging structure entry used to translate the linear
address), the resulting guest-physical address is executable under
EPT only if the XU bit (at position 2) is set in every EPT paging-
structure entry used to translate the guest-physical address.
2.If the translation of the linear address specifies supervisor mode (the
U/S bit was clear in at least one of the paging-structure entries used