INVEPT

Invalidate Translations Derived from EPT

Opcodes

Hex Mnemonic Encoding Long Mode Legacy Mode Description
66 0F 38 80 INVEPT r32, m128 None None None Invalidates EPT-derived entries in the TLBs and paging-structure caches (outside 64-bit mode)
66 0F 38 80 INVEPT r64, m128 None None None Invalidates EPT-derived entries in the TLBs and paging-structure caches (in 64-bit mode)

Description

Invalidates mappings in the translation lookaside buffers (TLBs) and paging-structure caches that were derived from extended page tables (EPT). (See Chapter 25,"Support for Address Translation" in IA-32 Intel Architecture Software Developer's Manual, Volume 3B.) Invalidation is based on the INVEPT type specified in the register operand and the INVEPT descriptor specified in the memory operand.

Outside IA-32e mode, the register operand is always 32 bits, regardless of the value of CS.D. In 64-bit mode, the register operand has 64 bits; however, if bits 63:32 of the register operand are not zero, INVEPT fails due to an attempt to use an unsupported INVEPT type (see below).

The INVEPT types supported by a logical processors are reported in the IA32_VMX_EPT_VPID_CAP MSR (see Appendix "VMX Capability Reporting Facility" in IA-32 Intel Architecture Software Developer's Manual, Volume 3B). There are two INVEPT types currently defined:

If an unsupported INVEPT type is specified, the instruction fails.

INVEPT invalidates all the specified mappings for the indicated EPTP(s) regardless of the VPID and PCID values with which those mappings may be associated.

The INVEPT descriptor comprises 128 bits and contains a 64-bit EPTP value in bits 63:0.

Pseudo Code

IF (not in VMX operation) or (CR0.PE = 0) or (RFLAGS.VM = 1) or (IA32_EFER.LMA = 1 and CS.L = 0)
	#UD;
ELSE
	IF in VMX non-root operation
		VM exit;
	ELSE
		IF CPL > 0
			#GP(0);
		ELSE
			INVEPT_TYPE = value of register operand;
			IF IA32_VMX_EPT_VPID_CAP MSR indicates that processor does not support INVEPT_TYPE
				VMfail(Invalid operand to INVEPT/INVVPID);
			ELSE
				(* INVEPT_TYPE must be 1 or 2 *)
				INVEPT_DESC = value of memory operand;
				EPTP = INVEPT_DESC[63:0];
				CASE INVEPT_TYPE OF
					1: (* single-context invalidation *)
						IF VM entry with the "enable EPT" VM execution control set to 1 would fail due to the EPTP value
							VMfail(Invalid operand to INVEPT/INVVPID);
						ELSE
							Invalidate mappings associated with EPTP[51:12];
							VMsucceed;
						FI;
						BREAK;
					2: (* global invalidation Invalidate mappings associated with all EPTPs; *)
						VMsucceed;
						BREAK;
				ESAC;
			FI;
		FI;
	FI;
FI;

Flags Affected

See the operation section and Section 5.2.

Exceptions

64-Bit Mode Exceptions

Exception Description
#UD If not in VMX operation. If the logical processor does not support EPT (IA32_VMX_PROCBASED_CTLS2[33]=0). If the logical processor supports EPT (IA32_VMX_PROCBASED_CTLS2[33]=1) but does not support the INVEPT instruction (IA32_VMX_EPT_VPID_CAP[20]=0).
#SS(0) If the memory operand is in the SS segment and the memory address is in a non-canonical form.
#PF(fault-code) If a page fault occurs in accessing the memory operand.
#GP(0) If the current privilege level is not 0. If the memory operand is in the CS, DS, ES, FS, or GS segments and the memory address is in a non-canonical form.

Compatibility Mode Exceptions

Exception Description
#UD The INVEPT instruction is not recognized in compatibility mode.

Virtual-8086 Mode Exceptions

Exception Description
#UD The INVEPT instruction is not recognized in virtual-8086 mode.

Real-Address Mode Exceptions

Exception Description
#UD A logical processor cannot be in real-address mode while in VMX operation and the INVEPT instruction is not recognized outside VMX operation.

Protected Mode Exceptions

Exception Description
#UD If not in VMX operation. If the logical processor does not support EPT (IA32_VMX_PROCBASED_CTLS2[33]=0). If the logical processor supports EPT (IA32_VMX_PROCBASED_CTLS2[33]=1) but does not support the INVEPT instruction (IA32_VMX_EPT_VPID_CAP[20]=0).
#SS(0) If the memory operand effective address is outside the SS segment limit. If the SS register contains an unusable segment.
#PF(fault-code) If a page fault occurs in accessing the memory operand.
#GP(0) If the current privilege level is not 0. If the memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains an unusable segment. If the source operand is located in an execute-only code segment.