On Tue, Feb 20, 2018 at 9:51 PM, KarimAllah Ahmed <karahmed@xxxxxxxxx> wrote: > On a related note, which VMentry checks do we decide to do in software > and which ones we defer to hardware? Guest-state checks and some control field checks are currently deferred to hardware. Some checks simply aren't done at all (like the ones covered in this patch). > The spec has like a dizillion checks that are enfored by hardware on > VMEntry, which ones do we decide that it makes sense to validate in > software before-hand? We should probably defer only the guest-state checks to hardware. One problem with the current implementation is that we start loading L2 vCPU state before VM-entry to vmcs02. If VM-entry to vmcs02 fails early, with VMfailValid, the vCPU should still contain L1 state consistent with the VMLAUNCH or VMRESUME instruction and execution should just fall through to the next L1 instruction. At present, we have no way of backing out the L2 vCPU state that has already been loaded.
