Hi all, made some progress understanding why vmport from L2 breaks since QEMU gets/sets the nested state around it: We do not preserve VM_EXIT_INSTRUCTION_LEN, and that breaks skip_emulated_instruction when completing the PIO access on next run. The field is suddenly 0, and so we loop infinitely over the IO instruction. Unless some other magic prevents migration while an IO instruction is in flight, vmport may not be the only victim here. Now the question is how to preserve that information: Can we restore the value into vmcs02 on set_nested_state, despite this field being read-only? Or do we need to cache its content and use that instead in skip_emulated_instruction? Looking at this pattern, I wonder if there is more. What other fields are used across PIO or MMIO when the handling is done by userland? Jan
