On Thu, Aug 29, 2019 at 2:25 PM Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> wrote: > > According to section "Checks on Guest Control Registers, Debug Registers, and > and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry > of nested guests: > > If the "load debug controls" VM-entry control is 1, bits 63:32 in the DR7 > field must be 0. Can't we just let the hardware check guest DR7? This results in "VM-entry failure due to invalid guest state," right? And we just reflect that to L1?
