On Fri, Aug 30, 2019 at 4:07 PM Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> wrote: > > > > On 08/29/2019 03:26 PM, Jim Mattson wrote: > > On Thu, Aug 29, 2019 at 2:25 PM Krish Sadhukhan > > <krish.sadhukhan@xxxxxxxxxx> wrote: > >> According to section "Checks on Guest Control Registers, Debug Registers, and > >> and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry > >> of nested guests: > >> > >> If the "load debug controls" VM-entry control is 1, bits 63:32 in the DR7 > >> field must be 0. > > Can't we just let the hardware check guest DR7? This results in > > "VM-entry failure due to invalid guest state," right? And we just > > reflect that to L1? > > Just trying to understand the reason why this particular check can be > deferred to the hardware. The vmcs02 field has the same value as the vmcs12 field, and the physical CPU has the same requirements as the virtual CPU.
