> > > > + /* Cleanup. */
> > > > + vmcs_write(ENT_MSR_LD_CNT, 0);
> > > > + vmcs_write(EXI_MSR_LD_CNT, 0);
> > > > + vmcs_write(EXI_MSR_ST_CNT, 0);
> > > > + for (i = 0; i < cleanup_count; i++) {
> > > > + enter_guest();
> > > > + skip_exit_vmcall();
> > > > + }
> > >
> > > I'm missing something, why do we need to reenter the guest after setting
> > > the count to 0?
> >
> > It's for the failure code path, which fails to get into the guest and
> > skip the single vmcall(). I've refactored the code to make this clear.
> > Let me know what you think.
>
> Why is not entering the guest a problem?
The vmx tests check that the L2 guest has completed. So we need to
advance the L2 RIP past the single vmcall. Technically, we don't need
to enter the guest to do that. Entering the guest and calling
skip_exit_vmcall() feels like a convenient, clean way to do this. But
I'm happy to directly advance the RIP if you think that's better. Let
me know what you think.
