Changeset 22040 in vbox for trunk/src/VBox/VMM

Timestamp:

Aug 6, 2009 4:33:21 PM (15 years ago)

Author:

vboxsync

Message:

VT-x: use MSR bitmaps and automatic load/store (risky change).

Location:

trunk/src/VBox/VMM

Files:

• HWACCM.cpp (modified) (1 diff)
• HWACCMInternal.h (modified) (2 diffs)
• VMMGC/HWACCMGCA.asm (modified) (2 diffs)
• VMMR0/HWACCMR0Mixed.mac (modified) (4 diffs)
• VMMR0/HWVMXR0.cpp (modified) (17 diffs)

trunk/src/VBox/VMM/HWACCM.cpp

@@ -946 +946 @@
 
             LogRel(("HWACCM: TPR shadow physaddr           = %RHp\n", pVM->hwaccm.s.vmx.pAPICPhys));
-            LogRel(("HWACCM: MSR bitmap physaddr           = %RHp\n", pVM->hwaccm.s.vmx.pMSRBitmapPhys));
+
+            /* Paranoia */
+            AssertRelease(MSR_IA32_VMX_MISC_MAX_MSR(pVM->hwaccm.s.vmx.msr.vmx_misc) >= 512);
 
             for (unsigned i=0;i<pVM->cCPUs;i++)
-                LogRel(("HWACCM: VMCS physaddr VCPU%d           = %RHp\n", i, pVM->aCpus[i].hwaccm.s.vmx.pVMCSPhys));
+            {
+                LogRel(("HWACCM: VCPU%d: MSR bitmap physaddr      = %RHp\n", i, pVM->aCpus[i].hwaccm.s.vmx.pMSRBitmapPhys));
+                LogRel(("HWACCM: VCPU%d: VMCS physaddr            = %RHp\n", i, pVM->aCpus[i].hwaccm.s.vmx.pVMCSPhys));
+            }
 
 #ifdef HWACCM_VTX_WITH_EPT

trunk/src/VBox/VMM/HWACCMInternal.h

@@ -336 +336 @@
         R0PTRTYPE(uint8_t *)        pAPIC;
 
-        /** R0 memory object for the MSR bitmap (1 page). */
-        RTR0MEMOBJ                  pMemObjMSRBitmap;
-        /** Physical address of the MSR bitmap (1 page). */
-        RTHCPHYS                    pMSRBitmapPhys;
-        /** Virtual address of the MSR bitmap (1 page). */
-        R0PTRTYPE(uint8_t *)        pMSRBitmap;
-
         /** R0 memory object for the MSR entry load page (guest MSRs). */
         RTR0MEMOBJ                  pMemObjMSREntryLoad;
@@ -585 +578 @@
         /** Current EPTP. */
         RTHCPHYS                    GCPhysEPTP;
+
+        /** R0 memory object for the MSR bitmap (1 page). */
+        RTR0MEMOBJ                  pMemObjMSRBitmap;
+        /** Physical address of the MSR bitmap (1 page). */
+        RTHCPHYS                    pMSRBitmapPhys;
+        /** Virtual address of the MSR bitmap (1 page). */
+        R0PTRTYPE(uint8_t *)        pMSRBitmap;
+
+        /** R0 memory object for the guest MSR load area (1 page). */
+        RTR0MEMOBJ                  pMemObjGuestMSR;
+        /** Physical address of the guest MSR load area (1 page). */
+        RTHCPHYS                    pGuestMSRPhys;
+        /** Virtual address of the guest MSR load area (1 page). */
+        R0PTRTYPE(uint8_t *)        pGuestMSR;
+
+        /** R0 memory object for the MSR load area (1 page). */
+        RTR0MEMOBJ                  pMemObjHostMSR;
+        /** Physical address of the MSR load area (1 page). */
+        RTHCPHYS                    pHostMSRPhys;
+        /** Virtual address of the MSR load area (1 page). */
+        R0PTRTYPE(uint8_t *)        pHostMSR;
 
         /** VMCS cache. */

trunk/src/VBox/VMM/VMMGC/HWACCMGCA.asm

@@ -232 +232 @@
     ; *
     ; */
-
-    ; Load the guest LSTAR, CSTAR, SFMASK & KERNEL_GSBASE MSRs
-    ;; @todo use the automatic load feature for MSRs
-    LOADGUESTMSR MSR_K8_LSTAR,          CPUMCTX.msrLSTAR
-%if 0  ; not supported on Intel CPUs
-    LOADGUESTMSR MSR_K8_CSTAR,          CPUMCTX.msrCSTAR
-%endif
-    LOADGUESTMSR MSR_K6_STAR,           CPUMCTX.msrSTAR
-    LOADGUESTMSR MSR_K8_SF_MASK,        CPUMCTX.msrSFMASK
-    LOADGUESTMSR MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
-
 %ifdef VBOX_WITH_CRASHDUMP_MAGIC
     mov     qword [rbx + VMCSCACHE.uPos], 5
@@ -308 +297 @@
 
     pop     rsi         ; pCtx (needed in rsi by the macros below)
-
-    ;; @todo use the automatic load feature for MSRs
-    SAVEGUESTMSR MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
 
 %ifdef VMX_USE_CACHED_VMCS_ACCESSES

trunk/src/VBox/VMM/VMMR0/HWACCMR0Mixed.mac

@@ -414 +414 @@
 %endif
 
-    ; Save the host LSTAR, CSTAR, SFMASK & KERNEL_GSBASE MSRs and restore the guest MSRs
-    ;; @todo use the automatic load feature for MSRs
-    LOADGUESTMSR MSR_K8_LSTAR, CPUMCTX.msrLSTAR
-%if 0  ; not supported on Intel CPUs
-    LOADGUESTMSR MSR_K8_CSTAR, CPUMCTX.msrCSTAR
-%endif
-    LOADGUESTMSR MSR_K6_STAR, CPUMCTX.msrSTAR
-    LOADGUESTMSR MSR_K8_SF_MASK, CPUMCTX.msrSFMASK
-    LOADGUESTMSR MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
-
     ; Save the pCtx pointer
     push    xSI
@@ -531 +521 @@
     pop     xSI         ; pCtx (needed in rsi by the macros below)
 
-    ; Restore the host LSTAR, CSTAR, SFMASK & KERNEL_GSBASE MSRs
-    ;; @todo use the automatic load feature for MSRs
-    LOADHOSTMSREX MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
-    LOADHOSTMSR MSR_K8_SF_MASK
-    LOADHOSTMSR MSR_K6_STAR
-%if 0  ; not supported on Intel CPUs
-    LOADHOSTMSR MSR_K8_CSTAR
-%endif
-    LOADHOSTMSR MSR_K8_LSTAR
-
 %ifdef VMX_USE_CACHED_VMCS_ACCESSES
     pop     xDX         ; saved pCache
@@ -589 +569 @@
     pop     xSI         ; pCtx (needed in rsi by the macros below)
 
-    ; Restore the host LSTAR, CSTAR, SFMASK & KERNEL_GSBASE MSRs
-    ;; @todo use the automatic load feature for MSRs
-    LOADHOSTMSREX MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
-    LOADHOSTMSR MSR_K8_SF_MASK
-    LOADHOSTMSR MSR_K6_STAR
-%if 0  ; not supported on Intel CPUs
-    LOADHOSTMSR MSR_K8_CSTAR
-%endif
-    LOADHOSTMSR MSR_K8_LSTAR
-
 %ifdef VMX_USE_CACHED_VMCS_ACCESSES
     add     xSP, xS     ; pCache
@@ -622 +592 @@
 
     pop     xSI         ; pCtx (needed in rsi by the macros below)
-
-    ; Restore the host LSTAR, CSTAR, SFMASK & KERNEL_GSBASE MSRs
-    ;; @todo use the automatic load feature for MSRs
-    LOADHOSTMSREX MSR_K8_KERNEL_GS_BASE, CPUMCTX.msrKERNELGSBASE
-    LOADHOSTMSR MSR_K8_SF_MASK
-    LOADHOSTMSR MSR_K6_STAR
-%if 0  ; not supported on Intel CPUs
-    LOADHOSTMSR MSR_K8_CSTAR
-%endif
-    LOADHOSTMSR MSR_K8_LSTAR
 
 %ifdef VMX_USE_CACHED_VMCS_ACCESSES

trunk/src/VBox/VMM/VMMR0/HWVMXR0.cpp

@@ -83 +83 @@
 static bool vmxR0IsValidWriteField(uint32_t idxField);
 #endif
+static void vmxR0SetMSRPermission(PVMCPU pVCpu, unsigned ulMSR, bool fRead, bool fWrite);
 
 static void VMXR0CheckError(PVM pVM, PVMCPU pVCpu, int rc)
@@ -198 +199 @@
     }
 
-    /* Allocate the MSR bitmap if this feature is supported. */
-    if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS)
-    {
-        rc = RTR0MemObjAllocCont(&pVM->hwaccm.s.vmx.pMemObjMSRBitmap, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
-        AssertRC(rc);
-        if (RT_FAILURE(rc))
-            return rc;
-
-        pVM->hwaccm.s.vmx.pMSRBitmap     = (uint8_t *)RTR0MemObjAddress(pVM->hwaccm.s.vmx.pMemObjMSRBitmap);
-        pVM->hwaccm.s.vmx.pMSRBitmapPhys = RTR0MemObjGetPagePhysAddr(pVM->hwaccm.s.vmx.pMemObjMSRBitmap, 0);
-        memset(pVM->hwaccm.s.vmx.pMSRBitmap, 0xff, PAGE_SIZE);
-    }
-
 #ifdef VBOX_WITH_CRASHDUMP_MAGIC
     {
@@ -256 +244 @@
         pVCpu->hwaccm.s.vmx.pVAPICPhys = RTR0MemObjGetPagePhysAddr(pVCpu->hwaccm.s.vmx.pMemObjVAPIC, 0);
         ASMMemZero32(pVCpu->hwaccm.s.vmx.pVAPIC, PAGE_SIZE);
+
+        /* Allocate the MSR bitmap if this feature is supported. */
+        if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS)
+        {
+            rc = RTR0MemObjAllocCont(&pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
+            AssertRC(rc);
+            if (RT_FAILURE(rc))
+                return rc;
+
+            pVCpu->hwaccm.s.vmx.pMSRBitmap     = (uint8_t *)RTR0MemObjAddress(pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap);
+            pVCpu->hwaccm.s.vmx.pMSRBitmapPhys = RTR0MemObjGetPagePhysAddr(pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap, 0);
+            memset(pVCpu->hwaccm.s.vmx.pMSRBitmap, 0xff, PAGE_SIZE);
+        }
+
+        /* Allocate one page for the guest MSR load area (for preloading guest MSRs during the world switch). */
+        rc = RTR0MemObjAllocCont(&pVCpu->hwaccm.s.vmx.pMemObjGuestMSR, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
+        AssertRC(rc);
+        if (RT_FAILURE(rc))
+            return rc;
+
+        pVCpu->hwaccm.s.vmx.pGuestMSR     = (uint8_t *)RTR0MemObjAddress(pVCpu->hwaccm.s.vmx.pMemObjGuestMSR);
+        pVCpu->hwaccm.s.vmx.pGuestMSRPhys = RTR0MemObjGetPagePhysAddr(pVCpu->hwaccm.s.vmx.pMemObjGuestMSR, 0);
+        memset(pVCpu->hwaccm.s.vmx.pGuestMSR, 0, PAGE_SIZE);
+
+        /* Allocate one page for the host MSR load area (for restoring host MSRs after the world switch back). */
+        rc = RTR0MemObjAllocCont(&pVCpu->hwaccm.s.vmx.pMemObjHostMSR, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
+        AssertRC(rc);
+        if (RT_FAILURE(rc))
+            return rc;
+
+        pVCpu->hwaccm.s.vmx.pHostMSR     = (uint8_t *)RTR0MemObjAddress(pVCpu->hwaccm.s.vmx.pMemObjHostMSR);
+        pVCpu->hwaccm.s.vmx.pHostMSRPhys = RTR0MemObjGetPagePhysAddr(pVCpu->hwaccm.s.vmx.pMemObjHostMSR, 0);
+        memset(pVCpu->hwaccm.s.vmx.pHostMSR, 0, PAGE_SIZE);
 
         /* Current guest paging mode. */
@@ -294 +315 @@
             pVCpu->hwaccm.s.vmx.pVAPICPhys   = 0;
         }
+        if (pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap != NIL_RTR0MEMOBJ)
+        {
+            RTR0MemObjFree(pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap, false);
+            pVCpu->hwaccm.s.vmx.pMemObjMSRBitmap = NIL_RTR0MEMOBJ;
+            pVCpu->hwaccm.s.vmx.pMSRBitmap       = 0;
+            pVCpu->hwaccm.s.vmx.pMSRBitmapPhys   = 0;
+        }
+        if (pVCpu->hwaccm.s.vmx.pMemObjHostMSR != NIL_RTR0MEMOBJ)
+        {
+            RTR0MemObjFree(pVCpu->hwaccm.s.vmx.pMemObjHostMSR, false);
+            pVCpu->hwaccm.s.vmx.pMemObjHostMSR = NIL_RTR0MEMOBJ;
+            pVCpu->hwaccm.s.vmx.pHostMSR       = 0;
+            pVCpu->hwaccm.s.vmx.pHostMSRPhys   = 0;
+        }
+        if (pVCpu->hwaccm.s.vmx.pMemObjGuestMSR != NIL_RTR0MEMOBJ)
+        {
+            RTR0MemObjFree(pVCpu->hwaccm.s.vmx.pMemObjGuestMSR, false);
+            pVCpu->hwaccm.s.vmx.pMemObjGuestMSR = NIL_RTR0MEMOBJ;
+            pVCpu->hwaccm.s.vmx.pGuestMSR       = 0;
+            pVCpu->hwaccm.s.vmx.pGuestMSRPhys   = 0;
+        }
     }
     if (pVM->hwaccm.s.vmx.pMemObjAPIC != NIL_RTR0MEMOBJ)
@@ -301 +343 @@
         pVM->hwaccm.s.vmx.pAPIC       = 0;
         pVM->hwaccm.s.vmx.pAPICPhys   = 0;
-    }
-    if (pVM->hwaccm.s.vmx.pMemObjMSRBitmap != NIL_RTR0MEMOBJ)
-    {
-        RTR0MemObjFree(pVM->hwaccm.s.vmx.pMemObjMSRBitmap, false);
-        pVM->hwaccm.s.vmx.pMemObjMSRBitmap = NIL_RTR0MEMOBJ;
-        pVM->hwaccm.s.vmx.pMSRBitmap       = 0;
-        pVM->hwaccm.s.vmx.pMSRBitmapPhys   = 0;
     }
 #ifdef VBOX_WITH_CRASHDUMP_MAGIC
@@ -395 +430 @@
             val |= VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_CR8_STORE_EXIT | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_CR8_LOAD_EXIT;
 
-#ifdef VBOX_WITH_VTX_MSR_BITMAPS
         if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS)
         {
-            Assert(pVM->hwaccm.s.vmx.pMSRBitmapPhys);
+            Assert(pVCpu->hwaccm.s.vmx.pMSRBitmapPhys);
             val |= VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS;
         }
-#endif
 
         /* We will use the secondary control if it's present. */
@@ -480 +513 @@
         if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS)
         {
-            /* Optional */
-            rc = VMXWriteVMCS64(VMX_VMCS_CTRL_MSR_BITMAP_FULL, pVM->hwaccm.s.vmx.pMSRBitmapPhys);
+            Assert(pVCpu->hwaccm.s.vmx.pMSRBitmapPhys);
+
+            rc = VMXWriteVMCS64(VMX_VMCS_CTRL_MSR_BITMAP_FULL, pVCpu->hwaccm.s.vmx.pMSRBitmapPhys);
             AssertRC(rc);
-        }
-
-        /* Clear MSR controls. */
-        rc  = VMXWriteVMCS64(VMX_VMCS_CTRL_VMEXIT_MSR_STORE_FULL, 0);
-        rc |= VMXWriteVMCS64(VMX_VMCS_CTRL_VMEXIT_MSR_LOAD_FULL, 0);
-        rc |= VMXWriteVMCS64(VMX_VMCS_CTRL_VMENTRY_MSR_LOAD_FULL, 0);
-        rc |= VMXWriteVMCS(VMX_VMCS_CTRL_EXIT_MSR_STORE_COUNT, 0);
-        rc |= VMXWriteVMCS(VMX_VMCS_CTRL_EXIT_MSR_LOAD_COUNT, 0);
-        AssertRC(rc);
-
+
+            /* Allow the guest to directly modify these MSRs; they are restored and saved automatically. */
+            vmxR0SetMSRPermission(pVCpu, MSR_IA32_SYSENTER_CS, true, true);
+            vmxR0SetMSRPermission(pVCpu, MSR_IA32_SYSENTER_ESP, true, true);
+            vmxR0SetMSRPermission(pVCpu, MSR_IA32_SYSENTER_EIP, true, true);
+        }
+
+        /* Set the guest & host MSR load/store physical addresses. */
+        Assert(pVCpu->hwaccm.s.vmx.pGuestMSRPhys);
+        rc = VMXWriteVMCS64(VMX_VMCS_CTRL_VMENTRY_MSR_LOAD_FULL, pVCpu->hwaccm.s.vmx.pGuestMSRPhys);
+        AssertRC(rc);
+        rc = VMXWriteVMCS64(VMX_VMCS_CTRL_VMEXIT_MSR_STORE_FULL, pVCpu->hwaccm.s.vmx.pGuestMSRPhys);
+        AssertRC(rc);
+
+        Assert(pVCpu->hwaccm.s.vmx.pHostMSRPhys);
+        rc = VMXWriteVMCS64(VMX_VMCS_CTRL_VMEXIT_MSR_LOAD_FULL, pVCpu->hwaccm.s.vmx.pHostMSRPhys);
+        AssertRC(rc);
+        
         if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_TPR_SHADOW)
         {
@@ -610 +652 @@
     VMXR0CheckError(pVM, &pVM->aCpus[0], rc);
     return rc;
+}
+
+/**
+ * Sets the permission bits for the specified MSR
+ *
+ * @param   pVCpu       The VMCPU to operate on.
+ * @param   ulMSR       MSR value
+ * @param   fRead       Reading allowed/disallowed
+ * @param   fWrite      Writing allowed/disallowed
+ */
+static void vmxR0SetMSRPermission(PVMCPU pVCpu, unsigned ulMSR, bool fRead, bool fWrite)
+{
+    unsigned ulBit;
+    uint8_t *pMSRBitmap = (uint8_t *)pVCpu->hwaccm.s.vmx.pMSRBitmap;
+
+    /* Layout:
+     * 0x000 - 0x3ff - Low MSR read bits
+     * 0x400 - 0x7ff - High MSR read bits
+     * 0x800 - 0xbff - Low MSR write bits
+     * 0xc00 - 0xfff - High MSR write bits
+     */
+    if (ulMSR <= 0x00001FFF)
+    {
+        /* Pentium-compatible MSRs */
+        ulBit    = ulMSR;
+    }
+    else
+    if (    ulMSR >= 0xC0000000
+        &&  ulMSR <= 0xC0001FFF)
+    {
+        /* AMD Sixth Generation x86 Processor MSRs */
+        ulBit = (ulMSR - 0xC0000000);
+        pMSRBitmap += 0x400;
+    }
+    else
+    {
+        AssertFailed();
+        return;
+    }
+
+    Assert(ulBit <= 0x1fff);
+    if (fRead)
+        ASMBitClear(pMSRBitmap, ulBit);
+    else
+        ASMBitSet(pMSRBitmap, ulBit);
+    
+    if (fWrite)
+        ASMBitClear(pMSRBitmap + 0x800, ulBit);
+    else
+        ASMBitSet(pMSRBitmap + 0x800, ulBit);
 }
 
@@ -992 +1084 @@
         }
 
-
         /* Save the base address of the TR selector. */
         if (SelTR > gdtr.cbGdt)
@@ -1067 +1158 @@
         AssertRC(rc);
 
-#if 0 /* @todo deal with 32/64 */
-        /* Restore the host EFER - on CPUs that support it. */
-        if (pVM->hwaccm.s.vmx.msr.vmx_exit.n.allowed1 & VMX_VMCS_CTRL_EXIT_CONTROLS_LOAD_HOST_EFER_MSR)
-        {
-            uint64_t msrEFER = ASMRdMsr(MSR_IA32_EFER);
-            rc = VMXWriteVMCS64(VMX_VMCS_HOST_FIELD_EFER_FULL, msrEFER);
-            AssertRC(rc);
-        }
-#endif
+        /* Store all host MSRs in the VM-Exit load area, so they will be reloaded after the world switch back to the host. */
+        PVMXMSR pMsr = (PVMXMSR)pVCpu->hwaccm.s.vmx.pHostMSR;
+        unsigned idxMsr = 0;
+
+        /* EFER MSR present? */
+        if (ASMCpuId_EDX(0x80000001) & (X86_CPUID_AMD_FEATURE_EDX_NX|X86_CPUID_AMD_FEATURE_EDX_LONG_MODE))
+        {
+            if (ASMCpuId_EDX(0x80000001) & X86_CPUID_AMD_FEATURE_EDX_SEP)
+            {
+                pMsr->u32IndexMSR = MSR_K6_STAR;
+                pMsr->u32Reserved = 0;
+                pMsr->u64Value    = ASMRdMsr(MSR_K6_STAR);                   /* legacy syscall eip, cs & ss */
+                pMsr++; idxMsr++;
+            }
+
+            pMsr->u32IndexMSR = MSR_K6_EFER;
+            pMsr->u32Reserved = 0;
+#if HC_ARCH_BITS == 32 && defined(VBOX_ENABLE_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+            if (CPUMIsGuestInLongMode(pVCpu))
+            {
+                /* Must match the efer value in our 64 bits switcher. */
+                pMsr->u64Value    = ASMRdMsr(MSR_K6_EFER) | MSR_K6_EFER_LME | MSR_K6_EFER_SCE | MSR_K6_EFER_NXE;
+            }
+            else
+#endif
+                pMsr->u64Value    = ASMRdMsr(MSR_K6_EFER);
+            pMsr++; idxMsr++;
+        }
+
+#if HC_ARCH_BITS == 64 || defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+        if (VMX_IS_64BIT_HOST_MODE())
+        {
+            pMsr->u32IndexMSR = MSR_K8_LSTAR;
+            pMsr->u32Reserved = 0;
+            pMsr->u64Value    = ASMRdMsr(MSR_K8_LSTAR);             /* 64 bits mode syscall rip */
+            pMsr++; idxMsr++;
+            pMsr->u32IndexMSR = MSR_K8_SF_MASK;
+            pMsr->u32Reserved = 0;
+            pMsr->u64Value    = ASMRdMsr(MSR_K8_SF_MASK);           /* syscall flag mask */
+            pMsr++; idxMsr++;
+            pMsr->u32IndexMSR = MSR_K8_KERNEL_GS_BASE;
+            pMsr->u32Reserved = 0;
+            pMsr->u64Value    = ASMRdMsr(MSR_K8_KERNEL_GS_BASE);    /* swapgs exchange value */
+            pMsr++; idxMsr++;
+        }
+#endif
+        rc = VMXWriteVMCS(VMX_VMCS_CTRL_EXIT_MSR_LOAD_COUNT, idxMsr);
+        AssertRC(rc);
+
         pVCpu->hwaccm.s.fContextUseFlags &= ~HWACCM_CHANGED_HOST_CONTEXT;
     }
@@ -1175 +1306 @@
     /* Load guest debug controls (dr7 & IA32_DEBUGCTL_MSR) (forced to 1 on the 'first' VT-x capable CPUs; this actually includes the newest Nehalem CPUs) */
     val |= VMX_VMCS_CTRL_ENTRY_CONTROLS_LOAD_DEBUG;
-#if 0 /* @todo deal with 32/64 */
-    /* Required for the EFER write below, not supported on all CPUs. */
-    val |= VMX_VMCS_CTRL_ENTRY_CONTROLS_LOAD_GUEST_EFER_MSR;
-#endif
     /* 64 bits guest mode? */
     if (CPUMIsGuestInLongModeEx(pCtx))
@@ -1195 +1322 @@
 
     /* Save debug controls (dr7 & IA32_DEBUGCTL_MSR) (forced to 1 on the 'first' VT-x capable CPUs; this actually includes the newest Nehalem CPUs) */
-#if 0 /* @todo deal with 32/64 */
-    val |= VMX_VMCS_CTRL_EXIT_CONTROLS_SAVE_DEBUG | VMX_VMCS_CTRL_EXIT_CONTROLS_LOAD_HOST_EFER_MSR;
-#else
     val |= VMX_VMCS_CTRL_EXIT_CONTROLS_SAVE_DEBUG;
-#endif
 
 #if HC_ARCH_BITS == 64 || defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
@@ -1708 +1831 @@
     }
 
-#if 0 /* @todo deal with 32/64 */
-    /* Unconditionally update the guest EFER - on CPUs that supports it. */
-    if (pVM->hwaccm.s.vmx.msr.vmx_entry.n.allowed1 & VMX_VMCS_CTRL_ENTRY_CONTROLS_LOAD_GUEST_EFER_MSR)
-    {
-        rc = VMXWriteVMCS64(VMX_VMCS_GUEST_EFER_FULL, pCtx->msrEFER);
-        AssertRC(rc);
-    }
-#endif
-
     vmxR0UpdateExceptionBitmap(pVM, pVCpu, pCtx);
+
+    if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_USE_MSR_BITMAPS)
+    {
+        /* Allow the guest to directly modify these MSRs; they are restored and saved automatically. */
+        vmxR0SetMSRPermission(pVCpu, MSR_K8_LSTAR, true, true);
+        vmxR0SetMSRPermission(pVCpu, MSR_K6_STAR, true, true);
+        vmxR0SetMSRPermission(pVCpu, MSR_K8_SF_MASK, true, true);
+        vmxR0SetMSRPermission(pVCpu, MSR_K8_KERNEL_GS_BASE, true, true);
+    }
+
+    /* Store all guest MSRs in the VM-Entry load area, so they will be loaded during the world switch. */
+    PVMXMSR pMsr = (PVMXMSR)pVCpu->hwaccm.s.vmx.pGuestMSR;
+    unsigned idxMsr = 0;
+
+    pMsr->u32IndexMSR = MSR_K6_EFER;
+    pMsr->u32Reserved = 0;
+    pMsr->u64Value    = pCtx->msrEFER;
+    /* VT-x will complain if only MSR_K6_EFER_LME is set. */
+    if (!CPUMIsGuestInLongModeEx(pCtx))
+        pMsr->u64Value &= ~(MSR_K6_EFER_LMA|MSR_K6_EFER_LME);
+
+    pMsr++; idxMsr++;
+    pMsr->u32IndexMSR = MSR_K8_LSTAR;
+    pMsr->u32Reserved = 0;
+    pMsr->u64Value    = pCtx->msrLSTAR;           /* 64 bits mode syscall rip */
+    pMsr++; idxMsr++;
+    pMsr->u32IndexMSR = MSR_K6_STAR;
+    pMsr->u32Reserved = 0;
+    pMsr->u64Value    = pCtx->msrSTAR;            /* legacy syscall eip, cs & ss */
+    pMsr++; idxMsr++;
+    pMsr->u32IndexMSR = MSR_K8_SF_MASK;
+    pMsr->u32Reserved = 0;
+    pMsr->u64Value    = pCtx->msrSFMASK;          /* syscall flag mask */
+    pMsr++; idxMsr++;
+    pMsr->u32IndexMSR = MSR_K8_KERNEL_GS_BASE;
+    pMsr->u32Reserved = 0;
+    pMsr->u64Value    = pCtx->msrKERNELGSBASE;    /* swapgs exchange value */
+    pMsr++; idxMsr++;
+
+    rc = VMXWriteVMCS(VMX_VMCS_CTRL_ENTRY_MSR_LOAD_COUNT, idxMsr);
+    AssertRC(rc);
+
+    rc = VMXWriteVMCS(VMX_VMCS_CTRL_EXIT_MSR_STORE_COUNT, idxMsr);
+    AssertRC(rc);
 
     /* Done. */
@@ -1847 +2005 @@
         /* In real mode we have a fake TSS, so only sync it back when it's supposed to be valid. */
         VMX_READ_SELREG(TR, tr);
+    }
+
+    uint32_t maxMsr = 0;
+    rc = VMXReadVMCS32(VMX_VMCS_CTRL_EXIT_MSR_STORE_COUNT, &maxMsr);
+    AssertRC(rc);
+
+    /* Save the possibly changed MSRs that we automatically restore and save during a world switch. */
+    for (unsigned i = 0; i < maxMsr; i++)
+    {
+        PVMXMSR pMsr = (PVMXMSR)pVCpu->hwaccm.s.vmx.pGuestMSR;
+        pMsr += i;
+
+        switch (pMsr->u32IndexMSR)
+        {
+        case MSR_K8_LSTAR:
+            pCtx->msrLSTAR = pMsr->u64Value;
+            break;
+        case MSR_K6_STAR:
+            pCtx->msrSTAR = pMsr->u64Value;
+            break;
+        case MSR_K8_SF_MASK:
+            pCtx->msrSFMASK = pMsr->u64Value;
+            break;
+        case MSR_K8_KERNEL_GS_BASE:
+            pCtx->msrKERNELGSBASE = pMsr->u64Value;
+            break;
+        case MSR_K6_EFER:
+            /* EFER can't be changed without causing a VM-exit. */
+//            Assert(pCtx->msrEFER == pMsr->u64Value);
+            break;
+        default:
+            AssertFailed();
+            return VERR_INTERNAL_ERROR;
+        }
     }
     return VINF_SUCCESS;
@@ -2041 +2233 @@
 #ifdef VBOX_STRICT
     RTCPUID     idCpuCheck;
+    bool        fWasInLongMode = false;
 #endif
 #ifdef VBOX_HIGH_RES_TIMERS_HACK_IN_RING0
@@ -2123 +2316 @@
             Log(("Invalid VMX_VMCS_CTRL_EXIT_CONTROLS: one\n"));
     }
+    fWasInLongMode = CPUMIsGuestInLongMode(pVCpu);
 #endif
 
@@ -2140 +2334 @@
                (int)pVCpu->hwaccm.s.idEnteredCpu, (int)RTMpCpuId(), cResume, exitReason, exitQualification));
     Assert(!HWACCMR0SuspendPending());
+    /* Not allowed to switch modes without reloading the host state (32->64 switcher)!! */
+    Assert(fWasInLongMode == CPUMIsGuestInLongMode(pVCpu));
 
     /* Safety precaution; looping for too long here can have a very bad effect on the host */