Changeset 48552 in vbox for trunk/src/VBox/VMM

Timestamp:

Sep 19, 2013 4:52:49 PM (11 years ago)

Author:

vboxsync

Message:

VMM/HMVMXR0, HMSVMR0: Fixes for shared FPU/debug state handling with thread-context hooks.

Location:

trunk/src/VBox/VMM/VMMR0

Files:

• HMSVMR0.cpp (modified) (15 diffs)
• HMVMXR0.cpp (modified) (24 diffs)

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -211 +211 @@
     /** Whether the TSC offset mode needs to be updated. */
     bool            fUpdateTscOffsetting;
+    /** Whether the guest FPU state was active at the time of #VMEXIT. */
+    bool            fWasGuestFPUStateActive;
+    /** Whether the guest debug state was active at the time of #VMEXIT. */
+    bool            fWasGuestDebugStateActive;
+    /** Whether the hyper debug state was active at the time of #VMEXIT. */
+    bool            fWasHyperDebugStateActive;
 } SVMTRANSIENT, *PSVMTRANSIENT;
 AssertCompileMemberAlignment(SVMTRANSIENT, u64ExitCode,       sizeof(uint64_t));
@@ -1398 +1404 @@
          * Note! DBGF expects a clean DR6 state before executing guest code.
          */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+        if (   CPUMIsGuestInLongModeEx(pMixedCtx)
+            && !CPUMIsHyperDebugStateActivePending(pVCpu))
+        {
+            CPUMR0LoadHyperDebugState(pVCpu, false /* include DR6 */);
+            Assert(!CPUMIsGuestDebugStateActivePending(pVCpu));
+            Assert(CPUMIsHyperDebugStateActivePending(pVCpu));
+        }
+        else
+#endif
         if (!CPUMIsHyperDebugStateActive(pVCpu))
+        {
             CPUMR0LoadHyperDebugState(pVCpu, false /* include DR6 */);
-        Assert(!CPUMIsGuestDebugStateActive(pVCpu));
-        Assert(CPUMIsHyperDebugStateActive(pVCpu) || HC_ARCH_BITS == 32);
+            Assert(!CPUMIsGuestDebugStateActive(pVCpu));
+            Assert(CPUMIsHyperDebugStateActive(pVCpu));
+        }
 
         /* Update DR6 & DR7. (The other DRx values are handled by CPUM one way or the other.) */
         if (   pVmcb->guest.u64DR6 != X86_DR6_INIT_VAL
-            || pVmcb->guest.u64DR7 != CPUMGetHyperDR7(pVCpu) )
+            || pVmcb->guest.u64DR7 != CPUMGetHyperDR7(pVCpu))
         {
             pVmcb->guest.u64DR7 = CPUMGetHyperDR7(pVCpu);
@@ -1437 +1455 @@
         if (pCtx->dr[7] & (X86_DR7_ENABLED_MASK | X86_DR7_GD)) /** @todo Why GD? */
         {
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+            if (   CPUMIsGuestInLongModeEx(pMixedCtx)
+                && !CPUMIsGuestDebugStateActivePending(pVCpu))
+            {
+                CPUMR0LoadGuestDebugState(pVCpu, false /* include DR6 */);
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxArmed);
+                Assert(!CPUMIsHyperDebugStateActivePending(pVCpu));
+                Assert(CPUMIsGuestDebugStateActivePending(pVCpu));
+            }
+            else
+#endif
             if (!CPUMIsGuestDebugStateActive(pVCpu))
             {
                 CPUMR0LoadGuestDebugState(pVCpu, false /* include DR6 */);
                 STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxArmed);
+                Assert(!CPUMIsHyperDebugStateActive(pVCpu));
+                Assert(CPUMIsGuestDebugStateActive(pVCpu));
             }
-            Assert(!CPUMIsHyperDebugStateActive(pVCpu));
-            Assert(CPUMIsGuestDebugStateActive(pVCpu) || HC_ARCH_BITS == 32);
             Log5(("hmR0SvmLoadSharedDebugState: Loaded guest DRx\n"));
         }
         /*
-         * If no debugging enabled, we'll lazy load DR0-3.
+         * If no debugging enabled, we'll lazy load DR0-3. We don't need to
+         * intercept #DB as DR6 is updated in the VMCB.
          */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+        else if (   (   CPUMIsGuestInLongModeEx(pMixedCtx)
+                     && !CPUMIsGuestDebugStateActivePending(pVCpu))
+                 || !CPUMIsGuestDebugStateActive(pVCpu))
+#else
         else if (!CPUMIsGuestDebugStateActive(pVCpu))
+#endif
+        {
             fInterceptMovDRx = true;
+        }
     }
 
@@ -1764 +1802 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0VmxLoadSharedState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadSharedState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
 {
     Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
@@ -1893 +1931 @@
      * Guest Debug registers.
      */
+    /** @todo We need to save DR6, DR7 according to what we did in
+     *        hmR0SvmLoadSharedDebugState(). */
     if (!CPUMIsHyperDebugStateActive(pVCpu))
     {
@@ -1983 +2023 @@
 
     /* When thread-context hooks are used, we can avoid doing the leave again if we had been preempted before
-       and done this from the VMXR0ThreadCtxCallback(). */
+       and done this from the SVMR0ThreadCtxCallback(). */
     if (!pVCpu->hm.s.fLeaveDone)
     {
@@ -2864 +2904 @@
     PSVMVMCB pVmcb = (PSVMVMCB)pVCpu->hm.s.svm.pvVmcb;
     if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_HOST_GUEST_SHARED_STATE)
-        hmR0VmxLoadSharedState(pVCpu, pVmcb, pCtx);
+        hmR0SvmLoadSharedState(pVCpu, pVmcb, pCtx);
     pVCpu->hm.s.fContextUseFlags &= ~HM_CHANGED_HOST_CONTEXT;       /* Preemption might set this, nothing to do on AMD-V. */
     AssertMsg(!pVCpu->hm.s.fContextUseFlags, ("fContextUseFlags=%#x\n", pVCpu->hm.s.fContextUseFlags));
@@ -2879 +2919 @@
         pSvmTransient->fUpdateTscOffsetting = false;
     }
+
+    /* Store status of the shared guest-host state at the time of VMRUN. */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+    if (CPUMIsGuestInLongModeEx(pCtx))
+    {
+        pSvmTransient->fWasGuestDebugStateActive = CPUMIsGuestDebugStateActivePending(pVCpu);
+        pSvmTransient->fWasHyperDebugStateActive = CPUMIsHyperDebugStateActivePending(pVCpu);
+    }
+    else
+#endif
+    {
+        pSvmTransient->fWasGuestDebugStateActive = CPUMIsGuestDebugStateActive(pVCpu);
+        pSvmTransient->fWasHyperDebugStateActive = CPUMIsHyperDebugStateActive(pVCpu);
+    }
+    pSvmTransient->fWasGuestFPUStateActive = CPUMIsGuestFPUStateActive(pVCpu);
 
     /* Flush the appropriate tagged-TLB entries. */
@@ -4218 +4273 @@
     STAM_COUNTER_INC(&pVCpu->hm.s.StatExitDRxRead);
 
-    /* We should -not- get this VM-exit if the guest is debugging. */
-    AssertMsgReturn(!CPUMIsGuestDebugStateActive(pVCpu),
+    /* We should -not- get this VM-exit if we're not stepping or the guest is debugging. */
+    AssertMsgReturn(   pVCpu->hm.s.fSingleInstruction
+                    || DBGFIsStepping(pVCpu)
+                    || !pSvmTransient->fWasGuestDebugStateActive,
                     ("hmR0SvmExitReadDRx: Unexpected exit. pVCpu=%p pCtx=%p\n", pVCpu, pCtx),
                     VERR_SVM_UNEXPECTED_EXIT);
@@ -4226 +4283 @@
      * Lazy DR0-3 loading?
      */
-    if (!CPUMIsHyperDebugStateActive(pVCpu))
+    if (!pSvmTransient->fWasHyperDebugStateActive)
     {
         Assert(!DBGFIsStepping(pVCpu)); Assert(!pVCpu->hm.s.fSingleInstruction);
@@ -4237 +4294 @@
         pVmcb->ctrl.u64VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_INTERCEPTS;
 
-        /* We're playing with the host CPU state here, make sure we don't preempt. */
+        /* We're playing with the host CPU state here, make sure we don't preempt or longjmp. */
+        VMMRZCallRing3Disable(pVCpu);
         HM_DISABLE_PREEMPT_IF_NEEDED();
 
@@ -4245 +4303 @@
 
         HM_RESTORE_PREEMPT_IF_NEEDED();
+        VMMRZCallRing3Enable(pVCpu);
 
         STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxContextSwitch);
@@ -4388 +4447 @@
                         || DBGFBpIsHwIoArmed(pVM)))
         {
-            /* We're playing with the host CPU state here, make sure we don't preempt. */
+            /* We're playing with the host CPU state here, make sure we don't preempt or longjmp. */
+            VMMRZCallRing3Disable(pVCpu);
             HM_DISABLE_PREEMPT_IF_NEEDED();
 
@@ -4409 +4469 @@
 
             HM_RESTORE_PREEMPT_IF_NEEDED();
+            VMMRZCallRing3Enable(pVCpu);
         }
 
@@ -4738 +4799 @@
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
+    /* We're playing with the host CPU state here, make sure we don't preempt or longjmp. */
+    VMMRZCallRing3Disable(pVCpu);
+    HM_DISABLE_PREEMPT_IF_NEEDED();
+
+    int rc;
+    /* If the guest FPU was active at the time of the #NM exit, then it's a guest fault. */
+    if (pSvmTransient->fWasGuestFPUStateActive)
+    {
+        rc = VINF_EM_RAW_GUEST_TRAP;
+        Assert(CPUMIsGuestFPUStateActive(pVCpu) || (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_CR0));
+    }
+    else
+    {
 #ifndef HMSVM_ALWAYS_TRAP_ALL_XCPTS
-    Assert(!CPUMIsGuestFPUStateActive(pVCpu));
+        Assert(!pSvmTransient->fWasGuestFPUStateActive);
 #endif
-
-    /* We're playing with the host CPU state here, make sure we don't preempt. */
-    HM_DISABLE_PREEMPT_IF_NEEDED();
-
-    /* Lazy FPU loading; load the guest-FPU state transparently and continue execution of the guest. */
-    int rc = CPUMR0LoadGuestFPU(pVCpu->CTX_SUFF(pVM), pVCpu, pCtx);
-    pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
+        /* Lazy FPU loading; load the guest-FPU state transparently and continue execution of the guest. */
+        rc = CPUMR0LoadGuestFPU(pVCpu->CTX_SUFF(pVM), pVCpu, pCtx);
+        Assert(rc == VINF_EM_RAW_GUEST_TRAP || (rc == VINF_SUCCESS && CPUMIsGuestFPUStateActive(pVCpu)));
+    }
+
+    HM_RESTORE_PREEMPT_IF_NEEDED();
+    VMMRZCallRing3Enable(pVCpu);
 
     if (rc == VINF_SUCCESS)
     {
-        Assert(CPUMIsGuestFPUStateActive(pVCpu));
-        HM_RESTORE_PREEMPT_IF_NEEDED();
-
+        pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
         STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowNM);
-        return VINF_SUCCESS;
-    }
-
-    HM_RESTORE_PREEMPT_IF_NEEDED();
-
-    /* Forward #NM to the guest. */
-    Assert(rc == VINF_EM_RAW_GUEST_TRAP);
-    hmR0SvmSetPendingXcptNM(pVCpu);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNM);
+    }
+    else
+    {
+        /* Forward #NM to the guest. */
+        Assert(rc == VINF_EM_RAW_GUEST_TRAP);
+        hmR0SvmSetPendingXcptNM(pVCpu);
+        STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNM);
+    }
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -262 +262 @@
      *  contributory exception or a page-fault. */
     bool            fVectoringPF;
+    /** Whether the guest FPU was active at the time of VM-exit. */
+    bool            fWasGuestFPUStateActive;
+    /** Whether the guest debug state was active at the time of VM-exit. */
+    bool            fWasGuestDebugStateActive;
+    /** Whether the hyper debug state was active at the time of VM-exit. */
+    bool            fWasHyperDebugStateActive;
 } VMXTRANSIENT;
 AssertCompileMemberAlignment(VMXTRANSIENT, uExitReason,    sizeof(uint64_t));
@@ -3129 +3135 @@
         /* If the guest FPU state is active, don't need to VM-exit on writes to FPU related bits in CR0. */
         if (fInterceptNM)
-            u32CR0Mask |=  (X86_CR0_TS | X86_CR0_MP);
-        else
-            u32CR0Mask &= ~(X86_CR0_TS | X86_CR0_MP);
+        {
+            u32CR0Mask |=  X86_CR0_TS
+                         | X86_CR0_MP;
+        }
 
         /* Write the CR0 mask into the VMCS and update the VCPU's copy of the current CR0 mask. */
@@ -3137 +3144 @@
         rc = VMXWriteVmcs32(VMX_VMCS_CTRL_CR0_MASK, u32CR0Mask);
         AssertRCReturn(rc, rc);
+        Log4(("Load: VMX_VMCS_CTRL_CR0_MASK=%#RX32\n", u32CR0Mask));
 
         pVCpu->hm.s.fContextUseFlags &= ~HM_CHANGED_GUEST_CR0;
@@ -3407 +3415 @@
          * Note! DBGF expects a clean DR6 state before executing guest code.
          */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+        if (   CPUMIsGuestInLongModeEx(pMixedCtx)
+            && !CPUMIsHyperDebugStateActivePending(pVCpu))
+        {
+            CPUMR0LoadHyperDebugState(pVCpu, true /* include DR6 */);
+            Assert(CPUMIsHyperDebugStateActivePending(pVCpu));
+            Assert(!CPUMIsGuestDebugStateActivePending(pVCpu));
+        }
+        else
+#endif
         if (!CPUMIsHyperDebugStateActive(pVCpu))
+        {
             CPUMR0LoadHyperDebugState(pVCpu, true /* include DR6 */);
-        Assert(!CPUMIsGuestDebugStateActive(pVCpu));
-        Assert(CPUMIsHyperDebugStateActive(pVCpu) || HC_ARCH_BITS == 32);
+            Assert(CPUMIsHyperDebugStateActive(pVCpu));
+            Assert(!CPUMIsGuestDebugStateActive(pVCpu));
+        }
 
         /* Update DR7. (The other DRx values are handled by CPUM one way or the other.) */
@@ -3427 +3447 @@
         if (pMixedCtx->dr[7] & (X86_DR7_ENABLED_MASK | X86_DR7_GD)) /** @todo Why GD? */
         {
-            if (!CPUMIsGuestDebugStateActive(pVCpu))
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+            if (   CPUMIsGuestInLongModeEx(pMixedCtx)
+                && !CPUMIsGuestDebugStateActivePending(pVCpu))
             {
                 CPUMR0LoadGuestDebugState(pVCpu, true /* include DR6 */);
+                Assert(CPUMIsGuestDebugStateActivePending(pVCpu));
+                Assert(!CPUMIsHyperDebugStateActivePending(pVCpu));
                 STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxArmed);
             }
-            Assert(!CPUMIsHyperDebugStateActive(pVCpu));
-            Assert(CPUMIsGuestDebugStateActive(pVCpu) || HC_ARCH_BITS == 32);
+            else
+#endif
+            if (CPUMIsGuestDebugStateActive(pVCpu))
+            {
+                CPUMR0LoadGuestDebugState(pVCpu, true /* include DR6 */);
+                Assert(CPUMIsGuestDebugStateActive(pVCpu));
+                Assert(!CPUMIsHyperDebugStateActive(pVCpu));
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxArmed);
+            }
         }
         /*
@@ -3439 +3470 @@
          * must intercept #DB in order to maintain a correct DR6 guest value.
          */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+        else if (   (   CPUMIsGuestInLongModeEx(pMixedCtx)
+                     && !CPUMIsGuestDebugStateActivePending(pVCpu))
+                 || !CPUMIsGuestDebugStateActive(pVCpu))
+#else
         else if (!CPUMIsGuestDebugStateActive(pVCpu))
+#endif
         {
             fInterceptMovDRx = true;
@@ -5106 +5143 @@
         int rc = VMXReadVmcs32(VMX_VMCS_GUEST_CR0,            &uVal);
         AssertRCReturn(rc, rc);
+
         uint32_t uShadow = 0;
         rc     = VMXReadVmcs32(VMX_VMCS_CTRL_CR0_READ_SHADOW, &uShadow);
@@ -5751 +5789 @@
     if (!(pVCpu->hm.s.vmx.fUpdatedGuestState & HMVMX_UPDATED_GUEST_DEBUG))
     {
+        /** @todo We need to update DR7 according to what was done in hmR0VmxLoadSharedDebugState(). */
         if (!CPUMIsHyperDebugStateActive(pVCpu))
         {
@@ -6123 +6162 @@
     if (CPUMIsGuestFPUStateActive(pVCpu))
     {
+        if (!fSaveGuestState)
+        {
+            int rc = hmR0VmxSaveGuestCR0(pVCpu, pMixedCtx);
+            AssertRCReturn(rc, rc);
+        }
         CPUMR0SaveGuestFPU(pVM, pVCpu, pMixedCtx);
         Assert(!CPUMIsGuestFPUStateActive(pVCpu));
@@ -6135 +6179 @@
     if (CPUMR0DebugStateMaybeSaveGuestAndRestoreHost(pVCpu, true /* save DR6 */))
         pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_DEBUG;
-    Assert(!CPUMIsGuestDebugStateActive(pVCpu));
-    Assert(!CPUMIsHyperDebugStateActive(pVCpu));
+    Assert(!CPUMIsGuestDebugStateActive(pVCpu) && !CPUMIsGuestDebugStateActivePending(pVCpu));
+    Assert(!CPUMIsHyperDebugStateActive(pVCpu) && !CPUMIsHyperDebugStateActivePending(pVCpu));
 
 #if HC_ARCH_BITS == 64
@@ -6387 +6431 @@
     Assert(VMMR0IsLogFlushDisabled(pVCpu));
 
-    Log4(("hmR0VmxCallRing3Callback->hmR0VmxLongJmpToRing3 pVCpu=%p idCpu=%RU32\n", pVCpu, pVCpu->idCpu));
+    Log4(("hmR0VmxCallRing3Callback->hmR0VmxLongJmpToRing3 pVCpu=%p idCpu=%RU32\n enmOperation=%d", pVCpu, pVCpu->idCpu,
+          enmOperation));
+
     int rc = hmR0VmxLongJmpToRing3(pVCpu->CTX_SUFF(pVM), pVCpu, (PCPUMCTX)pvUser);
     AssertRCReturn(rc, rc);
@@ -7522 +7568 @@
     }
 
+#ifdef HMVMX_ALWAYS_SWAP_FPU_STATE
+    if (!CPUMIsGuestFPUStateActive(pVCpu))
+        CPUMR0LoadGuestFPU(pVM, pVCpu, pMixedCtx);
+    pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
+#endif
+
     /*
      * Load the host state bits as we may've been preempted (only happens when
@@ -7534 +7586 @@
     }
     Assert(!(pVCpu->hm.s.fContextUseFlags & HM_CHANGED_HOST_CONTEXT));
-
-#ifdef HMVMX_ALWAYS_SWAP_FPU_STATE
-    if (!CPUMIsGuestFPUStateActive(pVCpu))
-        CPUMR0LoadGuestFPU(pVM, pVCpu, pMixedCtx);
-    pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
-#endif
 
     /*
@@ -7547 +7593 @@
         hmR0VmxLoadSharedState(pVM, pVCpu, pMixedCtx);
     AssertMsg(!pVCpu->hm.s.fContextUseFlags, ("fContextUseFlags=%#x\n", pVCpu->hm.s.fContextUseFlags));
+
+    /* Store status of the shared guest-host state at the time of VM-entry. */
+#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
+    if (CPUMIsGuestInLongModeEx(pMixedCtx))
+    {
+        pVmxTransient->fWasGuestDebugStateActive = CPUMIsGuestDebugStateActivePending(pVCpu);
+        pVmxTransient->fWasHyperDebugStateActive = CPUMIsHyperDebugStateActivePending(pVCpu);
+    }
+    else
+#endif
+    {
+        pVmxTransient->fWasGuestDebugStateActive = CPUMIsGuestDebugStateActive(pVCpu);
+        pVmxTransient->fWasHyperDebugStateActive = CPUMIsHyperDebugStateActive(pVCpu);
+    }
+    pVmxTransient->fWasGuestFPUStateActive = CPUMIsGuestFPUStateActive(pVCpu);
 
     /*
@@ -9784 +9845 @@
             STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxIoCheck);
 
-            /* We're playing with the host CPU state here, make sure we don't preempt. */
+            /* We're playing with the host CPU state here, make sure we don't preempt or longjmp. */
+            VMMRZCallRing3Disable(pVCpu);
             HM_DISABLE_PREEMPT_IF_NEEDED();
+
             bool fIsGuestDbgActive = CPUMR0DebugStateMaybeSaveGuest(pVCpu, true /*fDr6*/);
 
@@ -9805 +9868 @@
 
             HM_RESTORE_PREEMPT_IF_NEEDED();
+            VMMRZCallRing3Enable(pVCpu);
         }
     }
@@ -9984 +10048 @@
     HMVMX_VALIDATE_EXIT_HANDLER_PARAMS();
 
-    /* We should -not- get this VM-exit if the guest's debug registers are active. See CPUMR0LoadGuestDebugState(). */
-#if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
-    if (   !CPUMIsGuestInLongModeEx(pMixedCtx)      /* EFER is always up-to-date. */
-        && CPUMIsGuestDebugStateActive(pVCpu))
-#else
-    if (CPUMIsGuestDebugStateActive(pVCpu))
-#endif
+    /* We should -not- get this VM-exit if the guest's debug registers were active. */
+    if (pVmxTransient->fWasGuestDebugStateActive)
     {
         AssertMsgFailed(("Unexpected MOV DRx exit. pVCpu=%p pMixedCtx=%p\n", pVCpu, pMixedCtx));
@@ -9999 +10058 @@
     if (   !DBGFIsStepping(pVCpu)
         && !pVCpu->hm.s.fSingleInstruction
-        && !CPUMIsHyperDebugStateActive(pVCpu))
+        && !pVmxTransient->fWasHyperDebugStateActive)
     {
         /* Don't intercept MOV DRx and #DB any more. */
@@ -10015 +10074 @@
         }
 
-        /* We're playing with the host CPU state here, make sure we can't preempt. */
+        /* We're playing with the host CPU state here, make sure we can't preempt or longjmp. */
+        VMMRZCallRing3Disable(pVCpu);
         HM_DISABLE_PREEMPT_IF_NEEDED();
 
@@ -10024 +10084 @@
 
         HM_RESTORE_PREEMPT_IF_NEEDED();
+        VMMRZCallRing3Enable(pVCpu);
 
 #ifdef VBOX_WITH_STATISTICS
@@ -10286 +10347 @@
          * (See Intel spec. 27.1 "Architectural State before a VM-Exit".)
          */
+        VMMRZCallRing3Disable(pVCpu);
         HM_DISABLE_PREEMPT_IF_NEEDED();
 
@@ -10294 +10356 @@
 
         HM_RESTORE_PREEMPT_IF_NEEDED();
+        VMMRZCallRing3Enable(pVCpu);
 
         rc = hmR0VmxSaveGuestDR7(pVCpu, pMixedCtx);
@@ -10325 +10388 @@
      */
     AssertMsg(rc == VINF_EM_DBG_STEPPED || rc == VINF_EM_DBG_BREAKPOINT, ("%Rrc\n", rc));
-    AssertReturn(CPUMIsHyperDebugStateActive(pVCpu), VERR_HM_IPE_5);
+    AssertReturn(pVmxTransient->fWasHyperDebugStateActive, VERR_HM_IPE_5);
     CPUMSetHyperDR6(pVCpu, uDR6);
 
@@ -10344 +10407 @@
     AssertRCReturn(rc, rc);
 
-    /* We're playing with the host CPU state here, have to disable preemption. */
+    /* We're playing with the host CPU state here, have to disable preemption or longjmp. */
+    VMMRZCallRing3Disable(pVCpu);
     HM_DISABLE_PREEMPT_IF_NEEDED();
 
+    /* If the guest FPU was active at the time of the #NM exit, then it's a guest fault. */
+    if (pVmxTransient->fWasGuestFPUStateActive)
+    {
+        rc = VINF_EM_RAW_GUEST_TRAP;
+        Assert(CPUMIsGuestFPUStateActive(pVCpu) || (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_CR0));
+    }
+    else
+    {
 #ifndef HMVMX_ALWAYS_TRAP_ALL_XCPTS
-    if (!pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
-        Assert(!CPUMIsGuestFPUStateActive(pVCpu));
-#endif
-
-    /* Lazy FPU loading; load the guest-FPU state transparently and continue execution of the guest. */
-    PVM pVM = pVCpu->CTX_SUFF(pVM);
-    rc = CPUMR0LoadGuestFPU(pVM, pVCpu, pMixedCtx);
-    pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
+        Assert(!pVmxTransient->fWasGuestFPUStateActive);
+#endif
+        /* Lazy FPU loading; load the guest-FPU state transparently and continue execution of the guest. */
+        rc = CPUMR0LoadGuestFPU(pVCpu->CTX_SUFF(pVM), pVCpu, pMixedCtx);
+        Assert(rc == VINF_EM_RAW_GUEST_TRAP || (rc == VINF_SUCCESS && CPUMIsGuestFPUStateActive(pVCpu)));
+    }
+
+    HM_RESTORE_PREEMPT_IF_NEEDED();
+    VMMRZCallRing3Enable(pVCpu);
 
     if (rc == VINF_SUCCESS)
     {
-        Assert(CPUMIsGuestFPUStateActive(pVCpu));
-        HM_RESTORE_PREEMPT_IF_NEEDED();
-
+        pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
         STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowNM);
-        return VINF_SUCCESS;
-    }
-    HM_RESTORE_PREEMPT_IF_NEEDED();
-
-    /* Forward #NM to the guest. */
-    Assert(rc == VINF_EM_RAW_GUEST_TRAP);
-    rc = hmR0VmxReadExitIntrInfoVmcs(pVCpu, pVmxTransient);
-    AssertRCReturn(rc, rc);
-    hmR0VmxSetPendingEvent(pVCpu, VMX_VMCS_CTRL_ENTRY_IRQ_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntrInfo),
-                           pVmxTransient->cbInstr, 0 /* error code */, 0 /* GCPtrFaultAddress */);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNM);
-    return rc;
+    }
+    else
+    {
+        /* Forward #NM to the guest. */
+        Assert(rc == VINF_EM_RAW_GUEST_TRAP);
+        rc = hmR0VmxReadExitIntrInfoVmcs(pVCpu, pVmxTransient);
+        AssertRCReturn(rc, rc);
+        hmR0VmxSetPendingEvent(pVCpu, VMX_VMCS_CTRL_ENTRY_IRQ_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntrInfo),
+                               pVmxTransient->cbInstr, 0 /* error code */, 0 /* GCPtrFaultAddress */);
+        STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNM);
+    }
+
+    return VINF_SUCCESS;
 }