Changeset 72643 in vbox for trunk

Timestamp:

Jun 21, 2018 4:02:03 PM (7 years ago)

Author:

vboxsync

Message:

VMM: Make SVM R0 code use CPUMCTX_EXTRN_xxx flags and cleanups. bugref:9193

Location:

trunk

Files:

• include/VBox/vmm/cpum.h (modified) (10 diffs)
• include/VBox/vmm/cpum.mac (modified) (1 diff)
• include/VBox/vmm/cpumctx.h (modified) (4 diffs)
• include/VBox/vmm/hm.h (modified) (1 diff)
• include/VBox/vmm/hm_svm.h (modified) (3 diffs)
• include/VBox/vmm/hm_vmx.h (modified) (1 diff)
• include/VBox/vmm/iem.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/CPUMAllRegs.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMAll/HMAll.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMAll/HMSVMAll.cpp (modified) (15 diffs)
• src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAllCImplSvmInstr.cpp.h (modified) (5 diffs)
• src/VBox/VMM/VMMR0/HMR0.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR0/HMSVMR0.cpp (modified) (180 diffs)
• src/VBox/VMM/VMMR0/HMSVMR0.h (modified) (1 diff)
• src/VBox/VMM/VMMR0/HMVMXR0.cpp (modified) (15 diffs)
• src/VBox/VMM/VMMR0/HMVMXR0.h (modified) (1 diff)
• src/VBox/VMM/VMMR3/CPUM.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMR3/EM.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR3/HM.cpp (modified) (4 diffs)
• src/VBox/VMM/include/CPUMInternal.mac (modified) (2 diffs)
• src/VBox/VMM/include/HMInternal.h (modified) (1 diff)
• src/VBox/VMM/include/IEMInternal.h (modified) (1 diff)
• src/VBox/VMM/testcase/tstVMStruct.h (modified) (1 diff)

trunk/include/VBox/vmm/cpum.h

@@ -1376 +1376 @@
  * @param   pCtx    Current CPU context.
  */
-DECLINLINE(bool) CPUMIsGuestInLongModeEx(PCPUMCTX pCtx)
+DECLINLINE(bool) CPUMIsGuestInLongModeEx(PCCPUMCTX pCtx)
 {
     return (pCtx->msrEFER & MSR_K6_EFER_LMA) == MSR_K6_EFER_LMA;
@@ -1452 +1452 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u64InterceptCtrl & fIntercept);
-    return HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, fIntercept);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmCtrlInterceptSet(pVCpu, fIntercept);
+    return RT_BOOL(pVmcb->ctrl.u64InterceptCtrl & fIntercept);
 }
 
@@ -1471 +1471 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u16InterceptRdCRx & (UINT16_C(1) << uCr));
-    return HMIsGuestSvmReadCRxInterceptSet(pVCpu, pCtx, uCr);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmReadCRxInterceptSet(pVCpu, uCr);
+    return RT_BOOL(pVmcb->ctrl.u16InterceptRdCRx & (UINT16_C(1) << uCr));
 }
 
@@ -1490 +1490 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u16InterceptWrCRx & (UINT16_C(1) << uCr));
-    return HMIsGuestSvmWriteCRxInterceptSet(pVCpu, pCtx, uCr);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmWriteCRxInterceptSet(pVCpu, uCr);
+    return RT_BOOL(pVmcb->ctrl.u16InterceptWrCRx & (UINT16_C(1) << uCr));
 }
 
@@ -1509 +1509 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u16InterceptRdDRx & (UINT16_C(1) << uDr));
-    return HMIsGuestSvmReadDRxInterceptSet(pVCpu, pCtx, uDr);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmReadDRxInterceptSet(pVCpu, uDr);
+    return RT_BOOL(pVmcb->ctrl.u16InterceptRdDRx & (UINT16_C(1) << uDr));
 }
 
@@ -1528 +1528 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u16InterceptWrDRx & (UINT16_C(1) << uDr));
-    return HMIsGuestSvmWriteDRxInterceptSet(pVCpu, pCtx, uDr);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmWriteDRxInterceptSet(pVCpu, uDr);
+    return RT_BOOL(pVmcb->ctrl.u16InterceptWrDRx & (UINT16_C(1) << uDr));
 }
 
@@ -1547 +1547 @@
     if (!pVmcb)
         return false;
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return RT_BOOL(pVmcb->ctrl.u32InterceptXcpt & (UINT32_C(1) << uVector));
-    return HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, uVector);
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmXcptInterceptSet(pVCpu, uVector);
+    return RT_BOOL(pVmcb->ctrl.u32InterceptXcpt & (UINT32_C(1) << uVector));
 }
 
@@ -1564 +1564 @@
 {
     PCSVMVMCB pVmcb = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
-    Assert(pVmcb);
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return pVmcb->ctrl.IntCtrl.n.u1VIntrMasking;
-    return HMIsGuestSvmVirtIntrMasking(pVCpu, pCtx);
+    if (!pVmcb)
+        return false;
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmVirtIntrMasking(pVCpu);
+    return pVmcb->ctrl.IntCtrl.n.u1VIntrMasking;
 }
 
@@ -1582 +1583 @@
 {
     PCSVMVMCB pVmcb = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
-    Assert(pVmcb);
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return pVmcb->ctrl.NestedPagingCtrl.n.u1NestedPaging;
-    return HMIsGuestSvmNestedPagingEnabled(pVCpu, pCtx);
+    if (!pVmcb)
+        return false;
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMIsGuestSvmNestedPagingEnabled(pVCpu);
+    return pVmcb->ctrl.NestedPagingCtrl.n.u1NestedPaging;
 }
 
@@ -1600 +1602 @@
 {
     PCSVMVMCB pVmcb = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
-    Assert(pVmcb);
-    if (!pCtx->hwvirt.svm.fHMCachedVmcb)
-        return pVmcb->ctrl.u16PauseFilterCount;
-    return HMGetGuestSvmPauseFilterCount(pVCpu, pCtx);
+    if (!pVmcb)
+        return false;
+    if (HMHasGuestSvmVmcbCached(pVCpu))
+        return HMGetGuestSvmPauseFilterCount(pVCpu);
+    return pVmcb->ctrl.u16PauseFilterCount;
 }
 

trunk/include/VBox/vmm/cpum.mac

@@ -270 +270 @@
     .hwvirt.svm.cPauseFilterThreshold  resw          1
     .hwvirt.svm.fInterceptEvents       resb          1
-    .hwvirt.svm.fHMCachedVmcb          resb          1
     alignb 8
     .hwvirt.svm.pvMsrBitmapR0          RTR0PTR_RES   1

trunk/include/VBox/vmm/cpumctx.h

@@ -511 +511 @@
                 /** 0x3c4 - Whether the injected event is subject to event intercepts. */
                 bool                fInterceptEvents;
-                /** 0x3c5 - Whether parts of the VMCB are cached (and potentially modified) by HM. */
-                bool                fHMCachedVmcb;
-                /** 0x3c6 - Padding. */
-                bool                afPadding[2];
+                /** 0x3c5 - Padding. */
+                bool                afPadding[3];
                 /** 0x3c8 - MSR permission bitmap - R0 ptr. */
                 R0PTRTYPE(void *)   pvMsrBitmapR0;
@@ -764 +762 @@
 
 /** @name CPUMCTX_EXTRN_XXX
- * Used to parts of the CPUM state that is externalized and needs fetching
+ * Used for parts of the CPUM state that is externalized and needs fetching
  * before use.
  *
@@ -893 +891 @@
                                                  | CPUMCTX_EXTRN_SYSENTER_MSRS | CPUMCTX_EXTRN_TSC_AUX | CPUMCTX_EXTRN_OTHER_MSRS)
 
+/** Hardware-virtualization (SVM or VMX) state is kept externally. */
+#define CPUMCTX_EXTRN_HWVIRT                    UINT64_C(0x0000020000000000)
+
 /** Mask of bits the keepers can use for state tracking. */
 #define CPUMCTX_EXTRN_KEEPER_STATE_MASK         UINT64_C(0xffff000000000000)
@@ -905 +906 @@
 #define CPUMCTX_EXTRN_NEM_WIN_MASK              UINT64_C(0x0007000000000000)
 
+/** HM/SVM: Inhibit maskable interrupts (VMCPU_FF_INHIBIT_INTERRUPTS). */
+#define CPUMCTX_EXTRN_HM_SVM_INT_SHADOW         UINT64_C(0x0001000000000000)
+/** HM/SVM: Nested-guest interrupt pending (VMCPU_FF_INTERRUPT_NESTED_GUEST). */
+#define CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ        UINT64_C(0x0002000000000000)
+/** HM/SVM: Mask. */
+#define CPUMCTX_EXTRN_HM_SVM_MASK               UINT64_C(0x0003000000000000)
+
+/** HM/VMX: Guest-interruptibility state (VMCPU_FF_INHIBIT_INTERRUPTS,
+ *  VMCPU_FF_BLOCK_NMIS). */
+#define CPUMCTX_EXTRN_HM_VMX_INT_STATE          UINT64_C(0x0001000000000000)
+/** HM/VMX: Mask. */
+#define CPUMCTX_EXTRN_HM_VMX_MASK               UINT64_C(0x0001000000000000)
+
 /** All CPUM state bits, not including keeper specific ones. */
-#define CPUMCTX_EXTRN_ALL                       UINT64_C(0x000001fffffffffc)
+#define CPUMCTX_EXTRN_ALL                       UINT64_C(0x000003fffffffffc)
 /** @} */
 

trunk/include/VBox/vmm/hm.h

@@ -216 +216 @@
 VMMR0_INT_DECL(void)            HMR0NotifyCpumModifiedHostCr0(PVMCPU VCpu);
 VMMR0_INT_DECL(bool)            HMR0SuspendPending(void);
+VMMR0_INT_DECL(int)             HMR0InvalidatePage(PVMCPU pVCpu, RTGCPTR GCVirt);
+VMMR0_INT_DECL(int)             HMR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat);
 
 # if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS)

trunk/include/VBox/vmm/hm_svm.h

@@ -1067 +1067 @@
     /** Cache of the LBR virtualization bit. */
     bool                fLbrVirt;
+    /** Whether the VMCB is cached by HM.  */
+    bool                fCacheValid;
     /** Alignment. */
-    bool                afPadding0[5];
+    bool                afPadding0[4];
 } SVMNESTEDVMCBCACHE;
 #pragma pack()
@@ -1076 +1078 @@
 typedef const SVMNESTEDVMCBCACHE *PCSVMNESTEDVMCBCACHE;
 AssertCompileSizeAlignment(SVMNESTEDVMCBCACHE, 8);
-
-#ifdef IN_RING0
-VMMR0DECL(int) SVMR0InvalidatePage(PVM pVM, PVMCPU pVCpu, RTGCPTR GCVirt);
-#endif /* IN_RING0 */
 
 /**
@@ -1140 +1138 @@
  * Don't add any more functions here unless there is no other option.
  */
-VMM_INT_DECL(bool)     HMIsGuestSvmCtrlInterceptSet(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fIntercept);
-VMM_INT_DECL(bool)     HMIsGuestSvmReadCRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uCr);
-VMM_INT_DECL(bool)     HMIsGuestSvmWriteCRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uCr);
-VMM_INT_DECL(bool)     HMIsGuestSvmReadDRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uDr);
-VMM_INT_DECL(bool)     HMIsGuestSvmWriteDRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uDr);
-VMM_INT_DECL(bool)     HMIsGuestSvmXcptInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uVector);
-VMM_INT_DECL(bool)     HMIsGuestSvmVirtIntrMasking(PVMCPU pVCpu, PCCPUMCTX pCtx);
-VMM_INT_DECL(bool)     HMIsGuestSvmNestedPagingEnabled(PVMCPU pVCpu, PCCPUMCTX pCtx);
-VMM_INT_DECL(uint16_t) HMGetGuestSvmPauseFilterCount(PVMCPU pVCpu, PCCPUMCTX pCtx);
+VMM_INT_DECL(bool)     HMHasGuestSvmVmcbCached(PVMCPU pVCpu);
+VMM_INT_DECL(bool)     HMIsGuestSvmCtrlInterceptSet(PVMCPU pVCpu, uint64_t fIntercept);
+VMM_INT_DECL(bool)     HMIsGuestSvmReadCRxInterceptSet(PVMCPU pVCpu, uint8_t uCr);
+VMM_INT_DECL(bool)     HMIsGuestSvmWriteCRxInterceptSet(PVMCPU pVCpu, uint8_t uCr);
+VMM_INT_DECL(bool)     HMIsGuestSvmReadDRxInterceptSet(PVMCPU pVCpu, uint8_t uDr);
+VMM_INT_DECL(bool)     HMIsGuestSvmWriteDRxInterceptSet(PVMCPU pVCpu, uint8_t uDr);
+VMM_INT_DECL(bool)     HMIsGuestSvmXcptInterceptSet(PVMCPU pVCpu, uint8_t uVector);
+VMM_INT_DECL(bool)     HMIsGuestSvmVirtIntrMasking(PVMCPU pVCpu);
+VMM_INT_DECL(bool)     HMIsGuestSvmNestedPagingEnabled(PVMCPU pVCpu);
+VMM_INT_DECL(uint16_t) HMGetGuestSvmPauseFilterCount(PVMCPU pVCpu);
+
 /** @} */
 

trunk/include/VBox/vmm/hm_vmx.h

@@ -2535 +2535 @@
 }
 
-#ifdef IN_RING0
-VMMR0DECL(int) VMXR0InvalidatePage(PVM pVM, PVMCPU pVCpu, RTGCPTR GCVirt);
-VMMR0DECL(int) VMXR0InvalidatePhysPage(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys);
-#endif /* IN_RING0 */
-
 /** @} */
 

trunk/include/VBox/vmm/iem.h

@@ -218 +218 @@
                                                     | CPUMCTX_EXTRN_DR7 /* for memory breakpoints */ )
 
+#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
+/** The CPUMCTX_EXTRN_XXX mask needed when calling IEMExecSvmVmexit().
+ * IEM will ASSUME the caller has ensured these are already present. */
+# define IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK   (  CPUMCTX_EXTRN_RSP \
+                                              | CPUMCTX_EXTRN_RAX \
+                                              | CPUMCTX_EXTRN_RIP \
+                                              | CPUMCTX_EXTRN_RFLAGS \
+                                              | CPUMCTX_EXTRN_CS \
+                                              | CPUMCTX_EXTRN_SS \
+                                              | CPUMCTX_EXTRN_DS \
+                                              | CPUMCTX_EXTRN_ES \
+                                              | CPUMCTX_EXTRN_GDTR \
+                                              | CPUMCTX_EXTRN_IDTR \
+                                              | CPUMCTX_EXTRN_CR_MASK \
+                                              | CPUMCTX_EXTRN_EFER \
+                                              | CPUMCTX_EXTRN_DR6 \
+                                              | CPUMCTX_EXTRN_DR7 \
+                                              | CPUMCTX_EXTRN_OTHER_MSRS \
+                                              | CPUMCTX_EXTRN_HWVIRT)
+#endif
 
 VMMDECL(VBOXSTRICTRC)       IEMExecOne(PVMCPU pVCpu);

trunk/src/VBox/VMM/VMMAll/CPUMAllRegs.cpp

@@ -2450 +2450 @@
      *         RPL = CPL.  Weird.
      */
+    Assert(!(pVCpu->cpum.s.Guest.fExtrn & (CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_SS)));
     uint32_t uCpl;
     if (pVCpu->cpum.s.Guest.cr0 & X86_CR0_PE)
@@ -2766 +2767 @@
     if (CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
     {
-        if (!pCtx->hwvirt.svm.fHMCachedVmcb)
+        if (!HMHasGuestSvmVmcbCached(pVCpu))
         {
             PCSVMVMCB pVmcb = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
@@ -2807 +2808 @@
             }
 
-            case CPUMCTX_EXTRN_KEEPER_HM: /** @todo make HM use CPUMCTX_EXTRN_XXX. */
+            case CPUMCTX_EXTRN_KEEPER_HM:
+            {
+#ifdef IN_RING0
+                int rc = HMR0ImportStateOnDemand(pVCpu, &pVCpu->cpum.s.Guest, fExtrnImport);
+                Assert(rc == VINF_SUCCESS || RT_FAILURE_NP(rc));
+                return rc;
+#else
+                return VINF_SUCCESS;
+#endif
+            }
             default:
                 AssertLogRelMsgFailedReturn(("%#RX64 vs %#RX64\n", pVCpu->cpum.s.Guest.fExtrn, fExtrnImport), VERR_CPUM_IPE_2);

trunk/src/VBox/VMM/VMMAll/HMAll.cpp

@@ -82 +82 @@
     STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushPageManual);
 #ifdef IN_RING0
-    PVM pVM = pVCpu->CTX_SUFF(pVM);
-    if (pVM->hm.s.vmx.fSupported)
-        return VMXR0InvalidatePage(pVM, pVCpu, GCVirt);
-
-    Assert(pVM->hm.s.svm.fSupported);
-    return SVMR0InvalidatePage(pVM, pVCpu, GCVirt);
-
+    return HMR0InvalidatePage(pVCpu, GCVirt);
 #else
     hmQueueInvlPage(pVCpu, GCVirt);
@@ -288 +282 @@
         return VINF_SUCCESS;
 
-#ifdef IN_RING0
-    if (pVM->hm.s.vmx.fSupported)
-    {
-        VMCPUID idThisCpu = VMMGetCpuId(pVM);
-
-        for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
-        {
-            PVMCPU pVCpu = &pVM->aCpus[idCpu];
-
-            if (idThisCpu == idCpu)
-            {
-                /** @todo r=ramshankar: Intel does not support flushing by guest physical
-                 *        address either. See comment in VMXR0InvalidatePhysPage(). Fix this. */
-                VMXR0InvalidatePhysPage(pVM, pVCpu, GCPhys);
-            }
-            else
-            {
-                VMCPU_FF_SET(pVCpu, VMCPU_FF_TLB_FLUSH);
-                hmPokeCpuForTlbFlush(pVCpu, true /*fAccountFlushStat*/);
-            }
-        }
-        return VINF_SUCCESS;
-    }
-
-    /* AMD-V doesn't support invalidation with guest physical addresses; see
-       comment in SVMR0InvalidatePhysPage. */
-    Assert(pVM->hm.s.svm.fSupported);
-#else
-    NOREF(GCPhys);
-#endif
-
-    HMFlushTLBOnAllVCpus(pVM);
-    return VINF_SUCCESS;
+    /*
+     * AMD-V: Doesn't support invalidation with guest physical addresses.
+     *
+     * VT-x: Doesn't support invalidation with guest physical addresses.
+     * INVVPID instruction takes only a linear address while invept only flushes by EPT
+     * not individual addresses.
+     *
+     * We update the force flag and flush before the next VM-entry, see @bugref{6568}.
+     */
+    RT_NOREF(GCPhys);
+    /** @todo Remove or figure out to way to update the Phys STAT counter.  */
+    /* STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushTlbInvlpgPhys); */
+    return HMFlushTLBOnAllVCpus(pVM);
 }
 

trunk/src/VBox/VMM/VMMAll/HMSVMAll.cpp

@@ -130 +130 @@
 VMM_INT_DECL(void) HMSvmNstGstVmExitNotify(PVMCPU pVCpu, PCPUMCTX pCtx)
 {
-    if (pCtx->hwvirt.svm.fHMCachedVmcb)
-    {
-        PSVMVMCBCTRL        pVmcbNstGstCtrl  = &pCtx->hwvirt.svm.CTX_SUFF(pVmcb)->ctrl;
-        PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
-
+    PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    if (pVmcbNstGstCache->fCacheValid)
+    {
         /*
          * Restore fields as our own code might look at the VMCB controls as part
@@ -141 +139 @@
          * by a physical CPU on #VMEXIT.
          */
+        PSVMVMCBCTRL pVmcbNstGstCtrl = &pCtx->hwvirt.svm.CTX_SUFF(pVmcb)->ctrl;
         pVmcbNstGstCtrl->u16InterceptRdCRx                 = pVmcbNstGstCache->u16InterceptRdCRx;
         pVmcbNstGstCtrl->u16InterceptWrCRx                 = pVmcbNstGstCache->u16InterceptWrCRx;
@@ -153 +152 @@
         pVmcbNstGstCtrl->NestedPagingCtrl.n.u1NestedPaging = pVmcbNstGstCache->fNestedPaging;
         pVmcbNstGstCtrl->LbrVirt.n.u1LbrVirt               = pVmcbNstGstCache->fLbrVirt;
-        pCtx->hwvirt.svm.fHMCachedVmcb = false;
+        pVmcbNstGstCache->fCacheValid = false;
     }
 
@@ -166 +165 @@
      * change here.
      */
+    /** @todo Only signal state needed for VM-exit (e.g. skip
+     *        LDTR, TR etc., see IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK.
+     *        Do this while extending HM_CHANGED_xxx flags. See
+     *        todo in hmR0SvmHandleExitNested(). */
     HMCPU_CF_SET(pVCpu, HM_CHANGED_ALL_GUEST);
 }
@@ -209 +212 @@
 {
     PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
-    Assert(CPUMIsGuestInSvmNestedHwVirtMode(pCtx));
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb);
-    NOREF(pCtx);
-    PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    Assert(CPUMIsGuestInSvmNestedHwVirtMode(pCtx)); RT_NOREF(pCtx);
+    PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    Assert(pVmcbNstGstCache->fCacheValid);
     return uTicks + pVmcbNstGstCache->u64TSCOffset;
 }
@@ -401 +403 @@
 
 /**
+ * Returns whether HM has cached the nested-guest VMCB.
+ *
+ * If the VMCB is cached by HM, it means HM may have potentially modified the
+ * VMCB for execution using hardware-assisted SVM.
+ *
+ * @returns true if HM has cached the nested-guest VMCB, false otherwise.
+ * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
+ */
+VMM_INT_DECL(bool) HMHasGuestSvmVmcbCached(PVMCPU pVCpu)
+{
+    PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    return pVmcbNstGstCache->fCacheValid;
+}
+
+
+/**
  * Checks if the nested-guest VMCB has the specified ctrl/instruction intercept
  * active.
@@ -406 +424 @@
  * @returns @c true if in intercept is set, @c false otherwise.
  * @param   pVCpu       The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx        Pointer to the context.
  * @param   fIntercept  The SVM control/instruction intercept, see
  *                      SVM_CTRL_INTERCEPT_*.
  */
-VMM_INT_DECL(bool) HMIsGuestSvmCtrlInterceptSet(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fIntercept)
-{
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+VMM_INT_DECL(bool) HMIsGuestSvmCtrlInterceptSet(PVMCPU pVCpu, uint64_t fIntercept)
+{
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u64InterceptCtrl & fIntercept);
@@ -423 +440 @@
  * @returns @c true if in intercept is set, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
  * @param   uCr     The CR register number (0 to 15).
  */
-VMM_INT_DECL(bool) HMIsGuestSvmReadCRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uCr)
+VMM_INT_DECL(bool) HMIsGuestSvmReadCRxInterceptSet(PVMCPU pVCpu, uint8_t uCr)
 {
     Assert(uCr < 16);
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u16InterceptRdCRx & (1 << uCr));
@@ -440 +456 @@
  * @returns @c true if in intercept is set, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
  * @param   uCr     The CR register number (0 to 15).
  */
-VMM_INT_DECL(bool) HMIsGuestSvmWriteCRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uCr)
+VMM_INT_DECL(bool) HMIsGuestSvmWriteCRxInterceptSet(PVMCPU pVCpu, uint8_t uCr)
 {
     Assert(uCr < 16);
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u16InterceptWrCRx & (1 << uCr));
@@ -457 +472 @@
  * @returns @c true if in intercept is set, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
  * @param   uDr     The DR register number (0 to 15).
  */
-VMM_INT_DECL(bool) HMIsGuestSvmReadDRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uDr)
+VMM_INT_DECL(bool) HMIsGuestSvmReadDRxInterceptSet(PVMCPU pVCpu, uint8_t uDr)
 {
     Assert(uDr < 16);
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u16InterceptRdDRx & (1 << uDr));
@@ -474 +488 @@
  * @returns @c true if in intercept is set, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
  * @param   uDr     The DR register number (0 to 15).
  */
-VMM_INT_DECL(bool) HMIsGuestSvmWriteDRxInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uDr)
+VMM_INT_DECL(bool) HMIsGuestSvmWriteDRxInterceptSet(PVMCPU pVCpu, uint8_t uDr)
 {
     Assert(uDr < 16);
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u16InterceptWrDRx & (1 << uDr));
@@ -491 +504 @@
  * @returns true if in intercept is active, false otherwise.
  * @param   pVCpu       The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx        Pointer to the context.
  * @param   uVector     The exception / interrupt vector.
  */
-VMM_INT_DECL(bool) HMIsGuestSvmXcptInterceptSet(PVMCPU pVCpu, PCCPUMCTX pCtx, uint8_t uVector)
+VMM_INT_DECL(bool) HMIsGuestSvmXcptInterceptSet(PVMCPU pVCpu, uint8_t uVector)
 {
     Assert(uVector < 32);
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return RT_BOOL(pVmcbNstGstCache->u32InterceptXcpt & (1 << uVector));
@@ -508 +520 @@
  * @returns true if virtual-interrupts are masked, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
- */
-VMM_INT_DECL(bool) HMIsGuestSvmVirtIntrMasking(PVMCPU pVCpu, PCCPUMCTX pCtx)
-{
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+ */
+VMM_INT_DECL(bool) HMIsGuestSvmVirtIntrMasking(PVMCPU pVCpu)
+{
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return pVmcbNstGstCache->fVIntrMasking;
@@ -523 +534 @@
  * @returns true if nested-paging is enabled, @c false otherwise.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
- */
-VMM_INT_DECL(bool) HMIsGuestSvmNestedPagingEnabled(PVMCPU pVCpu, PCCPUMCTX pCtx)
-{
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+ */
+VMM_INT_DECL(bool) HMIsGuestSvmNestedPagingEnabled(PVMCPU pVCpu)
+{
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return pVmcbNstGstCache->fNestedPaging;
@@ -538 +548 @@
  * @returns The pause-filter count.
  * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
- * @param   pCtx    Pointer to the context.
- */
-VMM_INT_DECL(uint16_t) HMGetGuestSvmPauseFilterCount(PVMCPU pVCpu, PCCPUMCTX pCtx)
-{
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); NOREF(pCtx);
+ */
+VMM_INT_DECL(uint16_t) HMGetGuestSvmPauseFilterCount(PVMCPU pVCpu)
+{
+    Assert(HMHasGuestSvmVmcbCached(pVCpu));
     PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
     return pVmcbNstGstCache->u16PauseFilterCount;

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -15166 +15166 @@
 VMM_INT_DECL(VBOXSTRICTRC) IEMExecSvmVmexit(PVMCPU pVCpu, uint64_t uExitCode, uint64_t uExitInfo1, uint64_t uExitInfo2)
 {
-    IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_MUST_MASK);
+    IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
     VBOXSTRICTRC rcStrict = iemSvmVmexit(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
     if (pVCpu->iem.s.cActiveMappings)

trunk/src/VBox/VMM/VMMAll/IEMAllCImplSvmInstr.cpp.h

@@ -143 +143 @@
         || uExitCode == SVM_EXIT_INVALID)
     {
-        LogFlow(("iemSvmVmexit: CS:RIP=%04x:%08RX64 uExitCode=%#RX64 uExitInfo1=%#RX64 uExitInfo2=%#RX64\n", pVCpu->cpum.GstCtx.cs.Sel,
-                 pVCpu->cpum.GstCtx.rip, uExitCode, uExitInfo1, uExitInfo2));
+        LogFlow(("iemSvmVmexit: CS:RIP=%04x:%08RX64 uExitCode=%#RX64 uExitInfo1=%#RX64 uExitInfo2=%#RX64\n",
+                 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, uExitCode, uExitInfo1, uExitInfo2));
 
         /*
@@ -824 +824 @@
              *        below. */
             LogFlow(("iemSvmVmrun: Injecting event: %04x:%08RX64 vec=%#x type=%d uErr=%u cr2=%#RX64 cr3=%#RX64 efer=%#RX64\n",
-                     pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, uVector, enmType, uErrorCode, pVCpu->cpum.GstCtx.cr2, pVCpu->cpum.GstCtx.cr3, pVCpu->cpum.GstCtx.msrEFER));
+                     pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, uVector, enmType, uErrorCode, pVCpu->cpum.GstCtx.cr2,
+                     pVCpu->cpum.GstCtx.cr3, pVCpu->cpum.GstCtx.msrEFER));
 
             /*
@@ -840 +841 @@
         else
             LogFlow(("iemSvmVmrun: Entering nested-guest: %04x:%08RX64 cr0=%#RX64 cr3=%#RX64 cr4=%#RX64 efer=%#RX64 efl=%#x\n",
-                     pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.cr0, pVCpu->cpum.GstCtx.cr3, pVCpu->cpum.GstCtx.cr4, pVCpu->cpum.GstCtx.msrEFER, pVCpu->cpum.GstCtx.rflags.u64));
+                     pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.cr0, pVCpu->cpum.GstCtx.cr3,
+                     pVCpu->cpum.GstCtx.cr4, pVCpu->cpum.GstCtx.msrEFER, pVCpu->cpum.GstCtx.rflags.u64));
 
         LogFlow(("iemSvmVmrun: returns %d\n", VBOXSTRICTRC_VAL(rcStrict)));
@@ -1264 +1266 @@
     {
         LogFlow(("vmsave: Saving VMCB at %#RGp enmEffAddrMode=%d\n", GCPhysVmcb, pVCpu->iem.s.enmEffAddrMode));
+        IEM_CTX_IMPORT_RET(pVCpu,   CPUMCTX_EXTRN_FS | CPUMCTX_EXTRN_GS | CPUMCTX_EXTRN_TR | CPUMCTX_EXTRN_LDTR
+                                  | CPUMCTX_EXTRN_KERNEL_GS_BASE | CPUMCTX_EXTRN_SYSCALL_MSRS | CPUMCTX_EXTRN_SYSENTER_MSRS);
+
         HMSVM_SEG_REG_COPY_TO_VMCB(IEM_GET_CTX(pVCpu), &VmcbNstGst, FS, fs);
         HMSVM_SEG_REG_COPY_TO_VMCB(IEM_GET_CTX(pVCpu), &VmcbNstGst, GS, gs);
@@ -1400 +1405 @@
     if (IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSvmPauseFilter)
     {
+        IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_HWVIRT);
+
         /* TSC based pause-filter thresholding. */
         if (   IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSvmPauseFilterThreshold

trunk/src/VBox/VMM/VMMR0/HMR0.cpp

@@ -96 +96 @@
     DECLR0CALLBACKMEMBER(int,  pfnInitVM, (PVM pVM));
     DECLR0CALLBACKMEMBER(int,  pfnTermVM, (PVM pVM));
-    DECLR0CALLBACKMEMBER(int,  pfnSetupVM ,(PVM pVM));
+    DECLR0CALLBACKMEMBER(int,  pfnSetupVM, (PVM pVM));
     /** @} */
 
@@ -1644 +1644 @@
 
 /**
+ * Invalidates a guest page from the host TLB.
+ *
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   GCVirt      Page to invalidate.
+ */
+VMMR0_INT_DECL(int) HMR0InvalidatePage(PVMCPU pVCpu, RTGCPTR GCVirt)
+{
+    PVM pVM = pVCpu->CTX_SUFF(pVM);
+    if (pVM->hm.s.vmx.fSupported)
+        return VMXR0InvalidatePage(pVM, pVCpu, GCVirt);
+    return SVMR0InvalidatePage(pVM, pVCpu, GCVirt);
+}
+
+
+/**
  * Returns the cpu structure for the current cpu.
  * Keep in mind that there is no guarantee it will stay the same (long jumps to ring 3!!!).
@@ -1679 +1694 @@
     return;
 }
+
+
+/**
+ * Interface for importing state on demand (used by IEM).
+ *
+ * @returns VBox status code.
+ * @param   pVCpu       The cross context CPU structure.
+ * @param   pCtx        The target CPU context.
+ * @param   fWhat       What to import, CPUMCTX_EXTRN_XXX.
+ */
+VMMR0_INT_DECL(int) HMR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat)
+{
+    /** @todo Intel. */
+#if 0
+    if (pVCpu->CTX_SUFF(pVM).hm.s.vmx.fSupported)
+        return VMXR0ImportStateOnDemand(pVCpu, pCtx, fWhat);
+#endif
+    return SVMR0ImportStateOnDemand(pVCpu, pCtx, fWhat);
+}
+
 
 #ifdef VBOX_WITH_RAW_MODE

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -80 +80 @@
 #define HMSVM_EXIT_DECL                 static int
 
+/**
+ * Subset of the guest-CPU state that is kept by SVM R0 code while executing the
+ * guest using hardware-assisted SVM.
+ *
+ * This excludes state like TSC AUX, GPRs (other than RSP, RAX) which are always
+ * are swapped and restored across the world-switch and also registers like
+ * EFER, PAT MSR etc. which cannot be modified by the guest without causing a
+ * \#VMEXIT.
+ */
+#define HMSVM_CPUMCTX_EXTRN_ALL         (  CPUMCTX_EXTRN_RIP            \
+                                         | CPUMCTX_EXTRN_RFLAGS         \
+                                         | CPUMCTX_EXTRN_RAX            \
+                                         | CPUMCTX_EXTRN_RSP            \
+                                         | CPUMCTX_EXTRN_SREG_MASK      \
+                                         | CPUMCTX_EXTRN_CR0            \
+                                         | CPUMCTX_EXTRN_CR2            \
+                                         | CPUMCTX_EXTRN_CR3            \
+                                         | CPUMCTX_EXTRN_TABLE_MASK     \
+                                         | CPUMCTX_EXTRN_DR6            \
+                                         | CPUMCTX_EXTRN_DR7            \
+                                         | CPUMCTX_EXTRN_KERNEL_GS_BASE \
+                                         | CPUMCTX_EXTRN_SYSCALL_MSRS   \
+                                         | CPUMCTX_EXTRN_SYSENTER_MSRS  \
+                                         | CPUMCTX_EXTRN_HWVIRT         \
+                                         | CPUMCTX_EXTRN_HM_SVM_MASK)
+
+/** Macro for importing guest state from the VMCB back into CPUMCTX.  */
+#define HMSVM_CPUMCTX_IMPORT_STATE(a_pVCpu, a_pCtx, a_fWhat) \
+    do { \
+        hmR0SvmImportGuestState((a_pVCpu), (a_pCtx), (a_fWhat)); \
+    } while (0)
+
+/** Assert that the required state bits are fetched. */
+#define HMSVM_CPUMCTX_ASSERT(a_pVCpu, a_fExtrnMbz)          AssertMsg(!((a_pVCpu)->cpum.GstCtx.fExtrn & (a_fExtrnMbz)), \
+                                                                      ("fExtrn=%#RX64 fExtrnMbz=%#RX64\n", \
+                                                                      (a_pVCpu)->cpum.GstCtx.fExtrn, (a_fExtrnMbz)))
+
 /** Macro for checking and returning from the using function for
  * \#VMEXIT intercepts that maybe caused during delivering of another
@@ -92 +129 @@
         else if (     rc == VINF_EM_RESET \
                  &&   CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_SHUTDOWN)) \
+        { \
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK); \
             return VBOXSTRICTRC_TODO(IEMExecSvmVmexit(pVCpu, SVM_EXIT_SHUTDOWN, 0, 0)); \
+        } \
         else \
             return rc; \
@@ -108 +148 @@
 #endif
 
-/**
- * Updates interrupt shadow for the current RIP.
- */
+/** Macro which updates interrupt shadow for the current RIP.  */
 #define HMSVM_UPDATE_INTR_SHADOW(pVCpu, pCtx) \
     do { \
@@ -154 +192 @@
 /** Validate segment descriptor granularity bit. */
 #ifdef VBOX_STRICT
-# define HMSVM_ASSERT_SEG_GRANULARITY(reg) \
-    AssertMsg(   !pMixedCtx->reg.Attr.n.u1Present \
-              || (   pMixedCtx->reg.Attr.n.u1Granularity \
-                  ? (pMixedCtx->reg.u32Limit & 0xfff) == 0xfff \
-                  :  pMixedCtx->reg.u32Limit <= UINT32_C(0xfffff)), \
-              ("Invalid Segment Attributes Limit=%#RX32 Attr=%#RX32 Base=%#RX64\n", pMixedCtx->reg.u32Limit, \
-              pMixedCtx->reg.Attr.u, pMixedCtx->reg.u64Base))
+# define HMSVM_ASSERT_SEG_GRANULARITY(a_pCtx, reg) \
+    AssertMsg(   !(a_pCtx)->reg.Attr.n.u1Present \
+              || (   (a_pCtx)->reg.Attr.n.u1Granularity \
+                  ? ((a_pCtx)->reg.u32Limit & 0xfff) == 0xfff \
+                  :  (a_pCtx)->reg.u32Limit <= UINT32_C(0xfffff)), \
+              ("Invalid Segment Attributes Limit=%#RX32 Attr=%#RX32 Base=%#RX64\n", (a_pCtx)->reg.u32Limit, \
+              (a_pCtx)->reg.Attr.u, (a_pCtx)->reg.u64Base))
 #else
-# define HMSVM_ASSERT_SEG_GRANULARITY(reg)              do { } while (0)
+# define HMSVM_ASSERT_SEG_GRANULARITY(a_pCtx, reg)      do { } while (0)
 #endif
 
@@ -320 +358 @@
  * @returns VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
- * @param   pMixedCtx       Pointer to the guest-CPU context.
+ * @param   pCtx            Pointer to the guest-CPU context.
  * @param   pSvmTransient   Pointer to the SVM-transient structure.
  */
@@ -329 +367 @@
 *   Internal Functions                                                                                                           *
 *********************************************************************************************************************************/
-static void hmR0SvmSetMsrPermission(PCPUMCTX pCtx, uint8_t *pbMsrBitmap, unsigned uMsr, SVMMSREXITREAD enmRead,
+static void hmR0SvmSetMsrPermission(PCCPUMCTX pCtx, uint8_t *pbMsrBitmap, unsigned uMsr, SVMMSREXITREAD enmRead,
                                     SVMMSREXITWRITE enmWrite);
 static void hmR0SvmPendingEventToTrpmTrap(PVMCPU pVCpu);
-static void hmR0SvmLeave(PVMCPU pVCpu);
+static void hmR0SvmLeave(PVMCPU pVCpu, bool fImportState);
+static void hmR0SvmImportGuestState(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat);
+
 
 /** @name \#VMEXIT handlers.
@@ -385 +425 @@
 /** @} */
 
-static int hmR0SvmHandleExit(PVMCPU pVCpu, PCPUMCTX pMixedCtx, PSVMTRANSIENT pSvmTransient);
+static int hmR0SvmHandleExit(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient);
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
 static int hmR0SvmHandleExitNested(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient);
@@ -402 +442 @@
 
 #ifdef VBOX_STRICT
-# define HMSVM_LOG_CS           RT_BIT_32(0)
-# define HMSVM_LOG_SS           RT_BIT_32(1)
-# define HMSVM_LOG_FS           RT_BIT_32(2)
-# define HMSVM_LOG_GS           RT_BIT_32(3)
-# define HMSVM_LOG_LBR          RT_BIT_32(4)
-# define HMSVM_LOG_ALL          (  HMSVM_LOG_CS \
+# define HMSVM_LOG_RBP_RSP      RT_BIT_32(0)
+# define HMSVM_LOG_CR_REGS      RT_BIT_32(1)
+# define HMSVM_LOG_CS           RT_BIT_32(2)
+# define HMSVM_LOG_SS           RT_BIT_32(3)
+# define HMSVM_LOG_FS           RT_BIT_32(4)
+# define HMSVM_LOG_GS           RT_BIT_32(5)
+# define HMSVM_LOG_LBR          RT_BIT_32(6)
+# define HMSVM_LOG_ALL          (  HMSVM_LOG_RBP_RSP \
+                                 | HMSVM_LOG_CR_REGS \
+                                 | HMSVM_LOG_CS \
                                  | HMSVM_LOG_SS \
                                  | HMSVM_LOG_FS \
@@ -421 +465 @@
  * @param   pszPrefix   Log prefix.
  * @param   fFlags      Log flags, see HMSVM_LOG_XXX.
- * @param   uVerbose    The verbosity level, currently unused.
- */
-static void hmR0SvmLogState(PVMCPU pVCpu, PCSVMVMCB pVmcb, PCPUMCTX pCtx, const char *pszPrefix, uint32_t fFlags,
+ * @param   uVerboses    The verbosity level, currently unused.
+ */
+static void hmR0SvmLogState(PVMCPU pVCpu, PCSVMVMCB pVmcb, PCCPUMCTX pCtx, const char *pszPrefix, uint32_t fFlags,
                              uint8_t uVerbose)
 {
     RT_NOREF2(pVCpu, uVerbose);
 
-    Log4(("%s: cs:rip=%04x:%RX64 efl=%#RX64 cr0=%#RX64 cr3=%#RX64 cr4=%#RX64\n", pszPrefix, pCtx->cs.Sel, pCtx->rip,
-          pCtx->rflags.u, pCtx->cr0, pCtx->cr3, pCtx->cr4));
-    Log4(("%s: rsp=%#RX64 rbp=%#RX64 rdi=%#RX64\n", pszPrefix, pCtx->rsp, pCtx->rbp, pCtx->rdi));
+    HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS);
+    Log4(("%s: cs:rip=%04x:%RX64 efl=%#RX64\n", pszPrefix, pCtx->cs.Sel, pCtx->rip, pCtx->rflags.u));
+
+    if (fFlags & HMSVM_LOG_RBP_RSP)
+    {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RSP | CPUMCTX_EXTRN_RBP);
+        Log4(("%s: rsp=%#RX64 rbp=%#RX64\n", pszPrefix, pCtx->rsp, pCtx->rbp));
+    }
+
+    if (fFlags & HMSVM_LOG_CR_REGS)
+    {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_CR3 | CPUMCTX_EXTRN_CR4);
+        Log4(("%s: cr0=%#RX64 cr3=%#RX64 cr4=%#RX64\n", pszPrefix, pCtx->cr0, pCtx->cr3, pCtx->cr4));
+    }
+
     if (fFlags & HMSVM_LOG_CS)
     {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CS);
         Log4(("%s: cs={%04x base=%016RX64 limit=%08x flags=%08x}\n", pszPrefix, pCtx->cs.Sel, pCtx->cs.u64Base,
               pCtx->cs.u32Limit, pCtx->cs.Attr.u));
@@ -438 +495 @@
     if (fFlags & HMSVM_LOG_SS)
     {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SS);
         Log4(("%s: ss={%04x base=%016RX64 limit=%08x flags=%08x}\n", pszPrefix, pCtx->ss.Sel, pCtx->ss.u64Base,
               pCtx->ss.u32Limit, pCtx->ss.Attr.u));
@@ -443 +501 @@
     if (fFlags & HMSVM_LOG_FS)
     {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_FS);
         Log4(("%s: fs={%04x base=%016RX64 limit=%08x flags=%08x}\n", pszPrefix, pCtx->fs.Sel, pCtx->fs.u64Base,
               pCtx->fs.u32Limit, pCtx->fs.Attr.u));
@@ -448 +507 @@
     if (fFlags & HMSVM_LOG_GS)
     {
+        HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_GS);
         Log4(("%s: gs={%04x base=%016RX64 limit=%08x flags=%08x}\n", pszPrefix, pCtx->gs.Sel, pCtx->gs.u64Base,
               pCtx->gs.u32Limit, pCtx->gs.Attr.u));
@@ -753 +813 @@
  * @param   pCtx        Pointer to the guest-CPU context.
  */
-DECLINLINE(bool) hmR0SvmSupportsVmcbCleanBits(PVMCPU pVCpu, PCPUMCTX pCtx)
+DECLINLINE(bool) hmR0SvmSupportsVmcbCleanBits(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     PVM pVM = pVCpu->CTX_SUFF(pVM);
@@ -827 +887 @@
  *          caller needs to take care of this.
  */
-static void hmR0SvmSetMsrPermission(PCPUMCTX pCtx, uint8_t *pbMsrBitmap, uint32_t idMsr, SVMMSREXITREAD enmRead,
+static void hmR0SvmSetMsrPermission(PCCPUMCTX pCtx, uint8_t *pbMsrBitmap, uint32_t idMsr, SVMMSREXITREAD enmRead,
                                     SVMMSREXITWRITE enmWrite)
 {
@@ -1093 +1153 @@
  * @returns Pointer to the nested-guest VMCB cache.
  * @param   pVCpu           The cross context virtual CPU structure.
- * @param   pCtx            Pointer to the guest-CPU context.
- */
-DECLINLINE(PSVMNESTEDVMCBCACHE) hmR0SvmGetNestedVmcbCache(PVMCPU pVCpu, PCPUMCTX pCtx)
+ */
+DECLINLINE(PSVMNESTEDVMCBCACHE) hmR0SvmGetNestedVmcbCache(PVMCPU pVCpu)
 {
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); RT_NOREF(pCtx);
+    Assert(pVCpu->hm.s.svm.NstGstVmcbCache.fCacheValid);
     return &pVCpu->hm.s.svm.NstGstVmcbCache;
 #else
-    RT_NOREF2(pVCpu, pCtx);
+    RT_NOREF(pVCpu);
     return NULL;
 #endif
@@ -1154 +1213 @@
  * @param   pHostCpu    Pointer to the HM host-CPU info.
  */
-static void hmR0SvmFlushTaggedTlb(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb, PHMGLOBALCPUINFO pHostCpu)
+static void hmR0SvmFlushTaggedTlb(PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMVMCB pVmcb, PHMGLOBALCPUINFO pHostCpu)
 {
 #ifndef VBOX_WITH_NESTED_HWVIRT_SVM
@@ -1394 +1453 @@
  *          are not intercepting it.
  */
-DECLINLINE(void) hmR0SvmClearXcptIntercept(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb, uint8_t uXcpt)
+DECLINLINE(void) hmR0SvmClearXcptIntercept(PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMVMCB pVmcb, uint8_t uXcpt)
 {
     Assert(uXcpt != X86_XCPT_DB);
@@ -1406 +1465 @@
         if (CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
         {
-            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu, pCtx);
+            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu);
             fRemove = !(pVmcbNstGstCache->u32InterceptXcpt & RT_BIT(uXcpt));
         }
@@ -1453 +1512 @@
  *          are not intercepting it.
  */
-DECLINLINE(bool) hmR0SvmClearCtrlIntercept(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb, uint64_t fCtrlIntercept)
+DECLINLINE(bool) hmR0SvmClearCtrlIntercept(PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMVMCB pVmcb, uint64_t fCtrlIntercept)
 {
     if (pVmcb->ctrl.u64InterceptCtrl & fCtrlIntercept)
@@ -1462 +1521 @@
         if (CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
         {
-            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu, pCtx);
+            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu);
             fRemove = !(pVmcbNstGstCache->u64InterceptCtrl & fCtrlIntercept);
         }
@@ -1493 +1552 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmLoadSharedCR0(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadSharedCR0(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     /* The guest FPU is now always pre-loaded before executing guest code, see @bugref{7243#c101}. */
@@ -1542 +1601 @@
         {
             /* If the nested-hypervisor intercepts CR0 reads/writes, we need to continue intercepting them. */
-            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu, pCtx);
+            PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu);
             pVmcb->ctrl.u16InterceptRdCRx = (pVmcb->ctrl.u16InterceptRdCRx       & ~RT_BIT(0))
                                           | (pVmcbNstGstCache->u16InterceptRdCRx &  RT_BIT(0));
@@ -1575 +1634 @@
  * @remarks No-long-jump zone!!!
  */
-static int hmR0SvmLoadGuestControlRegs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static int hmR0SvmLoadGuestControlRegs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     PVM pVM = pVCpu->CTX_SUFF(pVM);
@@ -1671 +1730 @@
             {
                 /* If the nested-hypervisor intercepts CR4 reads, we need to continue intercepting them. */
-                PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu, pCtx);
+                PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = hmR0SvmGetNestedVmcbCache(pVCpu);
                 pVmcb->ctrl.u16InterceptRdCRx = (pVmcb->ctrl.u16InterceptRdCRx       & ~RT_BIT(4))
                                               | (pVmcbNstGstCache->u16InterceptRdCRx &  RT_BIT(4));
@@ -1704 +1763 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmLoadGuestSegmentRegs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadGuestSegmentRegs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     /* Guest Segment registers: CS, SS, DS, ES, FS, GS. */
@@ -1764 +1823 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmLoadGuestMsrs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadGuestMsrs(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     /* Guest Sysenter MSRs. */
-    pVmcb->guest.u64SysEnterCS  = pCtx->SysEnter.cs;
-    pVmcb->guest.u64SysEnterEIP = pCtx->SysEnter.eip;
-    pVmcb->guest.u64SysEnterESP = pCtx->SysEnter.esp;
+    if (HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_SYSENTER_CS_MSR))
+    {
+        pVmcb->guest.u64SysEnterCS  = pCtx->SysEnter.cs;
+        HMCPU_CF_CLEAR(pVCpu, HM_CHANGED_GUEST_SYSENTER_CS_MSR);
+    }
+    if (HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_SYSENTER_EIP_MSR))
+    {
+        pVmcb->guest.u64SysEnterEIP = pCtx->SysEnter.eip;
+        HMCPU_CF_CLEAR(pVCpu, HM_CHANGED_GUEST_SYSENTER_EIP_MSR);
+    }
+    if (HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_SYSENTER_ESP_MSR))
+    {
+        pVmcb->guest.u64SysEnterESP = pCtx->SysEnter.esp;
+        HMCPU_CF_CLEAR(pVCpu, HM_CHANGED_GUEST_SYSENTER_ESP_MSR);
+    }
 
     /*
@@ -1787 +1858 @@
     {
         /* Load these always as the guest may modify FS/GS base using MSRs in 64-bit mode which we don't intercept. */
-        pVmcb->guest.FS.u64Base = pCtx->fs.u64Base;
-        pVmcb->guest.GS.u64Base = pCtx->gs.u64Base;
-        pVmcb->ctrl.u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_SEG;
+        //pVmcb->guest.FS.u64Base = pCtx->fs.u64Base;
+        //pVmcb->guest.GS.u64Base = pCtx->gs.u64Base;
+        //pVmcb->ctrl.u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_SEG;
     }
     else
@@ -1801 +1872 @@
     }
 
-    /** @todo The following are used in 64-bit only (SYSCALL/SYSRET) but they might
-     *        be writable in 32-bit mode. Clarify with AMD spec. */
+    /** @todo HM_CHANGED_GUEST_SYSCALL_MSRS,
+     *        HM_CHANGED_GUEST_KERNEL_GS_BASE */
     pVmcb->guest.u64STAR         = pCtx->msrSTAR;
     pVmcb->guest.u64LSTAR        = pCtx->msrLSTAR;
@@ -1837 +1908 @@
  * @remarks Requires EFLAGS to be up-to-date in the VMCB!
  */
-static void hmR0SvmLoadSharedDebugState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadSharedDebugState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     bool fInterceptMovDRx = false;
@@ -2005 +2076 @@
  * @param   pCtx          Pointer to the guest-CPU or nested-guest-CPU context.
  */
-static void hmR0SvmLoadGuestHwvirtStateNested(PVMCPU pVCpu, PSVMVMCB pVmcbNstGst, PCPUMCTX pCtx)
+static void hmR0SvmLoadGuestHwvirtStateNested(PVMCPU pVCpu, PSVMVMCB pVmcbNstGst, PCCPUMCTX pCtx)
 {
     if (HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_HWVIRT))
@@ -2021 +2092 @@
         uint16_t const uGuestPauseFilterCount     = pVM->hm.s.svm.cPauseFilter;
         uint16_t const uGuestPauseFilterThreshold = pVM->hm.s.svm.cPauseFilterThresholdTicks;
-        if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_PAUSE))
+        if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_PAUSE))
         {
             pVmcbNstGstCtrl->u16PauseFilterCount     = RT_MIN(pCtx->hwvirt.svm.cPauseFilter, uGuestPauseFilterCount);
@@ -2046 +2117 @@
  * @param   pCtx        Pointer to the guest-CPU context.
  */
-static int hmR0SvmLoadGuestApicState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static int hmR0SvmLoadGuestApicState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     if (!HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_APIC_STATE))
@@ -2066 +2137 @@
         pVCpu->hm.s.svm.fSyncVTpr = false;
 
-        /* 32-bit guests uses LSTAR MSR for patching guest code which touches the TPR. */
-        if (pVM->hm.s.fTPRPatchingActive)
-        {
-            pCtx->msrLSTAR = u8Tpr;
+        if (!pVM->hm.s.fTPRPatchingActive)
+        {
+            /* Bits 3-0 of the VTPR field correspond to bits 7-4 of the TPR (which is the Task-Priority Class). */
+            pVmcb->ctrl.IntCtrl.n.u8VTPR = (u8Tpr >> 4);
+
+            /* If there are interrupts pending, intercept CR8 writes to evaluate ASAP if we can deliver the interrupt to the guest. */
+            if (fPendingIntr)
+                pVmcb->ctrl.u16InterceptWrCRx |= RT_BIT(8);
+            else
+            {
+                pVmcb->ctrl.u16InterceptWrCRx &= ~RT_BIT(8);
+                pVCpu->hm.s.svm.fSyncVTpr = true;
+            }
+
+            pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_INT_CTRL);
+        }
+        else
+        {
+            /* 32-bit guests uses LSTAR MSR for patching guest code which touches the TPR. */
+            pVmcb->guest.u64LSTAR = u8Tpr;
             uint8_t *pbMsrBitmap = (uint8_t *)pVCpu->hm.s.svm.pvMsrBitmap;
 
@@ -2082 +2169 @@
             pVmcb->ctrl.u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_IOPM_MSRPM;
         }
-        else
-        {
-            /* Bits 3-0 of the VTPR field correspond to bits 7-4 of the TPR (which is the Task-Priority Class). */
-            pVmcb->ctrl.IntCtrl.n.u8VTPR = (u8Tpr >> 4);
-
-            /* If there are interrupts pending, intercept CR8 writes to evaluate ASAP if we can deliver the interrupt to the guest. */
-            if (fPendingIntr)
-                pVmcb->ctrl.u16InterceptWrCRx |= RT_BIT(8);
-            else
-            {
-                pVmcb->ctrl.u16InterceptWrCRx &= ~RT_BIT(8);
-                pVCpu->hm.s.svm.fSyncVTpr = true;
-            }
-
-            pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_INT_CTRL);
-        }
     }
 
@@ -2113 +2184 @@
  * @param   pCtx        Pointer to the guest-CPU context.
  */
-static void hmR0SvmLoadGuestXcptIntercepts(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadGuestXcptIntercepts(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     /* If we modify intercepts from here, please check & adjust hmR0SvmLoadGuestXcptInterceptsNested()
@@ -2150 +2221 @@
  * @param   pCtx            Pointer to the nested-guest-CPU context.
  */
-static void hmR0SvmMergeVmcbCtrlsNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+static void hmR0SvmMergeVmcbCtrlsNested(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     PVM          pVM             = pVCpu->CTX_SUFF(pVM);
@@ -2300 +2371 @@
             if (!pVCpu->hm.s.fLeaveDone)
             {
-                hmR0SvmLeave(pVCpu);
+                hmR0SvmLeave(pVCpu, false /* fImportState */);
                 pVCpu->hm.s.fLeaveDone = true;
             }
@@ -2377 +2448 @@
  * @remarks No-long-jump zone!!!
  */
-static int hmR0SvmLoadGuestState(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
+static int hmR0SvmLoadGuestState(PVM pVM, PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     HMSVM_ASSERT_NOT_IN_NESTED_GUEST(pCtx);
@@ -2405 +2476 @@
 #endif
 
+    /* hmR0SvmLoadGuestApicState() must be called -after- hmR0SvmLoadGuestMsrs() as we
+       may overwrite LSTAR MSR in the VMCB in the case of TPR patching. */
     rc = hmR0SvmLoadGuestApicState(pVCpu, pVmcb, pCtx);
     AssertLogRelMsgRCReturn(rc, ("hmR0SvmLoadGuestApicState! rc=%Rrc (pVM=%p pVCpu=%p)\n", rc, pVM, pVCpu), rc);
@@ -2451 +2524 @@
  * @param   pCtx            Pointer to the nested-guest-CPU context.
  */
-static void hmR0SvmMergeMsrpmNested(PHMGLOBALCPUINFO pHostCpu, PVMCPU pVCpu, PCPUMCTX pCtx)
+static void hmR0SvmMergeMsrpmNested(PHMGLOBALCPUINFO pHostCpu, PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     uint64_t const *pu64GstMsrpm    = (uint64_t const *)pVCpu->hm.s.svm.pvMsrBitmap;
@@ -2473 +2546 @@
  * @sa      HMSvmNstGstVmExitNotify.
  */
-static bool hmR0SvmCacheVmcbNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+static bool hmR0SvmCacheVmcbNested(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     /*
@@ -2482 +2555 @@
      * cache and restore it, see AMD spec. 15.25.4 "Nested Paging and VMRUN/#VMEXIT".
      */
-    bool const fWasCached = pCtx->hwvirt.svm.fHMCachedVmcb;
+    PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    bool const fWasCached = pVmcbNstGstCache->fCacheValid;
     if (!fWasCached)
     {
-        PSVMVMCB            pVmcbNstGst      = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
-        PCSVMVMCBCTRL       pVmcbNstGstCtrl  = &pVmcbNstGst->ctrl;
-        PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
-
+        PCSVMVMCB      pVmcbNstGst    = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
+        PCSVMVMCBCTRL pVmcbNstGstCtrl = &pVmcbNstGst->ctrl;
         pVmcbNstGstCache->u16InterceptRdCRx       = pVmcbNstGstCtrl->u16InterceptRdCRx;
         pVmcbNstGstCache->u16InterceptWrCRx       = pVmcbNstGstCtrl->u16InterceptWrCRx;
@@ -2501 +2573 @@
         pVmcbNstGstCache->fNestedPaging           = pVmcbNstGstCtrl->NestedPagingCtrl.n.u1NestedPaging;
         pVmcbNstGstCache->fLbrVirt                = pVmcbNstGstCtrl->LbrVirt.n.u1LbrVirt;
-        pCtx->hwvirt.svm.fHMCachedVmcb            = true;
+        pVmcbNstGstCache->fCacheValid             = true;
         Log4(("hmR0SvmCacheVmcbNested: Cached VMCB fields\n"));
     }
@@ -2519 +2591 @@
  * @param   pCtx            Pointer to the nested-guest-CPU context.
  */
-static void hmR0SvmSetupVmcbNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+static void hmR0SvmSetupVmcbNested(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     PSVMVMCB     pVmcbNstGst     = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
@@ -2591 +2663 @@
  * @remarks No-long-jump zone!!!
  */
-static int hmR0SvmLoadGuestStateNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+static int hmR0SvmLoadGuestStateNested(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     STAM_PROFILE_ADV_START(&pVCpu->hm.s.StatLoadGuestState, x);
@@ -2664 +2736 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmLoadSharedState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+static void hmR0SvmLoadSharedState(PVMCPU pVCpu, PSVMVMCB pVmcb, PCCPUMCTX pCtx)
 {
     Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
@@ -2699 +2771 @@
 
 /**
+ * Worker for SVMR0ImportStateOnDemand.
+ *
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pCtx    Pointer to the guest-CPU or nested-guest-CPU context.
+ * @param   fWhat   What to import, CPUMCTX_EXTRN_XXX.
+ */
+static void hmR0SvmImportGuestState(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat)
+{
+    PCSVMVMCB          pVmcb      = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    PCSVMVMCBSTATESAVE pVmcbGuest = &pVmcb->guest;
+    PCSVMVMCBCTRL      pVmcbCtrl  = &pVmcb->ctrl;
+
+    Log4(("hmR0SvmImportGuestState: fExtrn=%#RX64 fWhat=%#RX64\n", pCtx->fExtrn, fWhat));
+    if (pCtx->fExtrn & HMSVM_CPUMCTX_EXTRN_ALL)
+    {
+        fWhat &= pCtx->fExtrn;
+
+#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
+        if (fWhat & CPUMCTX_EXTRN_HWVIRT)
+        {
+            if (   !CPUMIsGuestInSvmNestedHwVirtMode(pCtx)
+                && pVmcbCtrl->IntCtrl.n.u1VGifEnable)
+            {
+                /* We don't yet support passing VGIF feature to the guest. */
+                Assert(pVCpu->CTX_SUFF(pVM)->hm.s.svm.fVGif);
+                pCtx->hwvirt.fGif = pVmcbCtrl->IntCtrl.n.u1VGif;
+            }
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_HWVIRT);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ)
+        {
+            if (  !pVmcbCtrl->IntCtrl.n.u1VIrqPending
+                && VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST);
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ);
+        }
+#else
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~(CPUMCTX_EXTRN_HWVIRT | CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ));
+#endif
+
+        if (fWhat & CPUMCTX_EXTRN_HM_SVM_INT_SHADOW)
+        {
+            if (pVmcbCtrl->IntShadow.n.u1IntShadow)
+                EMSetInhibitInterruptsPC(pVCpu, pVmcbGuest->u64RIP);
+            else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_HM_SVM_INT_SHADOW);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_RIP)
+        {
+            pCtx->rip = pVmcbGuest->u64RIP;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RIP);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_RFLAGS)
+        {
+            pCtx->eflags.u32 = pVmcbGuest->u64RFlags;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RFLAGS);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_RSP)
+        {
+            pCtx->rsp = pVmcbGuest->u64RSP;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RSP);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_RAX)
+        {
+            pCtx->rax = pVmcbGuest->u64RAX;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RAX);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_SREG_MASK)
+        {
+            if (fWhat & CPUMCTX_EXTRN_CS)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, CS, cs);
+                /*
+                 * Correct the hidden CS granularity bit. Haven't seen it being wrong in any other
+                 * register (yet).
+                 */
+                /** @todo SELM might need to be fixed as it too should not care about the
+                 *        granularity bit. See @bugref{6785}. */
+                if (   !pCtx->cs.Attr.n.u1Granularity
+                    &&  pCtx->cs.Attr.n.u1Present
+                    &&  pCtx->cs.u32Limit > UINT32_C(0xfffff))
+                {
+                    Assert((pCtx->cs.u32Limit & 0xfff) == 0xfff);
+                    pCtx->cs.Attr.n.u1Granularity = 1;
+                }
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, cs);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CS);
+            }
+            if (fWhat & CPUMCTX_EXTRN_SS)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, SS, ss);
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, ss);
+                /*
+                 * Sync the hidden SS DPL field. AMD CPUs have a separate CPL field in the VMCB and uses that
+                 * and thus it's possible that when the CPL changes during guest execution that the SS DPL
+                 * isn't updated by AMD-V. Observed on some AMD Fusion CPUs with 64-bit guests.
+                 * See AMD spec. 15.5.1 "Basic operation".
+                 */
+                Assert(!(pVmcbGuest->u8CPL & ~0x3));
+                uint8_t const uCpl = pVmcbGuest->u8CPL;
+                if (pCtx->ss.Attr.n.u2Dpl != uCpl)
+                    pCtx->ss.Attr.n.u2Dpl = uCpl & 0x3;
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SS);
+            }
+            if (fWhat & CPUMCTX_EXTRN_DS)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, DS, ds);
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, ds);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_DS);
+            }
+            if (fWhat & CPUMCTX_EXTRN_ES)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, ES, es);
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, es);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_ES);
+            }
+            if (fWhat & CPUMCTX_EXTRN_FS)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, FS, fs);
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, fs);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_FS);
+            }
+            if (fWhat & CPUMCTX_EXTRN_GS)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, GS, gs);
+                HMSVM_ASSERT_SEG_GRANULARITY(pCtx, gs);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_GS);
+            }
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_TABLE_MASK)
+        {
+            if (fWhat & CPUMCTX_EXTRN_TR)
+            {
+                /*
+                 * Fixup TR attributes so it's compatible with Intel. Important when saved-states
+                 * are used between Intel and AMD, see @bugref{6208#c39}.
+                 * ASSUME that it's normally correct and that we're in 32-bit or 64-bit mode.
+                 */
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, TR, tr);
+                if (pCtx->tr.Attr.n.u4Type != X86_SEL_TYPE_SYS_386_TSS_BUSY)
+                {
+                    if (   pCtx->tr.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
+                        || CPUMIsGuestInLongModeEx(pCtx))
+                        pCtx->tr.Attr.n.u4Type = X86_SEL_TYPE_SYS_386_TSS_BUSY;
+                    else if (pCtx->tr.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_AVAIL)
+                        pCtx->tr.Attr.n.u4Type = X86_SEL_TYPE_SYS_286_TSS_BUSY;
+                }
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_TR);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_LDTR)
+            {
+                HMSVM_SEG_REG_COPY_FROM_VMCB(pCtx, pVmcbGuest, LDTR, ldtr);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_LDTR);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_GDTR)
+            {
+                pCtx->gdtr.cbGdt = pVmcbGuest->GDTR.u32Limit;
+                pCtx->gdtr.pGdt  = pVmcbGuest->GDTR.u64Base;
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_GDTR);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_IDTR)
+            {
+                pCtx->idtr.cbIdt = pVmcbGuest->IDTR.u32Limit;
+                pCtx->idtr.pIdt  = pVmcbGuest->IDTR.u64Base;
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_IDTR);
+            }
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_SYSCALL_MSRS)
+        {
+            pCtx->msrSTAR   = pVmcbGuest->u64STAR;
+            pCtx->msrLSTAR  = pVmcbGuest->u64LSTAR;
+            pCtx->msrCSTAR  = pVmcbGuest->u64CSTAR;
+            pCtx->msrSFMASK = pVmcbGuest->u64SFMASK;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SYSCALL_MSRS);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_SYSENTER_MSRS)
+        {
+            pCtx->SysEnter.cs  = pVmcbGuest->u64SysEnterCS;
+            pCtx->SysEnter.eip = pVmcbGuest->u64SysEnterEIP;
+            pCtx->SysEnter.esp = pVmcbGuest->u64SysEnterESP;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SYSENTER_MSRS);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_KERNEL_GS_BASE)
+        {
+            pCtx->msrKERNELGSBASE = pVmcbGuest->u64KernelGSBase;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_KERNEL_GS_BASE);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_DR_MASK)
+        {
+            if (fWhat & CPUMCTX_EXTRN_DR6)
+            {
+                if (!pVCpu->hm.s.fUsingHyperDR7)
+                    pCtx->dr[6] = pVmcbGuest->u64DR6;
+                else
+                    CPUMSetHyperDR6(pVCpu, pVmcbGuest->u64DR6);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_DR6);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_DR7)
+            {
+                if (!pVCpu->hm.s.fUsingHyperDR7)
+                    pCtx->dr[7] = pVmcbGuest->u64DR7;
+                else
+                    Assert(pVmcbGuest->u64DR7 == CPUMGetHyperDR7(pVCpu));
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_DR7);
+            }
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_CR_MASK)
+        {
+            if (fWhat & CPUMCTX_EXTRN_CR0)
+            {
+                /* We intercept changes to all CR0 bits except maybe TS & MP bits. */
+                uint64_t const uCr0 = (pCtx->cr0          & ~(X86_CR0_TS | X86_CR0_MP))
+                                    | (pVmcbGuest->u64CR0 &  (X86_CR0_TS | X86_CR0_MP));
+                CPUMSetGuestCR0(pVCpu, uCr0);
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR0);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_CR2)
+            {
+                pCtx->cr2 = pVmcbGuest->u64CR2;
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR2);
+            }
+
+            if (fWhat & CPUMCTX_EXTRN_CR3)
+            {
+                if (   pVmcbCtrl->NestedPagingCtrl.n.u1NestedPaging
+                    && pCtx->cr3 != pVmcbGuest->u64CR3)
+                {
+                    CPUMSetGuestCR3(pVCpu, pVmcbGuest->u64CR3);
+                    if (VMMRZCallRing3IsEnabled(pVCpu))
+                    {
+                        Log4(("hmR0SvmImportGuestState: Calling PGMUpdateCR3\n"));
+                        PGMUpdateCR3(pVCpu, pVmcbGuest->u64CR3);
+                    }
+                    else
+                    {
+                        Log4(("hmR0SvmImportGuestState: Setting VMCPU_FF_HM_UPDATE_CR3\n"));
+                        VMCPU_FF_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3);
+                    }
+                }
+                ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR3);
+            }
+
+            /* Changes to CR4 are always intercepted. */
+        }
+
+        /* If everything has been imported, clear the HM keeper bit. */
+        if (!(pCtx->fExtrn & HMSVM_CPUMCTX_EXTRN_ALL))
+        {
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_KEEPER_HM);
+            Assert(!pCtx->fExtrn);
+        }
+    }
+    else
+        Assert(!pCtx->fExtrn);
+
+    /*
+     * Honor any pending CR3 updates.
+     *
+     * Consider this scenario: #VMEXIT -> VMMRZCallRing3Enable() -> do stuff that causes a longjmp
+     * -> hmR0SvmCallRing3Callback() -> VMMRZCallRing3Disable() -> hmR0SvmImportGuestState()
+     * -> Sets VMCPU_FF_HM_UPDATE_CR3 pending -> return from the longjmp -> continue with #VMEXIT
+     * handling -> hmR0SvmImportGuestState() and here we are.
+     *
+     * The reason for such complicated handling is because VM-exits that call into PGM expect CR3 to be
+     * up-to-date and thus any CR3-saves -before- the VM-exit (longjmp) would've postponed the CR3
+     * update via the force-flag and cleared CR3 from fExtrn. Any SVM R0 VM-exit handler that requests
+     * CR3 to be saved will end up here and we call PGMUpdateCR3().
+     *
+     * The longjmp exit path can't check these CR3 force-flags and call code that takes a lock again,
+     * and does not process force-flag like regular exits to ring-3 either, we cover for it here.
+     */
+    if (   VMMRZCallRing3IsEnabled(pVCpu)
+        && VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3))
+    {
+        Assert(pCtx->cr3 == pVmcbGuest->u64CR3);
+        PGMUpdateCR3(pVCpu, pCtx->cr3);
+    }
+}
+
+
+/**
  * Saves the guest (or nested-guest) state from the VMCB into the guest-CPU
  * context.
@@ -2706 +3077 @@
  *
  * @returns VBox status code.
- * @param   pVCpu           The cross context virtual CPU structure.
- * @param   pMixedCtx       Pointer to the guest-CPU or nested-guest-CPU
- *                          context. The data may be out-of-sync. Make sure to
- *                          update the required fields before using them.
- * @param   pVmcb           Pointer to the VM control block.
- */
-static void hmR0SvmSaveGuestState(PVMCPU pVCpu, PCPUMCTX pMixedCtx, PCSVMVMCB pVmcb)
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pCtx    Pointer to the guest-CPU or nested-guest-CPU context. The
+ *                  data may be out-of-sync. Make sure to update the required
+ *                  fields before using them.
+ * @param   fWhat   What to import, CPUMCTX_EXTRN_XXX.
+ */
+VMMR0DECL(int) SVMR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat)
+{
+    hmR0SvmImportGuestState(pVCpu, pCtx, fWhat);
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Saves the guest (or nested-guest) state from the VMCB into the guest-CPU
+ * context.
+ *
+ * Currently there is no residual state left in the CPU that is not updated in the
+ * VMCB.
+ *
+ * @returns VBox status code.
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pCtx    Pointer to the guest-CPU or nested-guest-CPU context. The
+ *                  data may be out-of-sync. Make sure to update the required
+ *                  fields before using them.
+ * @param   pVmcb   Pointer to the VM control block.
+ */
+static void hmR0SvmSaveGuestState(PVMCPU pVCpu, PCPUMCTX pCtx, PCSVMVMCB pVmcb)
 {
     Assert(VMMRZCallRing3IsEnabled(pVCpu));
 
-    pMixedCtx->rip        = pVmcb->guest.u64RIP;
-    pMixedCtx->rsp        = pVmcb->guest.u64RSP;
-    pMixedCtx->eflags.u32 = pVmcb->guest.u64RFlags;
-    pMixedCtx->rax        = pVmcb->guest.u64RAX;
-
-    PCSVMVMCBCTRL pVmcbCtrl = &pVmcb->ctrl;
-#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
-    if (!CPUMIsGuestInSvmNestedHwVirtMode(pMixedCtx))
-    {
-        if (pVmcbCtrl->IntCtrl.n.u1VGifEnable)
-        {
-            /*
-             * Guest Virtual GIF (Global Interrupt Flag).
-             * We don't yet support passing VGIF feature to the guest.
-             */
-            Assert(pVCpu->CTX_SUFF(pVM)->hm.s.svm.fVGif);
-            pMixedCtx->hwvirt.fGif = pVmcbCtrl->IntCtrl.n.u1VGif;
-        }
-    }
-    else
-    {
-        /*
-         * Nested-guest interrupt pending.
-         * Sync nested-guest's V_IRQ and its force-flag.
-         */
-        if (  !pVmcbCtrl->IntCtrl.n.u1VIrqPending
-            && VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST))
-            VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST);
-    }
-#endif
-
     /*
-     * Guest interrupt shadow.
+     * Always import the following:
+     *
+     *   - RIP, RFLAGS, int. shadow, GIF: we need them when as we evaluate
+     *     injecting events before re-entering guest execution.
+     *
+     *   - GPRS: Only RAX, RSP are in the VMCB. All the other GPRs are swapped
+     *     by the assembly switcher code. Import these two always just to simplify
+     *     assumptions on GPRs.
+     *
+     *   - SREG: We load them all together so we have to save all of them.
+     *
+     *   - KERNEL_GS_BASE, SYSCALL MSRS: We don't have a HM_CHANGED_GUEST flag
+     *     for it yet
      */
-    if (pVmcbCtrl->IntShadow.n.u1IntShadow)
-        EMSetInhibitInterruptsPC(pVCpu, pMixedCtx->rip);
-    else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
-        VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
-
-    /*
-     * Guest control registers: CR0, CR2, CR3 (handled at the end).
-     * Accesses to other control registers are always intercepted.
-     */
-    pMixedCtx->cr2 = pVmcb->guest.u64CR2;
-
-    /* If we're not intercepting changes to CR0 TS & MP bits, sync those bits here. */
-    if (!(pVmcbCtrl->u16InterceptWrCRx & RT_BIT(0)))
-    {
-        pMixedCtx->cr0 = (pMixedCtx->cr0      & ~(X86_CR0_TS | X86_CR0_MP))
-                       | (pVmcb->guest.u64CR0 &  (X86_CR0_TS | X86_CR0_MP));
-    }
-
-    /*
-     * Guest MSRs.
-     */
-    pMixedCtx->msrSTAR         = pVmcb->guest.u64STAR;            /* legacy syscall eip, cs & ss */
-    pMixedCtx->msrLSTAR        = pVmcb->guest.u64LSTAR;           /* 64-bit mode syscall rip */
-    pMixedCtx->msrCSTAR        = pVmcb->guest.u64CSTAR;           /* compatibility mode syscall rip */
-    pMixedCtx->msrSFMASK       = pVmcb->guest.u64SFMASK;          /* syscall flag mask */
-    pMixedCtx->msrKERNELGSBASE = pVmcb->guest.u64KernelGSBase;    /* swapgs exchange value */
-    pMixedCtx->SysEnter.cs     = pVmcb->guest.u64SysEnterCS;
-    pMixedCtx->SysEnter.eip    = pVmcb->guest.u64SysEnterEIP;
-    pMixedCtx->SysEnter.esp    = pVmcb->guest.u64SysEnterESP;
-
-    /*
-     * Guest segment registers (includes FS, GS base MSRs for 64-bit guests).
-     */
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, CS, cs);
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, SS, ss);
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, DS, ds);
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, ES, es);
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, FS, fs);
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, GS, gs);
-
-    /*
-     * Correct the hidden CS granularity bit. Haven't seen it being wrong in any other
-     * register (yet).
-     */
-    /** @todo SELM might need to be fixed as it too should not care about the
-     *        granularity bit. See @bugref{6785}. */
-    if (   !pMixedCtx->cs.Attr.n.u1Granularity
-        && pMixedCtx->cs.Attr.n.u1Present
-        && pMixedCtx->cs.u32Limit > UINT32_C(0xfffff))
-    {
-        Assert((pMixedCtx->cs.u32Limit & 0xfff) == 0xfff);
-        pMixedCtx->cs.Attr.n.u1Granularity = 1;
-    }
-
-    HMSVM_ASSERT_SEG_GRANULARITY(cs);
-    HMSVM_ASSERT_SEG_GRANULARITY(ss);
-    HMSVM_ASSERT_SEG_GRANULARITY(ds);
-    HMSVM_ASSERT_SEG_GRANULARITY(es);
-    HMSVM_ASSERT_SEG_GRANULARITY(fs);
-    HMSVM_ASSERT_SEG_GRANULARITY(gs);
-
-    /*
-     * Sync the hidden SS DPL field. AMD CPUs have a separate CPL field in the VMCB and uses that
-     * and thus it's possible that when the CPL changes during guest execution that the SS DPL
-     * isn't updated by AMD-V. Observed on some AMD Fusion CPUs with 64-bit guests.
-     * See AMD spec. 15.5.1 "Basic operation".
-     */
-    Assert(!(pVmcb->guest.u8CPL & ~0x3));
-    uint8_t const uCpl = pVmcb->guest.u8CPL;
-    if (pMixedCtx->ss.Attr.n.u2Dpl != uCpl)
-    {
-        Log4(("hmR0SvmSaveGuestState: CPL differs. SS.DPL=%u, CPL=%u, overwriting SS.DPL!\n", pMixedCtx->ss.Attr.n.u2Dpl, uCpl));
-        pMixedCtx->ss.Attr.n.u2Dpl = pVmcb->guest.u8CPL & 0x3;
-    }
-
-    /*
-     * Guest TR.
-     * Fixup TR attributes so it's compatible with Intel. Important when saved-states are used
-     * between Intel and AMD. See @bugref{6208#c39}.
-     * ASSUME that it's normally correct and that we're in 32-bit or 64-bit mode.
-     */
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, TR, tr);
-    if (pMixedCtx->tr.Attr.n.u4Type != X86_SEL_TYPE_SYS_386_TSS_BUSY)
-    {
-        if (   pMixedCtx->tr.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
-            || CPUMIsGuestInLongModeEx(pMixedCtx))
-            pMixedCtx->tr.Attr.n.u4Type = X86_SEL_TYPE_SYS_386_TSS_BUSY;
-        else if (pMixedCtx->tr.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_AVAIL)
-            pMixedCtx->tr.Attr.n.u4Type = X86_SEL_TYPE_SYS_286_TSS_BUSY;
-    }
-
-    /*
-     * Guest Descriptor-Table registers (GDTR, IDTR, LDTR).
-     */
-    HMSVM_SEG_REG_COPY_FROM_VMCB(pMixedCtx, &pVmcb->guest, LDTR, ldtr);
-    pMixedCtx->gdtr.cbGdt = pVmcb->guest.GDTR.u32Limit;
-    pMixedCtx->gdtr.pGdt  = pVmcb->guest.GDTR.u64Base;
-
-    pMixedCtx->idtr.cbIdt = pVmcb->guest.IDTR.u32Limit;
-    pMixedCtx->idtr.pIdt  = pVmcb->guest.IDTR.u64Base;
-
-    /*
-     * Guest Debug registers.
-     */
-    if (!pVCpu->hm.s.fUsingHyperDR7)
-    {
-        pMixedCtx->dr[6] = pVmcb->guest.u64DR6;
-        pMixedCtx->dr[7] = pVmcb->guest.u64DR7;
-    }
-    else
-    {
-        Assert(pVmcb->guest.u64DR7 == CPUMGetHyperDR7(pVCpu));
-        CPUMSetHyperDR6(pVCpu, pVmcb->guest.u64DR6);
-    }
-
-    /*
-     * With Nested Paging, CR3 changes are not intercepted. Therefore, sync. it now.
-     * This is done as the very last step of syncing the guest state, as PGMUpdateCR3() may cause longjmp's to ring-3.
-     */
-    if (   pVmcbCtrl->NestedPagingCtrl.n.u1NestedPaging
-        && pMixedCtx->cr3 != pVmcb->guest.u64CR3)
-    {
-        CPUMSetGuestCR3(pVCpu, pVmcb->guest.u64CR3);
-        PGMUpdateCR3(pVCpu,    pVmcb->guest.u64CR3);
-    }
-
-#ifdef VBOX_STRICT
-    if (CPUMIsGuestInSvmNestedHwVirtMode(pMixedCtx))
-        hmR0SvmLogState(pVCpu, pVmcb, pMixedCtx, "hmR0SvmSaveGuestStateNested", HMSVM_LOG_ALL & ~HMSVM_LOG_LBR, 0 /* uVerbose */);
+    /** @todo Extend HM_CHANGED_GUEST_xxx so that we avoid saving segment
+     *        registers, kernel GS base and other MSRs each time. */
+    hmR0SvmImportGuestState(pVCpu, pCtx,   CPUMCTX_EXTRN_RIP
+                                         | CPUMCTX_EXTRN_SYSCALL_MSRS
+                                         | CPUMCTX_EXTRN_KERNEL_GS_BASE
+                                         | CPUMCTX_EXTRN_RFLAGS
+                                         | CPUMCTX_EXTRN_RAX
+                                         | CPUMCTX_EXTRN_SREG_MASK
+                                         | CPUMCTX_EXTRN_RSP
+                                         | CPUMCTX_EXTRN_HWVIRT
+                                         | CPUMCTX_EXTRN_HM_SVM_INT_SHADOW
+                                         | CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ);
+
+#ifdef DEBUG_ramshankar
+    if (CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
+    {
+        hmR0SvmImportGuestState(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+        hmR0SvmLogState(pVCpu, pVmcb, pCtx, "hmR0SvmSaveGuestStateNested", HMSVM_LOG_ALL & ~HMSVM_LOG_LBR, 0 /* uVerbose */);
+    }
+#else
+    RT_NOREF(pVmcb);
 #endif
 }
@@ -2887 +3152 @@
  * (longjmp, preemption, voluntary exits to ring-3) from AMD-V.
  *
- * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   pVCpu           The cross context virtual CPU structure.
+ * @param   fImportState    Whether to import the guest state from the VMCB back
+ *                          to the guest-CPU context.
  *
  * @remarks No-long-jmp zone!!!
  */
-static void hmR0SvmLeave(PVMCPU pVCpu)
+static void hmR0SvmLeave(PVMCPU pVCpu, bool fImportState)
 {
     Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
@@ -2902 +3169 @@
      */
 
+    /* Save the guest state if necessary. */
+    if (fImportState)
+        hmR0SvmImportGuestState(pVCpu, &pVCpu->cpum.GstCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+
     /* Restore host FPU state if necessary and resync on next R0 reentry .*/
-    if (CPUMR0FpuStateMaybeSaveGuestAndRestoreHost(pVCpu))
-        HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0); /** @todo r=ramshankar: This shouldn't be necessary, it's set in HMR0EnterCpu. */
+    CPUMR0FpuStateMaybeSaveGuestAndRestoreHost(pVCpu);
 
     /*
@@ -2917 +3187 @@
     }
 #endif
-    if (CPUMR0DebugStateMaybeSaveGuestAndRestoreHost(pVCpu, false /* save DR6 */))
-        HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_DEBUG);/** @todo r=ramshankar: This shouldn't be necessary, it's set in HMR0EnterCpu. */
+    CPUMR0DebugStateMaybeSaveGuestAndRestoreHost(pVCpu, false /* save DR6 */);
 
     Assert(!CPUMIsHyperDebugStateActive(pVCpu));
@@ -2936 +3205 @@
  * Leaves the AMD-V session.
  *
+ * Only used while returning to ring-3 either due to longjump or exits to
+ * ring-3.
+ *
  * @returns VBox status code.
  * @param   pVCpu       The cross context virtual CPU structure.
@@ -2949 +3221 @@
     if (!pVCpu->hm.s.fLeaveDone)
     {
-        hmR0SvmLeave(pVCpu);
+        hmR0SvmLeave(pVCpu, true /* fImportState */);
         pVCpu->hm.s.fLeaveDone = true;
     }
@@ -3129 +3401 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmUpdateTscOffsetting(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb)
+static void hmR0SvmUpdateTscOffsetting(PVM pVM, PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMVMCB pVmcb)
 {
     /*
@@ -3249 +3521 @@
 
     /* Update CR2 of the guest. */
+    HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR2);
     if (pCtx->cr2 != uFaultAddress)
     {
@@ -3300 +3573 @@
  * @param   pVCpu       The cross context virtual CPU structure.
  * @param   pVmcb       Pointer to the guest VM control block.
- * @param   pCtx        Pointer to the guest-CPU context.
  * @param   pEvent      Pointer to the event.
  *
@@ -3306 +3578 @@
  * @remarks Requires CR0!
  */
-DECLINLINE(void) hmR0SvmInjectEventVmcb(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx, PSVMEVENT pEvent)
-{
-    NOREF(pVCpu); NOREF(pCtx);
-
+DECLINLINE(void) hmR0SvmInjectEventVmcb(PVMCPU pVCpu, PSVMVMCB pVmcb, PSVMEVENT pEvent)
+{
     Assert(!pVmcb->ctrl.EventInject.n.u1Valid);
     pVmcb->ctrl.EventInject.u = pEvent->u;
@@ -3442 +3712 @@
  * @remarks Has side-effects with VMCPU_FF_INHIBIT_INTERRUPTS force-flag.
  */
-DECLINLINE(bool) hmR0SvmIsIntrShadowActive(PVMCPU pVCpu, PCPUMCTX pCtx)
+DECLINLINE(bool) hmR0SvmIsIntrShadowActive(PVMCPU pVCpu, PCCPUMCTX pCtx)
 {
     /*
@@ -3550 +3820 @@
 {
     HMSVM_ASSERT_IN_NESTED_GUEST(pCtx);
+    HMSVM_CPUMCTX_ASSERT(pVCpu,   CPUMCTX_EXTRN_HWVIRT
+                                | CPUMCTX_EXTRN_RFLAGS
+                                | CPUMCTX_EXTRN_HM_SVM_INT_SHADOW
+                                | CPUMCTX_EXTRN_HM_SVM_HWVIRT_VIRQ);
 
     Assert(!pVCpu->hm.s.Event.fPending);
@@ -3560 +3834 @@
     bool const fBlockNmi   = VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS);
 
-    Log4Func(("fVirtualGif=%RTbool fBlockNmi=%RTbool fIntShadow=%RTbool Intr. pending=%RTbool NMI pending=%RTbool\n",
+    Log4Func(("fVirtualGif=%RTbool fBlockNmi=%RTbool fIntShadow=%RTbool fIntrPending=%RTbool fNmiPending=%RTbool\n",
               fVirtualGif, fBlockNmi, fIntShadow, VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC),
               VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI)));
@@ -3580 +3854 @@
             {
                 Log4(("Intercepting NMI -> #VMEXIT\n"));
+                HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
                 return IEMExecSvmVmexit(pVCpu, SVM_EXIT_NMI, 0, 0);
             }
@@ -3620 +3895 @@
             {
                 Log4(("Intercepting INTR -> #VMEXIT\n"));
+                HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
                 return IEMExecSvmVmexit(pVCpu, SVM_EXIT_INTR, 0, 0);
             }
@@ -3666 +3942 @@
 {
     HMSVM_ASSERT_NOT_IN_NESTED_GUEST(pCtx);
+    HMSVM_CPUMCTX_ASSERT(pVCpu,   CPUMCTX_EXTRN_HWVIRT
+                                | CPUMCTX_EXTRN_RFLAGS
+                                | CPUMCTX_EXTRN_HM_SVM_INT_SHADOW);
+
     Assert(!pVCpu->hm.s.Event.fPending);
     PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
@@ -3764 +4044 @@
  *          prematurely.
  */
-static void hmR0SvmInjectPendingEvent(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb)
+static void hmR0SvmInjectPendingEvent(PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMVMCB pVmcb)
 {
     Assert(!TRPMHasTrap(pVCpu));
@@ -3825 +4105 @@
          */
         Log4(("Injecting pending HM event\n"));
-        hmR0SvmInjectEventVmcb(pVCpu, pVmcb, pCtx, &Event);
+        hmR0SvmInjectEventVmcb(pVCpu, pVmcb, &Event);
         pVCpu->hm.s.Event.fPending = false;
 
@@ -3869 +4149 @@
     HMSVM_ASSERT_PREEMPT_SAFE();
     HMSVM_ASSERT_NOT_IN_NESTED_GUEST(pCtx);
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+
     PCSVMVMCB pVmcb = pVCpu->hm.s.svm.pVmcb;
-
     if (rcVMRun == VERR_SVM_INVALID_GUEST_STATE)
     {
@@ -4027 +4308 @@
 {
     Assert(VMMRZCallRing3IsEnabled(pVCpu));
-
-    /* On AMD-V we don't need to update CR3, PAE PDPES lazily. See hmR0SvmSaveGuestState(). */
+    Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES));
     Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3));
-    Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES));
+
+    /* Could happen as a result of longjump. */
+    if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3))
+    {
+        Assert(!(pCtx->fExtrn & CPUMCTX_EXTRN_CR3));
+        PGMUpdateCR3(pVCpu, CPUMGetGuestCR3(pVCpu));
+    }
 
     /* Update pending interrupts into the APIC's IRR. */
@@ -4157 +4443 @@
 
     /* Ensure we've cached (and hopefully modified) the VMCB for execution using hardware-assisted SVM. */
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb);
+    Assert(pVCpu->hm.s.svm.NstGstVmcbCache.fCacheValid);
 
     /*
@@ -4260 +4546 @@
     if (pVCpu->hm.s.svm.fSyncVTpr)
     {
+        PCSVMVMCB pVmcb = pVCpu->hm.s.svm.pVmcb;
         if (pVM->hm.s.fTPRPatchingActive)
-            pSvmTransient->u8GuestTpr = pCtx->msrLSTAR;
+            pSvmTransient->u8GuestTpr = pVmcb->guest.u64LSTAR;
         else
-        {
-            PCSVMVMCB pVmcb = pVCpu->hm.s.svm.pVmcb;
             pSvmTransient->u8GuestTpr = pVmcb->ctrl.IntCtrl.n.u8VTPR;
-        }
     }
 
@@ -4323 +4607 @@
  * @remarks No-long-jump zone!!!
  */
-static void hmR0SvmPreRunGuestCommitted(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient)
+static void hmR0SvmPreRunGuestCommitted(PVMCPU pVCpu, PCCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient)
 {
     Assert(!VMMRZCallRing3IsEnabled(pVCpu));
@@ -4455 +4739 @@
 DECLINLINE(int) hmR0SvmRunGuest(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
 {
+    /* Mark that HM is the keeper of all guest-CPU registers now that we're going to execute guest code. */
+    pCtx->fExtrn |= HMSVM_CPUMCTX_EXTRN_ALL | CPUMCTX_EXTRN_KEEPER_HM;
+
     /*
      * 64-bit Windows uses XMM registers in the kernel as the Microsoft compiler expresses floating-point operations
@@ -4471 +4758 @@
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
 /**
- * Undoes the TSC offset applied for an SVM nested-guest and returns the TSC
- * value for the guest.
- *
- * @returns The TSC offset after undoing any nested-guest TSC offset.
- * @param   pVCpu       The cross context virtual CPU structure of the calling EMT.
- * @param   uTicks      The nested-guest TSC.
- *
- * @note    If you make any changes to this function, please check if
- *          hmR0SvmNstGstUndoTscOffset() needs adjusting.
- *
- * @sa      HMSvmNstGstApplyTscOffset().
- */
-DECLINLINE(uint64_t) hmR0SvmNstGstUndoTscOffset(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t uTicks)
-{
-    Assert(pCtx->hwvirt.svm.fHMCachedVmcb); RT_NOREF(pCtx);
-    PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
-    return uTicks - pVmcbNstGstCache->u64TSCOffset;
-}
-
-
-/**
  * Wrapper for running the nested-guest code in AMD-V.
  *
@@ -4503 +4769 @@
 DECLINLINE(int) hmR0SvmRunGuestNested(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
 {
+    /* Mark that HM is the keeper of all guest-CPU registers now that we're going to execute guest code. */
+    pCtx->fExtrn |= HMSVM_CPUMCTX_EXTRN_ALL | CPUMCTX_EXTRN_KEEPER_HM;
+
     /*
      * 64-bit Windows uses XMM registers in the kernel as the Microsoft compiler expresses floating-point operations
@@ -4515 +4784 @@
 #endif
 }
+
+
+/**
+ * Undoes the TSC offset applied for an SVM nested-guest and returns the TSC
+ * value for the guest.
+ *
+ * @returns The TSC offset after undoing any nested-guest TSC offset.
+ * @param   pVCpu       The cross context virtual CPU structure of the calling EMT.
+ * @param   uTicks      The nested-guest TSC.
+ *
+ * @note    If you make any changes to this function, please check if
+ *          hmR0SvmNstGstUndoTscOffset() needs adjusting.
+ *
+ * @sa      HMSvmNstGstApplyTscOffset().
+ */
+DECLINLINE(uint64_t) hmR0SvmNstGstUndoTscOffset(PVMCPU pVCpu, uint64_t uTicks)
+{
+    PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
+    Assert(pVmcbNstGstCache->fCacheValid);
+    return uTicks - pVmcbNstGstCache->u64TSCOffset;
+}
 #endif
 
@@ -4522 +4812 @@
  *
  * @param   pVCpu           The cross context virtual CPU structure.
- * @param   pMixedCtx       Pointer to the guest-CPU context. The data maybe
+ * @param   pCtx       Pointer to the guest-CPU context. The data maybe
  *                          out-of-sync. Make sure to update the required fields
  *                          before using them.
@@ -4532 +4822 @@
  *          unconditionally when it is safe to do so.
  */
-static void hmR0SvmPostRunGuest(PVMCPU pVCpu, PCPUMCTX pMixedCtx, PSVMTRANSIENT pSvmTransient, int rcVMRun)
+static void hmR0SvmPostRunGuest(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient, int rcVMRun)
 {
     Assert(!VMMRZCallRing3IsEnabled(pVCpu));
@@ -4552 +4842 @@
         {
             /* The nested-guest VMCB TSC offset shall eventually be restored on #VMEXIT via HMSvmNstGstVmExitNotify(). */
-            uint64_t const uGstTsc = hmR0SvmNstGstUndoTscOffset(pVCpu, pMixedCtx, uHostTsc + pVmcbCtrl->u64TSCOffset);
+            uint64_t const uGstTsc = hmR0SvmNstGstUndoTscOffset(pVCpu, uHostTsc + pVmcbCtrl->u64TSCOffset);
             TMCpuTickSetLastSeen(pVCpu, uGstTsc);
         }
@@ -4581 +4871 @@
     }
 
-    pSvmTransient->u64ExitCode  = pVmcbCtrl->u64ExitCode;       /* Save the #VMEXIT reason. */
+    pSvmTransient->u64ExitCode        = pVmcbCtrl->u64ExitCode; /* Save the #VMEXIT reason. */
     pVmcbCtrl->u32VmcbCleanBits       = HMSVM_VMCB_CLEAN_ALL;   /* Mark the VMCB-state cache as unmodified by VMM. */
     pSvmTransient->fVectoringDoublePF = false;                  /* Vectoring double page-fault needs to be determined later. */
     pSvmTransient->fVectoringPF       = false;                  /* Vectoring page-fault needs to be determined later. */
 
-    hmR0SvmSaveGuestState(pVCpu, pMixedCtx, pVmcb);             /* Save the guest state from the VMCB to the guest-CPU context. */
+    hmR0SvmSaveGuestState(pVCpu, pCtx, pVmcb);                  /* Save the guest state from the VMCB to the guest-CPU context. */
 
     if (   pSvmTransient->u64ExitCode != SVM_EXIT_INVALID
@@ -4594 +4884 @@
         /* TPR patching (for 32-bit guests) uses LSTAR MSR for holding the TPR value, otherwise uses the VTPR. */
         if (   pVCpu->CTX_SUFF(pVM)->hm.s.fTPRPatchingActive
-            && (pMixedCtx->msrLSTAR & 0xff) != pSvmTransient->u8GuestTpr)
-        {
-            int rc = APICSetTpr(pVCpu, pMixedCtx->msrLSTAR & 0xff);
+            && (pVmcb->guest.u64LSTAR & 0xff) != pSvmTransient->u8GuestTpr)
+        {
+            int rc = APICSetTpr(pVCpu, pVmcb->guest.u64LSTAR & 0xff);
             AssertRC(rc);
             HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_APIC_STATE);
@@ -4609 +4899 @@
     }
 
+    HMSVM_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP);
     EMHistoryAddExit(pVCpu, EMEXIT_MAKE_FLAGS_AND_TYPE(EMEXIT_F_KIND_SVM, pSvmTransient->u64ExitCode & EMEXIT_F_TYPE_MASK),
-                     pMixedCtx->cs.u64Base + pMixedCtx->rip, uHostTsc);
+                     pCtx->cs.u64Base + pCtx->rip, uHostTsc);
 }
 
@@ -4858 +5149 @@
 
             /* Invalid nested-guest state. Cause a #VMEXIT but assert on strict builds. */
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
             AssertMsgFailed(("Invalid nested-guest state. rc=%Rrc u64ExitCode=%#RX64\n", rc, SvmTransient.u64ExitCode));
             rc = VBOXSTRICTRC_TODO(IEMExecSvmVmexit(pVCpu, SVM_EXIT_INVALID, 0, 0));
@@ -4979 +5271 @@
     Assert(pSvmTransient->u64ExitCode <= SVM_EXIT_MAX);
 
-#define HM_SVM_VMEXIT_NESTED(a_pVCpu, a_uExitCode, a_uExitInfo1, a_uExitInfo2) \
-            VBOXSTRICTRC_TODO(IEMExecSvmVmexit(a_pVCpu, a_uExitCode, a_uExitInfo1, a_uExitInfo2))
+    /** @todo Use IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK instead of
+     *        HMSVM_CPUMCTX_EXTRN_ALL below. See todo in
+     *        HMSvmNstGstVmExitNotify(). */
+#define NST_GST_VMEXIT_CALL_RET(a_pVCpu, a_pCtx, a_uExitCode, a_uExitInfo1, a_uExitInfo2) \
+    do { \
+        HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL); \
+        return VBOXSTRICTRC_TODO(IEMExecSvmVmexit((a_pVCpu), (a_uExitCode), (a_uExitInfo1), (a_uExitInfo2))); \
+    } while (0)
 
     /*
@@ -4986 +5284 @@
      * by the nested-guest. If it isn't, it should be handled by the (outer) guest.
      */
-    PSVMVMCB            pVmcbNstGst      = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
-    PSVMVMCBCTRL        pVmcbNstGstCtrl  = &pVmcbNstGst->ctrl;
-    uint64_t const      uExitCode        = pVmcbNstGstCtrl->u64ExitCode;
-    uint64_t const      uExitInfo1       = pVmcbNstGstCtrl->u64ExitInfo1;
-    uint64_t const      uExitInfo2       = pVmcbNstGstCtrl->u64ExitInfo2;
+    PSVMVMCB       pVmcbNstGst     = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
+    PSVMVMCBCTRL   pVmcbNstGstCtrl = &pVmcbNstGst->ctrl;
+    uint64_t const uExitCode       = pVmcbNstGstCtrl->u64ExitCode;
+    uint64_t const uExitInfo1      = pVmcbNstGstCtrl->u64ExitInfo1;
+    uint64_t const uExitInfo2      = pVmcbNstGstCtrl->u64ExitInfo2;
 
     Assert(uExitCode == pVmcbNstGstCtrl->u64ExitCode);
@@ -4997 +5295 @@
         case SVM_EXIT_CPUID:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_CPUID))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_CPUID))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitCpuid(pVCpu, pCtx, pSvmTransient);
         }
@@ -5004 +5302 @@
         case SVM_EXIT_RDTSC:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_RDTSC))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_RDTSC))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitRdtsc(pVCpu, pCtx, pSvmTransient);
         }
@@ -5011 +5309 @@
         case SVM_EXIT_RDTSCP:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_RDTSCP))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_RDTSCP))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitRdtscp(pVCpu, pCtx, pSvmTransient);
         }
@@ -5018 +5316 @@
         case SVM_EXIT_MONITOR:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_MONITOR))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_MONITOR))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitMonitor(pVCpu, pCtx, pSvmTransient);
         }
@@ -5025 +5323 @@
         case SVM_EXIT_MWAIT:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_MWAIT))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_MWAIT))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitMwait(pVCpu, pCtx, pSvmTransient);
         }
@@ -5032 +5330 @@
         case SVM_EXIT_HLT:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_HLT))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_HLT))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitHlt(pVCpu, pCtx, pSvmTransient);
         }
@@ -5039 +5337 @@
         case SVM_EXIT_MSR:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_MSR_PROT))
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_MSR_PROT))
             {
                 uint32_t const idMsr = pCtx->ecx;
@@ -5058 +5356 @@
                         || (fInterceptRead  && pVmcbNstGstCtrl->u64ExitInfo1 == SVM_EXIT1_MSR_READ))
                     {
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     }
                 }
@@ -5068 +5366 @@
                      */
                     Assert(rc == VERR_OUT_OF_RANGE);
-                    return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                 }
             }
@@ -5076 +5374 @@
         case SVM_EXIT_IOIO:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_IOIO_PROT))
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_IOIO_PROT))
             {
                 void *pvIoBitmap = pCtx->hwvirt.svm.CTX_SUFF(pvIoBitmap);
@@ -5083 +5381 @@
                 bool const fIntercept = hmR0SvmIsIoInterceptActive(pvIoBitmap, &IoExitInfo);
                 if (fIntercept)
-                    return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             }
             return hmR0SvmExitIOInstr(pVCpu, pCtx, pSvmTransient);
@@ -5097 +5395 @@
 
                 /* If the nested-guest is intercepting #PFs, cause a #PF #VMEXIT. */
-                if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_PF))
-                    return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, u32ErrCode, uFaultAddress);
+                if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_PF))
+                    NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, u32ErrCode, uFaultAddress);
 
                 /* If the nested-guest is not intercepting #PFs, forward the #PF to the guest. */
+                HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, CPUMCTX_EXTRN_CR2);
                 hmR0SvmSetPendingXcptPF(pVCpu, pCtx, u32ErrCode, uFaultAddress);
                 return VINF_SUCCESS;
@@ -5109 +5408 @@
         case SVM_EXIT_XCPT_UD:
         {
-            if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_UD))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_UD))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             hmR0SvmSetPendingXcptUD(pVCpu);
             return VINF_SUCCESS;
@@ -5117 +5416 @@
         case SVM_EXIT_XCPT_MF:
         {
-            if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_MF))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_MF))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitXcptMF(pVCpu, pCtx, pSvmTransient);
         }
@@ -5124 +5423 @@
         case SVM_EXIT_XCPT_DB:
         {
-            if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_DB))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_DB))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmNestedExitXcptDB(pVCpu, pCtx, pSvmTransient);
         }
@@ -5131 +5430 @@
         case SVM_EXIT_XCPT_AC:
         {
-            if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_AC))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_AC))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitXcptAC(pVCpu, pCtx, pSvmTransient);
         }
@@ -5138 +5437 @@
         case SVM_EXIT_XCPT_BP:
         {
-            if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_BP))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_BP))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmNestedExitXcptBP(pVCpu, pCtx, pSvmTransient);
         }
@@ -5148 +5447 @@
         {
             uint8_t const uCr = uExitCode - SVM_EXIT_READ_CR0;
-            if (HMIsGuestSvmReadCRxInterceptSet(pVCpu, pCtx, uCr))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmReadCRxInterceptSet(pVCpu, uCr))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitReadCRx(pVCpu, pCtx, pSvmTransient);
         }
@@ -5155 +5454 @@
         case SVM_EXIT_CR0_SEL_WRITE:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_CR0_SEL_WRITE))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_CR0_SEL_WRITE))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitWriteCRx(pVCpu, pCtx, pSvmTransient);
         }
@@ -5168 +5467 @@
             Log4(("hmR0SvmHandleExitNested: Write CR%u: uExitInfo1=%#RX64 uExitInfo2=%#RX64\n", uCr, uExitInfo1, uExitInfo2));
 
-            if (HMIsGuestSvmWriteCRxInterceptSet(pVCpu, pCtx, uCr))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmWriteCRxInterceptSet(pVCpu, uCr))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitWriteCRx(pVCpu, pCtx, pSvmTransient);
         }
@@ -5175 +5474 @@
         case SVM_EXIT_PAUSE:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_PAUSE))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_PAUSE))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitPause(pVCpu, pCtx, pSvmTransient);
         }
@@ -5182 +5481 @@
         case SVM_EXIT_VINTR:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VINTR))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_VINTR))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitUnexpected(pVCpu, pCtx, pSvmTransient);
         }
@@ -5189 +5488 @@
         case SVM_EXIT_INTR:
         case SVM_EXIT_NMI:
-        case SVM_EXIT_XCPT_NMI: /* Shouldn't ever happen, SVM_EXIT_NMI is used instead. */
         case SVM_EXIT_SMI:
+        case SVM_EXIT_XCPT_NMI:     /* Should not occur, SVM_EXIT_NMI is used instead. */
         {
             /*
@@ -5204 +5503 @@
         case SVM_EXIT_FERR_FREEZE:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_FERR_FREEZE))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_FERR_FREEZE))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitFerrFreeze(pVCpu, pCtx, pSvmTransient);
         }
@@ -5211 +5510 @@
         case SVM_EXIT_INVLPG:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_INVLPG))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_INVLPG))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitInvlpg(pVCpu, pCtx, pSvmTransient);
         }
@@ -5218 +5517 @@
         case SVM_EXIT_WBINVD:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_WBINVD))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_WBINVD))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitWbinvd(pVCpu, pCtx, pSvmTransient);
         }
@@ -5225 +5524 @@
         case SVM_EXIT_INVD:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_INVD))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_INVD))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitInvd(pVCpu, pCtx, pSvmTransient);
         }
@@ -5232 +5531 @@
         case SVM_EXIT_RDPMC:
         {
-            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_RDPMC))
-                return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+            if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_RDPMC))
+                NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
             return hmR0SvmExitRdpmc(pVCpu, pCtx, pSvmTransient);
         }
@@ -5247 +5546 @@
                 {
                     uint8_t const uDr = uExitCode - SVM_EXIT_READ_DR0;
-                    if (HMIsGuestSvmReadDRxInterceptSet(pVCpu, pCtx, uDr))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmReadDRxInterceptSet(pVCpu, uDr))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitReadDRx(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5258 +5557 @@
                 {
                     uint8_t const uDr = uExitCode - SVM_EXIT_WRITE_DR0;
-                    if (HMIsGuestSvmWriteDRxInterceptSet(pVCpu, pCtx, uDr))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmWriteDRxInterceptSet(pVCpu, uDr))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitWriteDRx(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5288 +5587 @@
                 {
                     uint8_t const uVector = uExitCode - SVM_EXIT_XCPT_0;
-                    if (HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, uVector))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmXcptInterceptSet(pVCpu, uVector))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitXcptGeneric(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5295 +5594 @@
                 case SVM_EXIT_XSETBV:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_XSETBV))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_XSETBV))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitXsetbv(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5302 +5601 @@
                 case SVM_EXIT_TASK_SWITCH:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_TASK_SWITCH))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_TASK_SWITCH))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitTaskSwitch(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5309 +5608 @@
                 case SVM_EXIT_IRET:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_IRET))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_IRET))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitIret(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5316 +5615 @@
                 case SVM_EXIT_SHUTDOWN:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_SHUTDOWN))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_SHUTDOWN))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitShutdown(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5323 +5622 @@
                 case SVM_EXIT_VMMCALL:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VMMCALL))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_VMMCALL))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitVmmCall(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5330 +5629 @@
                 case SVM_EXIT_CLGI:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_CLGI))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_CLGI))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                      return hmR0SvmExitClgi(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5337 +5636 @@
                 case SVM_EXIT_STGI:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_STGI))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_STGI))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                      return hmR0SvmExitStgi(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5344 +5643 @@
                 case SVM_EXIT_VMLOAD:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VMLOAD))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_VMLOAD))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitVmload(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5351 +5650 @@
                 case SVM_EXIT_VMSAVE:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VMSAVE))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_VMSAVE))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitVmsave(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5358 +5657 @@
                 case SVM_EXIT_INVLPGA:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_INVLPGA))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_INVLPGA))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitInvlpga(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5365 +5664 @@
                 case SVM_EXIT_VMRUN:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VMRUN))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_VMRUN))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     return hmR0SvmExitVmrun(pVCpu, pCtx, pSvmTransient);
                 }
@@ -5372 +5671 @@
                 case SVM_EXIT_RSM:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_RSM))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_RSM))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     hmR0SvmSetPendingXcptUD(pVCpu);
                     return VINF_SUCCESS;
@@ -5380 +5679 @@
                 case SVM_EXIT_SKINIT:
                 {
-                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_SKINIT))
-                        return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
+                    if (HMIsGuestSvmCtrlInterceptSet(pVCpu, SVM_CTRL_INTERCEPT_SKINIT))
+                        NST_GST_VMEXIT_CALL_RET(pVCpu, pCtx, uExitCode, uExitInfo1, uExitInfo2);
                     hmR0SvmSetPendingXcptUD(pVCpu);
                     return VINF_SUCCESS;
@@ -5406 +5705 @@
     /* not reached */
 
-#undef HM_SVM_VMEXIT_NESTED
+#undef NST_GST_VMEXIT_CALL_RET
 }
 #endif
@@ -5424 +5723 @@
     Assert(pSvmTransient->u64ExitCode <= SVM_EXIT_MAX);
 
+#ifdef DEBUG_ramshankar
+# define VMEXIT_CALL_RET(a_fDbg, a_CallExpr) \
+        do { \
+            if ((a_fDbg) == 1) \
+                HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL); \
+            int rc = a_CallExpr; \
+            /* if ((a_fDbg) == 1) */ \
+            /*     HMCPU_CF_SET(pVCpu, HM_CHANGED_ALL_GUEST); */ \
+            return rc; \
+        } while (0)
+#else
+# define VMEXIT_CALL_RET(a_fDbg, a_CallExpr) return a_CallExpr
+#endif
+
     /*
-     * The ordering of the case labels is based on most-frequently-occurring #VMEXITs for most guests under
-     * normal workloads (for some definition of "normal").
+     * The ordering of the case labels is based on most-frequently-occurring #VMEXITs
+     * for most guests under normal workloads (for some definition of "normal").
      */
     uint64_t const uExitCode = pSvmTransient->u64ExitCode;
     switch (uExitCode)
     {
-        case SVM_EXIT_NPF:
-            return hmR0SvmExitNestedPF(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_IOIO:
-            return hmR0SvmExitIOInstr(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_RDTSC:
-            return hmR0SvmExitRdtsc(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_RDTSCP:
-            return hmR0SvmExitRdtscp(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_CPUID:
-            return hmR0SvmExitCpuid(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_14:  /* X86_XCPT_PF */
-            return hmR0SvmExitXcptPF(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_6:   /* X86_XCPT_UD */
-            return hmR0SvmExitXcptUD(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_16:  /* X86_XCPT_MF */
-            return hmR0SvmExitXcptMF(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_1:   /* X86_XCPT_DB */
-            return hmR0SvmExitXcptDB(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_17:  /* X86_XCPT_AC */
-            return hmR0SvmExitXcptAC(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_XCPT_3:   /* X86_XCPT_BP */
-            return hmR0SvmExitXcptBP(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_MONITOR:
-            return hmR0SvmExitMonitor(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_MWAIT:
-            return hmR0SvmExitMwait(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_HLT:
-            return hmR0SvmExitHlt(pVCpu, pCtx, pSvmTransient);
+        case SVM_EXIT_NPF:          VMEXIT_CALL_RET(0, hmR0SvmExitNestedPF(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_IOIO:         VMEXIT_CALL_RET(0, hmR0SvmExitIOInstr(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_RDTSC:        VMEXIT_CALL_RET(0, hmR0SvmExitRdtsc(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_RDTSCP:       VMEXIT_CALL_RET(0, hmR0SvmExitRdtscp(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_CPUID:        VMEXIT_CALL_RET(0, hmR0SvmExitCpuid(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_PF:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptPF(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_MSR:          VMEXIT_CALL_RET(0, hmR0SvmExitMsr(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_MONITOR:      VMEXIT_CALL_RET(0, hmR0SvmExitMonitor(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_MWAIT:        VMEXIT_CALL_RET(0, hmR0SvmExitMwait(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_HLT:          VMEXIT_CALL_RET(0, hmR0SvmExitHlt(pVCpu, pCtx, pSvmTransient));
+
+        case SVM_EXIT_XCPT_NMI:     /* Should not occur, SVM_EXIT_NMI is used instead. */
+        case SVM_EXIT_INTR:
+        case SVM_EXIT_NMI:          VMEXIT_CALL_RET(0, hmR0SvmExitIntr(pVCpu, pCtx, pSvmTransient));
 
         case SVM_EXIT_READ_CR0:
         case SVM_EXIT_READ_CR3:
-        case SVM_EXIT_READ_CR4:
-            return hmR0SvmExitReadCRx(pVCpu, pCtx, pSvmTransient);
+        case SVM_EXIT_READ_CR4:     VMEXIT_CALL_RET(0, hmR0SvmExitReadCRx(pVCpu, pCtx, pSvmTransient));
 
         case SVM_EXIT_CR0_SEL_WRITE:
@@ -5482 +5767 @@
         case SVM_EXIT_WRITE_CR3:
         case SVM_EXIT_WRITE_CR4:
-        case SVM_EXIT_WRITE_CR8:
-        {
-            uint8_t const uCr = uExitCode == SVM_EXIT_CR0_SEL_WRITE ? 0 : uExitCode - SVM_EXIT_WRITE_CR0;
-            Log4(("hmR0SvmHandleExit: Write CR%u\n", uCr)); NOREF(uCr);
-            return hmR0SvmExitWriteCRx(pVCpu, pCtx, pSvmTransient);
-        }
-
-        case SVM_EXIT_PAUSE:
-            return hmR0SvmExitPause(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_VMMCALL:
-            return hmR0SvmExitVmmCall(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_VINTR:
-            return hmR0SvmExitVIntr(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_FERR_FREEZE:
-            return hmR0SvmExitFerrFreeze(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_INTR:
-        case SVM_EXIT_NMI:
-        case SVM_EXIT_XCPT_NMI: /* Shouldn't ever happen, SVM_EXIT_NMI is used instead. */
-            return hmR0SvmExitIntr(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_MSR:
-            return hmR0SvmExitMsr(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_INVLPG:
-            return hmR0SvmExitInvlpg(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_WBINVD:
-            return hmR0SvmExitWbinvd(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_INVD:
-            return hmR0SvmExitInvd(pVCpu, pCtx, pSvmTransient);
-
-        case SVM_EXIT_RDPMC:
-            return hmR0SvmExitRdpmc(pVCpu, pCtx, pSvmTransient);
+        case SVM_EXIT_WRITE_CR8:    VMEXIT_CALL_RET(0, hmR0SvmExitWriteCRx(pVCpu, pCtx, pSvmTransient));
+
+        case SVM_EXIT_VINTR:        VMEXIT_CALL_RET(0, hmR0SvmExitVIntr(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_PAUSE:        VMEXIT_CALL_RET(0, hmR0SvmExitPause(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_VMMCALL:      VMEXIT_CALL_RET(0, hmR0SvmExitVmmCall(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_INVLPG:       VMEXIT_CALL_RET(0, hmR0SvmExitInvlpg(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_WBINVD:       VMEXIT_CALL_RET(0, hmR0SvmExitWbinvd(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_INVD:         VMEXIT_CALL_RET(0, hmR0SvmExitInvd(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_RDPMC:        VMEXIT_CALL_RET(0, hmR0SvmExitRdpmc(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_IRET:         VMEXIT_CALL_RET(0, hmR0SvmExitIret(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_UD:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptUD(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_MF:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptMF(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_DB:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptDB(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_AC:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptAC(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XCPT_BP:      VMEXIT_CALL_RET(0, hmR0SvmExitXcptBP(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_XSETBV:       VMEXIT_CALL_RET(0, hmR0SvmExitXsetbv(pVCpu, pCtx, pSvmTransient));
+        case SVM_EXIT_FERR_FREEZE:  VMEXIT_CALL_RET(0, hmR0SvmExitFerrFreeze(pVCpu, pCtx, pSvmTransient));
 
         default:
@@ -5529 +5793 @@
                 case SVM_EXIT_READ_DR10:    case SVM_EXIT_READ_DR11:    case SVM_EXIT_READ_DR12:    case SVM_EXIT_READ_DR13:
                 case SVM_EXIT_READ_DR14:    case SVM_EXIT_READ_DR15:
-                    return hmR0SvmExitReadDRx(pVCpu, pCtx, pSvmTransient);
+                    VMEXIT_CALL_RET(0, hmR0SvmExitReadDRx(pVCpu, pCtx, pSvmTransient));
 
                 case SVM_EXIT_WRITE_DR0:    case SVM_EXIT_WRITE_DR1:    case SVM_EXIT_WRITE_DR2:    case SVM_EXIT_WRITE_DR3:
@@ -5535 +5799 @@
                 case SVM_EXIT_WRITE_DR10:   case SVM_EXIT_WRITE_DR11:   case SVM_EXIT_WRITE_DR12:   case SVM_EXIT_WRITE_DR13:
                 case SVM_EXIT_WRITE_DR14:   case SVM_EXIT_WRITE_DR15:
-                    return hmR0SvmExitWriteDRx(pVCpu, pCtx, pSvmTransient);
-
-                case SVM_EXIT_XSETBV:
-                    return hmR0SvmExitXsetbv(pVCpu, pCtx, pSvmTransient);
-
-                case SVM_EXIT_TASK_SWITCH:
-                    return hmR0SvmExitTaskSwitch(pVCpu, pCtx, pSvmTransient);
-
-                case SVM_EXIT_IRET:
-                    return hmR0SvmExitIret(pVCpu, pCtx, pSvmTransient);
-
-                case SVM_EXIT_SHUTDOWN:
-                    return hmR0SvmExitShutdown(pVCpu, pCtx, pSvmTransient);
+                    VMEXIT_CALL_RET(0, hmR0SvmExitWriteDRx(pVCpu, pCtx, pSvmTransient));
+
+                case SVM_EXIT_TASK_SWITCH:  VMEXIT_CALL_RET(0, hmR0SvmExitTaskSwitch(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_SHUTDOWN:     VMEXIT_CALL_RET(0, hmR0SvmExitShutdown(pVCpu, pCtx, pSvmTransient));
 
                 case SVM_EXIT_SMI:
@@ -5556 +5811 @@
                      * If it ever does, we want to know about it so log the exit code and bail.
                      */
-                    return hmR0SvmExitUnexpected(pVCpu, pCtx, pSvmTransient);
+                    VMEXIT_CALL_RET(0, hmR0SvmExitUnexpected(pVCpu, pCtx, pSvmTransient));
                 }
 
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
-                case SVM_EXIT_CLGI:     return hmR0SvmExitClgi(pVCpu, pCtx, pSvmTransient);
-                case SVM_EXIT_STGI:     return hmR0SvmExitStgi(pVCpu, pCtx, pSvmTransient);
-                case SVM_EXIT_VMLOAD:   return hmR0SvmExitVmload(pVCpu, pCtx, pSvmTransient);
-                case SVM_EXIT_VMSAVE:   return hmR0SvmExitVmsave(pVCpu, pCtx, pSvmTransient);
-                case SVM_EXIT_INVLPGA:  return hmR0SvmExitInvlpga(pVCpu, pCtx, pSvmTransient);
-                case SVM_EXIT_VMRUN:    return hmR0SvmExitVmrun(pVCpu, pCtx, pSvmTransient);
+                case SVM_EXIT_CLGI:     VMEXIT_CALL_RET(0, hmR0SvmExitClgi(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_STGI:     VMEXIT_CALL_RET(0, hmR0SvmExitStgi(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_VMLOAD:   VMEXIT_CALL_RET(0, hmR0SvmExitVmload(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_VMSAVE:   VMEXIT_CALL_RET(0, hmR0SvmExitVmsave(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_INVLPGA:  VMEXIT_CALL_RET(0, hmR0SvmExitInvlpga(pVCpu, pCtx, pSvmTransient));
+                case SVM_EXIT_VMRUN:    VMEXIT_CALL_RET(0, hmR0SvmExitVmrun(pVCpu, pCtx, pSvmTransient));
 #else
                 case SVM_EXIT_CLGI:
@@ -5582 +5837 @@
 
 #ifdef HMSVM_ALWAYS_TRAP_ALL_XCPTS
-                case SVM_EXIT_XCPT_0:      /* #DE                   */
-                /*   SVM_EXIT_XCPT_1: */   /* #DB  - Handled above. */
-                /*   SVM_EXIT_XCPT_2: */   /* #NMI - Handled above. */
-                /*   SVM_EXIT_XCPT_3: */   /* #BP  - Handled above. */
-                case SVM_EXIT_XCPT_4:      /* #OF                   */
-                case SVM_EXIT_XCPT_5:      /* #BR                   */
-                /*   SVM_EXIT_XCPT_6: */   /* #UD  - Handled above. */
-                case SVM_EXIT_XCPT_7:      /* #NM                   */
-                case SVM_EXIT_XCPT_8:      /* #DF                   */
-                case SVM_EXIT_XCPT_9:      /* #CO_SEG_OVERRUN       */
-                case SVM_EXIT_XCPT_10:     /* #TS                   */
-                case SVM_EXIT_XCPT_11:     /* #NP                   */
-                case SVM_EXIT_XCPT_12:     /* #SS                   */
-                case SVM_EXIT_XCPT_13:     /* #GP                   */
-                /*   SVM_EXIT_XCPT_14: */  /* #PF  - Handled above. */
-                case SVM_EXIT_XCPT_15:     /* Reserved.             */
-                /*   SVM_EXIT_XCPT_16: */  /* #MF  - Handled above. */
-                /*   SVM_EXIT_XCPT_17: */  /* #AC  - Handled above. */
-                case SVM_EXIT_XCPT_18:     /* #MC                   */
-                case SVM_EXIT_XCPT_19:     /* #XF                   */
+                case SVM_EXIT_XCPT_DE:
+                /*   SVM_EXIT_XCPT_DB: */       /* Handled above. */
+                /*   SVM_EXIT_XCPT_NMI: */      /* Handled above. */
+                /*   SVM_EXIT_XCPT_BP: */       /* Handled above. */
+                case SVM_EXIT_XCPT_OF:
+                case SVM_EXIT_XCPT_BR:
+                /*   SVM_EXIT_XCPT_UD: */       /* Handled above. */
+                case SVM_EXIT_XCPT_NM:
+                case SVM_EXIT_XCPT_DF:
+                case SVM_EXIT_XCPT_CO_SEG_OVERRUN:
+                case SVM_EXIT_XCPT_TS:
+                case SVM_EXIT_XCPT_NP:
+                case SVM_EXIT_XCPT_SS:
+                case SVM_EXIT_XCPT_GP:
+                /*   SVM_EXIT_XCPT_PF: */
+                case SVM_EXIT_XCPT_15:          /* Reserved. */
+                /*   SVM_EXIT_XCPT_MF: */       /* Handled above. */
+                /*   SVM_EXIT_XCPT_AC: */       /* Handled above. */
+                case SVM_EXIT_XCPT_MC:
+                case SVM_EXIT_XCPT_XF:
                 case SVM_EXIT_XCPT_20: case SVM_EXIT_XCPT_21: case SVM_EXIT_XCPT_22: case SVM_EXIT_XCPT_23:
                 case SVM_EXIT_XCPT_24: case SVM_EXIT_XCPT_25: case SVM_EXIT_XCPT_26: case SVM_EXIT_XCPT_27:
                 case SVM_EXIT_XCPT_28: case SVM_EXIT_XCPT_29: case SVM_EXIT_XCPT_30: case SVM_EXIT_XCPT_31:
-                    return hmR0SvmExitXcptGeneric(pVCpu, pCtx, pSvmTransient);
+                    VMEXIT_CALL_RET(0, hmR0SvmExitXcptGeneric(pVCpu, pCtx, pSvmTransient));
 #endif  /* HMSVM_ALWAYS_TRAP_ALL_XCPTS */
 
@@ -5618 +5873 @@
     }
     /* not reached */
+#undef VMEXIT_CALL_RET
 }
 
@@ -5828 +6084 @@
     int rc = VINF_SUCCESS;
     PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, CPUMCTX_EXTRN_CR2);
 
     Log4(("EXITINTINFO: Pending vectoring event %#RX64 Valid=%RTbool ErrValid=%RTbool Err=%#RX32 Type=%u Vector=%u\n",
@@ -6120 +6377 @@
         Assert(pVmcb);
         Assert(pVmcb->ctrl.u64NextRIP);
+        Assert(!(pCtx->fExtrn & CPUMCTX_EXTRN_RIP));
         AssertRelease(pVmcb->ctrl.u64NextRIP - pCtx->rip == cb);    /* temporary, remove later */
         pCtx->rip = pVmcb->ctrl.u64NextRIP;
@@ -6238 +6496 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+
     PVM pVM = pVCpu->CTX_SUFF(pVM);
     int rc = EMInterpretCpuId(pVM, pVCpu, CPUMCTX2CORE(pCtx));
@@ -6261 +6520 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
     VBOXSTRICTRC rcStrict = IEMExecDecodedRdtsc(pVCpu, hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 2));
     if (rcStrict == VINF_SUCCESS)
@@ -6279 +6539 @@
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
     VBOXSTRICTRC rcStrict = IEMExecDecodedRdtscp(pVCpu, hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3));
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
     if (rcStrict == VINF_SUCCESS)
         pSvmTransient->fUpdateTscOffsetting = true;
@@ -6295 +6556 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   CPUMCTX_EXTRN_CR0
+                                    | CPUMCTX_EXTRN_CR4
+                                    | CPUMCTX_EXTRN_SS);
+
     int rc = EMInterpretRdpmc(pVCpu->CTX_SUFF(pVM), pVCpu, CPUMCTX2CORE(pCtx));
     if (RT_LIKELY(rc == VINF_SUCCESS))
@@ -6326 +6591 @@
         && fSupportsNextRipSave)
     {
+        HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
         PCSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
         uint8_t const cbInstr   = pVmcb->ctrl.u64NextRIP - pCtx->rip;
@@ -6334 +6600 @@
     }
 
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     int rc = hmR0SvmInterpretInvlpg(pVM, pVCpu, pCtx);    /* Updates RIP if successful. */
     Assert(rc == VINF_SUCCESS || rc == VERR_EM_INTERPRETER);
@@ -6364 +6631 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   CPUMCTX_EXTRN_CR0
+                                            | CPUMCTX_EXTRN_SS);
+
     int rc = EMInterpretMonitor(pVCpu->CTX_SUFF(pVM), pVCpu, CPUMCTX2CORE(pCtx));
     if (RT_LIKELY(rc == VINF_SUCCESS))
@@ -6386 +6656 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   CPUMCTX_EXTRN_CR0
+                                            | CPUMCTX_EXTRN_SS);
+
     VBOXSTRICTRC rc2 = EMInterpretMWait(pVCpu->CTX_SUFF(pVM), pVCpu, CPUMCTX2CORE(pCtx));
     int rc = VBOXSTRICTRC_VAL(rc2);
@@ -6419 +6692 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     return VINF_EM_RESET;
 }
@@ -6430 +6704 @@
     RT_NOREF(pCtx);
     PCSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     AssertMsgFailed(("hmR0SvmExitUnexpected: ExitCode=%#RX64 uExitInfo1=%#RX64 uExitInfo2=%#RX64\n", pSvmTransient->u64ExitCode,
                      pVmcb->ctrl.u64ExitInfo1, pVmcb->ctrl.u64ExitInfo2));
@@ -6457 +6732 @@
         if (fMovCRx)
         {
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
             uint8_t const cbInstr = pVmcb->ctrl.u64NextRIP - pCtx->rip;
             uint8_t const iCrReg  = pSvmTransient->u64ExitCode - SVM_EXIT_READ_CR0;
@@ -6467 +6743 @@
     }
 
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     VBOXSTRICTRC rc2 = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0 /* pvFault */);
     int rc = VBOXSTRICTRC_VAL(rc2);
@@ -6499 +6776 @@
         if (fMovCRx)
         {
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
             uint8_t const cbInstr = pVmcb->ctrl.u64NextRIP - pCtx->rip;
             uint8_t const iGReg   = pVmcb->ctrl.u64ExitInfo1 & SVM_EXIT1_MOV_CRX_GPR_NUMBER;
@@ -6510 +6788 @@
     if (!fDecodedInstr)
     {
+        HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
         Log4(("hmR0SvmExitWriteCRx: iCrReg=%#x\n", iCrReg));
         rcStrict = IEMExecOneBypassEx(pVCpu, CPUMCTX2CORE(pCtx), NULL);
@@ -6521 +6800 @@
         switch (iCrReg)
         {
-            case 0:     /* CR0. */
-                HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);
-                break;
-
-            case 3:     /* CR3. */
-                HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR3);
-                break;
-
-            case 4:     /* CR4. */
-                HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR4);
-                break;
-
-            case 8:     /* CR8 (TPR). */
-                HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_APIC_STATE);
-                break;
-
+            case 0: HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);        break;
+            case 2: HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR2);        break;
+            case 3: HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR3);        break;
+            case 4: HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR4);        break;
+            case 8: HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_APIC_STATE); break;
             default:
+            {
                 AssertMsgFailed(("hmR0SvmExitWriteCRx: Invalid/Unexpected Write-CRx exit. u64ExitCode=%#RX64 %#x\n",
                                  pSvmTransient->u64ExitCode, iCrReg));
                 break;
+            }
         }
         HMSVM_CHECK_SINGLE_STEP(pVCpu, rcStrict);
@@ -6557 +6827 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   CPUMCTX_EXTRN_CR0
+                                            | CPUMCTX_EXTRN_RFLAGS
+                                            | CPUMCTX_EXTRN_SS
+                                            | CPUMCTX_EXTRN_ALL_MSRS);
+
     PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
     PVM      pVM   = pVCpu->CTX_SUFF(pVM);
@@ -6598 +6873 @@
         else
         {
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
             rc = VBOXSTRICTRC_TODO(EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0 /* pvFault */));
             if (RT_LIKELY(rc == VINF_SUCCESS))
@@ -6656 +6932 @@
         else
         {
+            HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
             rc = VBOXSTRICTRC_TODO(EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0));
             if (RT_UNLIKELY(rc != VINF_SUCCESS))
@@ -6678 +6955 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+
     STAM_COUNTER_INC(&pVCpu->hm.s.StatExitDRxRead);
 
@@ -6760 +7039 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
 
     /** @todo decode assists... */
@@ -6781 +7061 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK | CPUMCTX_EXTRN_SREG_MASK);
 
     /* I/O operation lookup arrays. */
@@ -6907 +7188 @@
         /** @todo Optimize away the DBGFBpIsHwIoArmed call by having DBGF tell the
          *  execution engines about whether hyper BPs and such are pending. */
+        HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, CPUMCTX_EXTRN_DR7);
         uint32_t const uDr7 = pCtx->dr[7];
         if (RT_UNLIKELY(   (   (uDr7 & X86_DR7_ENABLED_MASK)
@@ -6973 +7255 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+    HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
     PVM pVM = pVCpu->CTX_SUFF(pVM);
     Assert(pVM->hm.s.fNestedPaging);
-
-    HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
     /* See AMD spec. 15.25.6 "Nested versus Guest Page Faults, Fault Ordering" for VMCB details for #NPF. */
@@ -7103 +7385 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
@@ -7135 +7416 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
+
     STAM_COUNTER_INC(&pVCpu->hm.s.StatExitVmcall);
 
@@ -7189 +7472 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, CPUMCTX_EXTRN_CR0);
     Assert(!(pCtx->cr0 & X86_CR0_NE));
 
@@ -7223 +7507 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
@@ -7329 +7613 @@
             /* If the nested-guest is intercepting #PFs, cause a #PF #VMEXIT. */
             if (   CPUMIsGuestInSvmNestedHwVirtMode(pCtx)
-                && HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_PF))
+                && HMIsGuestSvmXcptInterceptSet(pVCpu, X86_XCPT_PF))
                 return VBOXSTRICTRC_TODO(IEMExecSvmVmexit(pVCpu, SVM_EXIT_XCPT_PF, uErrCode, uFaultAddress));
 #endif
@@ -7369 +7653 @@
     if (pVCpu->hm.s.fGIMTrapXcptUD)
     {
+        HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
         uint8_t cbInstr = 0;
         VBOXSTRICTRC rcStrict = GIMXcptUD(pVCpu, pCtx, NULL /* pDis */, &cbInstr);
@@ -7405 +7690 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
 
     /* Paranoia; Ensure we cannot be called as a result of event delivery. */
@@ -7442 +7728 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
-    /* If this #DB is the result of delivering an event, go back to the interpreter. */
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
+
     if (RT_UNLIKELY(pVCpu->hm.s.Event.fPending))
     {
@@ -7495 +7781 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
@@ -7516 +7801 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
@@ -7542 +7827 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
@@ -7586 +7870 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   IEM_CPUMCTX_EXTRN_MUST_MASK
+                                            | CPUMCTX_EXTRN_HWVIRT);
 
 #ifdef VBOX_STRICT
@@ -7608 +7894 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   IEM_CPUMCTX_EXTRN_MUST_MASK
+                                            | CPUMCTX_EXTRN_HWVIRT);
 
     /*
@@ -7629 +7917 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx,   IEM_CPUMCTX_EXTRN_MUST_MASK
+                                            | CPUMCTX_EXTRN_FS
+                                            | CPUMCTX_EXTRN_GS
+                                            | CPUMCTX_EXTRN_TR
+                                            | CPUMCTX_EXTRN_LDTR
+                                            | CPUMCTX_EXTRN_KERNEL_GS_BASE
+                                            | CPUMCTX_EXTRN_SYSCALL_MSRS
+                                            | CPUMCTX_EXTRN_SYSENTER_MSRS);
 
 #ifdef VBOX_STRICT
@@ -7644 +7940 @@
         HMCPU_CF_SET(pVCpu,   HM_CHANGED_GUEST_SEGMENT_REGS
                             | HM_CHANGED_GUEST_TR
-                            | HM_CHANGED_GUEST_LDTR);
+                            | HM_CHANGED_GUEST_LDTR
+                            | HM_CHANGED_GUEST_SYSENTER_CS_MSR
+                            | HM_CHANGED_GUEST_SYSENTER_EIP_MSR
+                            | HM_CHANGED_GUEST_SYSENTER_ESP_MSR);
     }
     return VBOXSTRICTRC_VAL(rcStrict);
@@ -7656 +7955 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
 
 #ifdef VBOX_STRICT
@@ -7676 +7976 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, IEM_CPUMCTX_EXTRN_MUST_MASK);
+
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitInvlpga); */
@@ -7690 +7992 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+    /** @todo Only save and reload what VMRUN changes (e.g. skip LDTR, TR etc). */
+    HMSVM_CPUMCTX_IMPORT_STATE(pVCpu, pCtx, HMSVM_CPUMCTX_EXTRN_ALL);
 
     VBOXSTRICTRC rcStrict;
@@ -7711 +8015 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
-    /* If this #DB is the result of delivering an event, go back to the interpreter. */
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
+
     if (pVCpu->hm.s.Event.fPending)
     {
@@ -7732 +8035 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 

trunk/src/VBox/VMM/VMMR0/HMSVMR0.h

@@ -38 +38 @@
 #ifdef IN_RING0
 
-VMMR0DECL(int)  SVMR0GlobalInit(void);
-VMMR0DECL(void) SVMR0GlobalTerm(void);
-VMMR0DECL(int)  SVMR0Enter(PVM pVM, PVMCPU pVCpu, PHMGLOBALCPUINFO pCpu);
-VMMR0DECL(void) SVMR0ThreadCtxCallback(RTTHREADCTXEVENT enmEvent, PVMCPU pVCpu, bool fGlobalInit);
-VMMR0DECL(int)  SVMR0EnableCpu(PHMGLOBALCPUINFO pCpu, PVM pVM, void *pvPageCpu, RTHCPHYS HCPhysCpuPage, bool fEnabledBySystem,
-                               void *pvArg);
-VMMR0DECL(int)  SVMR0DisableCpu(PHMGLOBALCPUINFO pCpu, void *pvPageCpu, RTHCPHYS pPageCpuPhys);
-VMMR0DECL(int)  SVMR0InitVM(PVM pVM);
-VMMR0DECL(int)  SVMR0TermVM(PVM pVM);
-VMMR0DECL(int)  SVMR0SetupVM(PVM pVM);
+VMMR0DECL(int)          SVMR0GlobalInit(void);
+VMMR0DECL(void)         SVMR0GlobalTerm(void);
+VMMR0DECL(int)          SVMR0Enter(PVM pVM, PVMCPU pVCpu, PHMGLOBALCPUINFO pCpu);
+VMMR0DECL(void)         SVMR0ThreadCtxCallback(RTTHREADCTXEVENT enmEvent, PVMCPU pVCpu, bool fGlobalInit);
+VMMR0DECL(int)          SVMR0EnableCpu(PHMGLOBALCPUINFO pCpu, PVM pVM, void *pvPageCpu, RTHCPHYS HCPhysCpuPage,
+                                       bool fEnabledBySystem, void *pvArg);
+VMMR0DECL(int)          SVMR0DisableCpu(PHMGLOBALCPUINFO pCpu, void *pvPageCpu, RTHCPHYS pPageCpuPhys);
+VMMR0DECL(int)          SVMR0InitVM(PVM pVM);
+VMMR0DECL(int)          SVMR0TermVM(PVM pVM);
+VMMR0DECL(int)          SVMR0SetupVM(PVM pVM);
 VMMR0DECL(VBOXSTRICTRC) SVMR0RunGuestCode(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
-VMMR0DECL(int)  SVMR0SaveHostState(PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          SVMR0SaveHostState(PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          SVMR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat);
+VMMR0DECL(int)          SVMR0InvalidatePage(PVM pVM, PVMCPU pVCpu, RTGCPTR GCVirt);
 
 #if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS)
-DECLASM(int)   SVMR0VMSwitcherRun64(RTHCPHYS pVMCBHostPhys, RTHCPHYS pVMCBPhys, PCPUMCTX pCtx, PVM pVM, PVMCPU pVCpu);
-VMMR0DECL(int) SVMR0Execute64BitsHandler(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, HM64ON32OP enmOp, uint32_t cbParam,
-                                         uint32_t *paParam);
+DECLASM(int)            SVMR0VMSwitcherRun64(RTHCPHYS pVMCBHostPhys, RTHCPHYS pVMCBPhys, PCPUMCTX pCtx, PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          SVMR0Execute64BitsHandler(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, HM64ON32OP enmOp, uint32_t cbParam,
+                                                  uint32_t *paParam);
 #endif /* HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS) */
 

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -131 +131 @@
  * are used. Maybe later this can be extended (i.e. Nested Virtualization).
  */
-#define HMVMX_VMCS_STATE_CLEAR                         RT_BIT(0)
-#define HMVMX_VMCS_STATE_ACTIVE                        RT_BIT(1)
-#define HMVMX_VMCS_STATE_LAUNCHED                      RT_BIT(2)
+#define HMVMX_VMCS_STATE_CLEAR                              RT_BIT(0)
+#define HMVMX_VMCS_STATE_ACTIVE                             RT_BIT(1)
+#define HMVMX_VMCS_STATE_LAUNCHED                           RT_BIT(2)
 /** @} */
+
+/**
+ * Subset of the guest-CPU state that is kept by VMX R0 code while executing the
+ * guest using hardware-assisted VMX.
+ *
+ * This excludes state like GPRs (other than RSP) which are always are
+ * swapped and restored across the world-switch and also registers like EFER,
+ * MSR which cannot be modified by the guest without causing a VM-exit.
+ */
+#define HMVMX_CPUMCTX_EXTRN_ALL                             (  CPUMCTX_EXTRN_RIP            \
+                                                             | CPUMCTX_EXTRN_RFLAGS         \
+                                                             | CPUMCTX_EXTRN_SREG_MASK      \
+                                                             | CPUMCTX_EXTRN_TABLE_MASK     \
+                                                             | CPUMCTX_EXTRN_SYSENTER_MSRS  \
+                                                             | CPUMCTX_EXTRN_SYSCALL_MSRS   \
+                                                             | CPUMCTX_EXTRN_KERNEL_GS_BASE \
+                                                             | CPUMCTX_EXTRN_TSC_AUX        \
+                                                             | CPUMCTX_EXTRN_OTHER_MSRS     \
+                                                             | CPUMCTX_EXTRN_CR0            \
+                                                             | CPUMCTX_EXTRN_CR3            \
+                                                             | CPUMCTX_EXTRN_CR4            \
+                                                             | CPUMCTX_EXTRN_DR7)
 
 /**
@@ -191 +213 @@
         return VERR_VMX_UNEXPECTED_EXIT; \
     } while (0)
+
+/** Macro for saving segment registers from VMCS into the guest-CPU
+ *  context. */
+#ifdef VMX_USE_CACHED_VMCS_ACCESSES
+# define HMVMX_SAVE_SREG(Sel, a_pCtxSelReg) \
+    hmR0VmxSaveSegmentReg(pVCpu, VMX_VMCS16_GUEST_##Sel##_SEL, VMX_VMCS32_GUEST_##Sel##_LIMIT, \
+                          VMX_VMCS_GUEST_##Sel##_BASE_CACHE_IDX, VMX_VMCS32_GUEST_##Sel##_ACCESS_RIGHTS, (a_pCtxSelReg))
+#else
+# define HMVMX_SAVE_SREG(Sel, a_pCtxSelReg) \
+    hmR0VmxSaveSegmentReg(pVCpu, VMX_VMCS16_GUEST_##Sel##_SEL, VMX_VMCS32_GUEST_##Sel##_LIMIT, \
+                          VMX_VMCS_GUEST_##Sel##_BASE, VMX_VMCS32_GUEST_##Sel##_ACCESS_RIGHTS, (a_pCtxSelReg))
+#endif
 
 
@@ -1929 +1963 @@
 
 /**
- * Invalidates a guest page by physical address. Only relevant for EPT/VPID,
- * otherwise there is nothing really to invalidate.
- *
- * @returns VBox status code.
- * @param   pVM         The cross context VM structure.
- * @param   pVCpu       The cross context virtual CPU structure.
- * @param   GCPhys      Guest physical address of the page to invalidate.
- */
-VMMR0DECL(int) VMXR0InvalidatePhysPage(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys)
-{
-    NOREF(pVM); NOREF(GCPhys);
-    LogFlowFunc(("%RGp\n", GCPhys));
-
-    /*
-     * We cannot flush a page by guest-physical address. invvpid takes only a linear address while invept only flushes
-     * by EPT not individual addresses. We update the force flag here and flush before the next VM-entry in hmR0VmxFlushTLB*().
-     * This function might be called in a loop. This should cause a flush-by-EPT if EPT is in use. See @bugref{6568}.
-     */
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_TLB_FLUSH);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushTlbInvlpgPhys);
-    return VINF_SUCCESS;
-}
-
-
-/**
  * Dummy placeholder for tagged-TLB flush handling before VM-entry. Used in the
  * case where neither EPT nor VPID is supported by the CPU.
@@ -6747 +6756 @@
 
 /**
- * Reads a guest segment register from the current VMCS into the guest-CPU
+ * Saves a guest segment register from the current VMCS into the guest-CPU
  * context.
  *
@@ -6759 +6768 @@
  *
  * @remarks No-long-jump zone!!!
- * @remarks Never call this function directly!!! Use the VMXLOCAL_READ_SEG()
- *          macro as that takes care of whether to read from the VMCS cache or
- *          not.
- */
-DECLINLINE(int) hmR0VmxReadSegmentReg(PVMCPU pVCpu, uint32_t idxSel, uint32_t idxLimit, uint32_t idxBase, uint32_t idxAccess,
+ * @remarks Never call this function directly!!! Use the
+ *          HMVMX_SAVE_SREG() macro as that takes care of whether to read
+ *          from the VMCS cache or not.
+ */
+static int hmR0VmxSaveSegmentReg(PVMCPU pVCpu, uint32_t idxSel, uint32_t idxLimit, uint32_t idxBase, uint32_t idxAccess,
                                       PCPUMSELREG pSelReg)
 {
@@ -6824 +6833 @@
 }
 
-
-#ifdef VMX_USE_CACHED_VMCS_ACCESSES
-# define VMXLOCAL_READ_SEG(Sel, CtxSel) \
-    hmR0VmxReadSegmentReg(pVCpu, VMX_VMCS16_GUEST_##Sel##_SEL, VMX_VMCS32_GUEST_##Sel##_LIMIT, \
-                          VMX_VMCS_GUEST_##Sel##_BASE_CACHE_IDX, VMX_VMCS32_GUEST_##Sel##_ACCESS_RIGHTS, &pMixedCtx->CtxSel)
-#else
-# define VMXLOCAL_READ_SEG(Sel, CtxSel) \
-    hmR0VmxReadSegmentReg(pVCpu, VMX_VMCS16_GUEST_##Sel##_SEL, VMX_VMCS32_GUEST_##Sel##_LIMIT, \
-                          VMX_VMCS_GUEST_##Sel##_BASE, VMX_VMCS32_GUEST_##Sel##_ACCESS_RIGHTS, &pMixedCtx->CtxSel)
-#endif
-
-
 /**
  * Saves the guest segment registers from the current VMCS into the guest-CPU
@@ -6853 +6850 @@
     if (!HMVMXCPU_GST_IS_UPDATED(pVCpu, HMVMX_UPDATED_GUEST_SEGMENT_REGS))
     {
+        /** @todo r=ramshankar: Why do we save CR0 here? */
         Assert(!HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_SEGMENT_REGS));
         int rc = hmR0VmxSaveGuestCR0(pVCpu, pMixedCtx);
         AssertRCReturn(rc, rc);
 
-        rc  = VMXLOCAL_READ_SEG(CS, cs);
-        rc |= VMXLOCAL_READ_SEG(SS, ss);
-        rc |= VMXLOCAL_READ_SEG(DS, ds);
-        rc |= VMXLOCAL_READ_SEG(ES, es);
-        rc |= VMXLOCAL_READ_SEG(FS, fs);
-        rc |= VMXLOCAL_READ_SEG(GS, gs);
+        rc  = HMVMX_SAVE_SREG(CS, &pMixedCtx->cs);
+        rc |= HMVMX_SAVE_SREG(SS, &pMixedCtx->ss);
+        rc |= HMVMX_SAVE_SREG(DS, &pMixedCtx->ds);
+        rc |= HMVMX_SAVE_SREG(ES, &pMixedCtx->es);
+        rc |= HMVMX_SAVE_SREG(FS, &pMixedCtx->fs);
+        rc |= HMVMX_SAVE_SREG(GS, &pMixedCtx->gs);
         AssertRCReturn(rc, rc);
 
@@ -6916 +6914 @@
     {
         Assert(!HMCPU_CF_IS_PENDING(pVCpu, HM_CHANGED_GUEST_LDTR));
-        rc = VMXLOCAL_READ_SEG(LDTR, ldtr);
+        rc = HMVMX_SAVE_SREG(LDTR, &pMixedCtx->ldtr);
         AssertRCReturn(rc, rc);
         HMVMXCPU_GST_SET_UPDATED(pVCpu, HMVMX_UPDATED_GUEST_LDTR);
@@ -6955 +6953 @@
         if (!pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
         {
-            rc = VMXLOCAL_READ_SEG(TR, tr);
+            rc = HMVMX_SAVE_SREG(TR, &pMixedCtx->tr);
             AssertRCReturn(rc, rc);
         }
@@ -6962 +6960 @@
     return rc;
 }
-
-#undef VMXLOCAL_READ_SEG
 
 
@@ -7014 +7010 @@
     HMVMXCPU_GST_SET_UPDATED(pVCpu, HMVMX_UPDATED_GUEST_APIC_STATE);
     return VINF_SUCCESS;
+}
+
+
+/**
+ * Worker for VMXR0ImportStateOnDemand.
+ *
+ * @returns VBox status code.
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pCtx    Pointer to the guest-CPU context.
+ * @param   fWhat   What to import, CPUMCTX_EXTRN_XXX.
+ */
+static int hmR0VmxImportGuestState(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat)
+{
+    int      rc = VINF_SUCCESS;
+    PVM      pVM = pVCpu->CTX_SUFF(pVM);
+    uint64_t u64Val;
+    uint32_t u32Val;
+    uint32_t u32Shadow;
+
+    /*
+     * Though we can longjmp to ring-3 due to log-flushes here and get re-invoked
+     * on the ring-3 callback path, there is no real need to.
+     */
+    if (VMMRZCallRing3IsEnabled(pVCpu))
+        VMMR0LogFlushDisable(pVCpu);
+    else
+        Assert(VMMR0IsLogFlushDisabled(pVCpu));
+    Log4Func(("fExtrn=%#RX64 fWhat=%#RX64\n", pCtx->fExtrn, fWhat));
+
+    /*
+     * Consider this scenario: VM-exit -> VMMRZCallRing3Enable() -> do stuff that causes a longjmp -> hmR0VmxCallRing3Callback()
+     * -> VMMRZCallRing3Disable() -> hmR0VmxImportGuestState() -> Sets VMCPU_FF_HM_UPDATE_CR3 pending -> return from the longjmp
+     * -> continue with VM-exit handling -> hmR0VmxImportGuestState() and here we are.
+     *
+     * The reason for such complicated handling is because VM-exits that call into PGM expect CR3 to be up-to-date and thus
+     * if any CR3-saves -before- the VM-exit (longjmp) postponed the CR3 update via the force-flag, any VM-exit handler that
+     * calls into PGM when it re-saves CR3 will end up here and we call PGMUpdateCR3(). This is why the code below should
+     * -NOT- check if HMVMX_UPDATED_GUEST_CR3 is already set or not!
+     *
+     * The longjmp exit path can't check these CR3 force-flags and call code that takes a lock again. We cover for it here.
+     */
+    if (VMMRZCallRing3IsEnabled(pVCpu))
+    {
+        if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3))
+            PGMUpdateCR3(pVCpu, CPUMGetGuestCR3(pVCpu));
+
+        if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES))
+            PGMGstUpdatePaePdpes(pVCpu, &pVCpu->hm.s.aPdpes[0]);
+
+        Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3));
+        Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES));
+
+        VMMR0LogFlushEnable(pVCpu);
+    }
+
+    Assert(!(fWhat & CPUMCTX_EXTRN_KEEPER_HM));
+    fWhat &= pCtx->fExtrn;
+
+    /* If there is nothing more to import, bail early. */
+    if (!(fWhat & HMVMX_CPUMCTX_EXTRN_ALL))
+        return VINF_SUCCESS;
+
+    /* RIP required while saving interruptibility-state below, see EMSetInhibitInterruptsPC(). */
+    if (fWhat & (CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_HM_VMX_INT_STATE))
+    {
+        rc = VMXReadVmcsGstN(VMX_VMCS_GUEST_RIP, &u64Val);
+        AssertRCReturn(rc, rc);
+        pCtx->rip = u64Val;
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RIP);
+    }
+
+    /* RFLAGS and interruptibility-state required while re-evaluating interrupt injection, see hmR0VmxGetGuestIntrState(). */
+    if (fWhat & (CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_HM_VMX_INT_STATE))
+    {
+        rc = VMXReadVmcsGstN(VMX_VMCS_GUEST_RFLAGS, &u64Val);
+        AssertRCReturn(rc, rc);
+        pCtx->eflags.u32 = u64Val;
+        /* Restore eflags for real-on-v86-mode hack. */
+        if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+        {
+            Assert(pVM->hm.s.vmx.pRealModeTSS);
+            pCtx->eflags.Bits.u1VM   = 0;
+            pCtx->eflags.Bits.u2IOPL = pVCpu->hm.s.vmx.RealMode.Eflags.Bits.u2IOPL;
+        }
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RFLAGS);
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_HM_VMX_INT_STATE)
+    {
+        rc = VMXReadVmcs32(VMX_VMCS32_GUEST_INTERRUPTIBILITY_STATE, &u32Val);
+        AssertRCReturn(rc, rc);
+        if (!u32Val)
+        {
+            if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
+
+            if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        }
+        else
+        {
+            if (u32Val & (  VMX_VMCS_GUEST_INTERRUPTIBILITY_STATE_BLOCK_MOVSS
+                          | VMX_VMCS_GUEST_INTERRUPTIBILITY_STATE_BLOCK_STI))
+            {
+                EMSetInhibitInterruptsPC(pVCpu, pCtx->rip);
+                Assert(VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
+            }
+            else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
+
+            if (u32Val & VMX_VMCS_GUEST_INTERRUPTIBILITY_STATE_BLOCK_NMI)
+            {
+                if (!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+                    VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+            }
+            else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        }
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_HM_VMX_INT_STATE);
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_RSP)
+    {
+        rc = VMXReadVmcsGstN(VMX_VMCS_GUEST_RSP, &u64Val);
+        AssertRCReturn(rc, rc);
+        pCtx->rsp = u64Val;
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_RSP);
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_SREG_MASK)
+    {
+        if (fWhat & CPUMCTX_EXTRN_CS)
+        {
+            rc = HMVMX_SAVE_SREG(CS, &pCtx->cs);
+            AssertRCReturn(rc, rc);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->cs.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrCS.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CS);
+        }
+        if (fWhat & CPUMCTX_EXTRN_SS)
+        {
+            rc = HMVMX_SAVE_SREG(SS, &pCtx->ss);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->ss.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrSS.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SS);
+        }
+        if (fWhat & CPUMCTX_EXTRN_DS)
+        {
+            rc = HMVMX_SAVE_SREG(DS, &pCtx->ds);
+            AssertRCReturn(rc, rc);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->ds.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrDS.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_DS);
+        }
+        if (fWhat & CPUMCTX_EXTRN_ES)
+        {
+            rc = HMVMX_SAVE_SREG(ES, &pCtx->es);
+            AssertRCReturn(rc, rc);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->es.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrES.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_ES);
+        }
+       if (fWhat & CPUMCTX_EXTRN_FS)
+       {
+            rc = HMVMX_SAVE_SREG(FS, &pCtx->fs);
+            AssertRCReturn(rc, rc);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->fs.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrFS.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_FS);
+       }
+        if (fWhat & CPUMCTX_EXTRN_GS)
+        {
+            rc = HMVMX_SAVE_SREG(GS, &pCtx->gs);
+            AssertRCReturn(rc, rc);
+            if (pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+                pCtx->gs.Attr.u = pVCpu->hm.s.vmx.RealMode.AttrGS.u;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_GS);
+        }
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_TABLE_MASK)
+    {
+        if (fWhat & CPUMCTX_EXTRN_LDTR)
+        {
+            rc = HMVMX_SAVE_SREG(LDTR, &pCtx->ldtr);
+            AssertRCReturn(rc, rc);
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_LDTR);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_GDTR)
+        {
+            rc  = VMXReadVmcsGstN(VMX_VMCS_GUEST_GDTR_BASE,  &u64Val);
+            rc |= VMXReadVmcs32(VMX_VMCS32_GUEST_GDTR_LIMIT, &u32Val);
+            AssertRCReturn(rc, rc);
+            pCtx->gdtr.pGdt  = u64Val;
+            pCtx->gdtr.cbGdt = u32Val;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_GDTR);
+        }
+
+        /* Guest IDTR. */
+        if (fWhat & CPUMCTX_EXTRN_IDTR)
+        {
+            rc  = VMXReadVmcsGstN(VMX_VMCS_GUEST_IDTR_BASE,  &u64Val);
+            rc |= VMXReadVmcs32(VMX_VMCS32_GUEST_IDTR_LIMIT, &u32Val);
+            AssertRCReturn(rc, rc);
+            pCtx->idtr.pIdt  = u64Val;
+            pCtx->idtr.cbIdt = u32Val;
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_IDTR);
+        }
+
+        /* Guest TR. */
+        if (fWhat & CPUMCTX_EXTRN_TR)
+        {
+            /* Real-mode emulation using virtual-8086 mode has the fake TSS (pRealModeTSS) in TR, don't save that one. */
+            if (!pVCpu->hm.s.vmx.RealMode.fRealOnV86Active)
+            {
+                rc = HMVMX_SAVE_SREG(TR, &pCtx->tr);
+                AssertRCReturn(rc, rc);
+            }
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_TR);
+        }
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_SYSENTER_MSRS)
+    {
+        rc  = VMXReadVmcsGstN(VMX_VMCS_GUEST_SYSENTER_EIP, &pCtx->SysEnter.eip);
+        rc |= VMXReadVmcsGstN(VMX_VMCS_GUEST_SYSENTER_ESP, &pCtx->SysEnter.esp);
+        rc |= VMXReadVmcs32(VMX_VMCS32_GUEST_SYSENTER_CS,  &u32Val);
+        pCtx->SysEnter.cs = u32Val;
+        AssertRCReturn(rc, rc);
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SYSENTER_MSRS);
+    }
+
+#if HC_ARCH_BITS == 64
+    if (fWhat & CPUMCTX_EXTRN_KERNEL_GS_BASE)
+    {
+        if (   pVM->hm.s.fAllow64BitGuests
+            && (pVCpu->hm.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST))
+            pCtx->msrKERNELGSBASE = ASMRdMsr(MSR_K8_KERNEL_GS_BASE);
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_KERNEL_GS_BASE);
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_SYSCALL_MSRS)
+    {
+        if (   pVM->hm.s.fAllow64BitGuests
+            && (pVCpu->hm.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST))
+        {
+            pCtx->msrLSTAR  = ASMRdMsr(MSR_K8_LSTAR);
+            pCtx->msrSTAR   = ASMRdMsr(MSR_K6_STAR);
+            pCtx->msrSFMASK = ASMRdMsr(MSR_K8_SF_MASK);
+        }
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_SYSCALL_MSRS);
+    }
+#endif
+
+    if (   (fWhat & (CPUMCTX_EXTRN_TSC_AUX | CPUMCTX_EXTRN_OTHER_MSRS))
+#if HC_ARCH_BITS == 32
+        || (fWhat & (CPUMCTX_EXTRN_KERNEL_GS_BASE | CPUMCTX_EXTRN_SYSCALL_MSRS))
+#endif
+        )
+    {
+        PCVMXAUTOMSR   pMsr  = (PVMXAUTOMSR)pVCpu->hm.s.vmx.pvGuestMsr;
+        uint32_t const cMsrs = pVCpu->hm.s.vmx.cMsrs;
+        for (uint32_t i = 0; i < cMsrs; i++, pMsr++)
+        {
+            switch (pMsr->u32Msr)
+            {
+#if HC_ARCH_BITS == 32
+                case MSR_K8_LSTAR:          pCtx->msrLSTAR        = pMsr->u64Value;         break;
+                case MSR_K6_STAR:           pCtx->msrSTAR         = pMsr->u64Value;         break;
+                case MSR_K8_SF_MASK:        pCtx->msrSFMASK       = pMsr->u64Value;         break;
+                case MSR_K8_KERNEL_GS_BASE: pCtx->msrKERNELGSBASE = pMsr->u64Value;         break;
+#endif
+                case MSR_IA32_SPEC_CTRL:    CPUMSetGuestSpecCtrl(pVCpu, pMsr->u64Value);    break;
+                case MSR_K8_TSC_AUX:
+                {
+                    /* CPUMSetGuestTscAux alters fExtrn without using atomics, so disable preemption temporarily. */
+                    HM_DISABLE_PREEMPT();
+                    CPUMSetGuestTscAux(pVCpu, pMsr->u64Value);
+                    HM_RESTORE_PREEMPT();
+                    break;
+                }
+                default:
+                {
+                    AssertMsgFailed(("Unexpected MSR in auto-load/store area. uMsr=%#RX32 cMsrs=%u\n", pMsr->u32Msr, cMsrs));
+                    pVCpu->hm.s.u32HMError = pMsr->u32Msr;
+                    return VERR_HM_UNEXPECTED_LD_ST_MSR;
+                }
+            }
+        }
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~(  CPUMCTX_EXTRN_TSC_AUX
+                                           | CPUMCTX_EXTRN_OTHER_MSRS
+#if HC_ARCH_BITS == 32
+                                           | CPUMCTX_EXTRN_KERNEL_GS_BASE
+                                           | CPUMCTX_EXTRN_SYSCALL_MSRS
+#endif
+                                           ));
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_DR7)
+    {
+        if (!pVCpu->hm.s.fUsingHyperDR7)
+        {
+            /* Upper 32-bits are always zero. See Intel spec. 2.7.3 "Loading and Storing Debug Registers". */
+            rc = VMXReadVmcs32(VMX_VMCS_GUEST_DR7, &u32Val);
+            AssertRCReturn(rc, rc);
+            pCtx->dr[7] = u32Val;
+        }
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_DR7);
+    }
+
+    if (fWhat & CPUMCTX_EXTRN_CR_MASK)
+    {
+        /* CR0 required for saving CR3 below, see CPUMIsGuestPagingEnabledEx(). */
+        if (fWhat & (CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_CR3))
+        {
+            rc  = VMXReadVmcs32(VMX_VMCS_GUEST_CR0,            &u32Val);
+            rc |= VMXReadVmcs32(VMX_VMCS_CTRL_CR0_READ_SHADOW, &u32Shadow);
+            AssertRCReturn(rc, rc);
+            u32Val = (u32Val & ~pVCpu->hm.s.vmx.u32CR0Mask)
+                   | (u32Shadow & pVCpu->hm.s.vmx.u32CR0Mask);
+            CPUMSetGuestCR0(pVCpu, u32Val);
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR0);
+        }
+
+        /* CR4 required for saving CR3 below, see CPUMIsGuestInPAEModeEx(). */
+        if (fWhat & (CPUMCTX_EXTRN_CR4 | CPUMCTX_EXTRN_CR3))
+        {
+            rc  = VMXReadVmcs32(VMX_VMCS_GUEST_CR4,            &u32Val);
+            rc |= VMXReadVmcs32(VMX_VMCS_CTRL_CR4_READ_SHADOW, &u32Shadow);
+            AssertRCReturn(rc, rc);
+            u32Val = (u32Val & ~pVCpu->hm.s.vmx.u32CR4Mask)
+                   | (u32Shadow & pVCpu->hm.s.vmx.u32CR4Mask);
+            CPUMSetGuestCR4(pVCpu, u32Val);
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR4);
+        }
+
+        if (fWhat & CPUMCTX_EXTRN_CR3)
+        {
+            if (   pVM->hm.s.vmx.fUnrestrictedGuest
+                || (   pVM->hm.s.fNestedPaging
+                    && CPUMIsGuestPagingEnabledEx(pCtx)))
+            {
+                rc = VMXReadVmcsGstN(VMX_VMCS_GUEST_CR3, &u64Val);
+                if (pCtx->cr3 != u64Val)
+                {
+                    CPUMSetGuestCR3(pVCpu, u64Val);
+                    if (VMMRZCallRing3IsEnabled(pVCpu))
+                    {
+                        PGMUpdateCR3(pVCpu, u64Val);
+                        Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3));
+                    }
+                    else
+                    {
+                        /* Set the force flag to inform PGM about it when necessary. It is cleared by PGMUpdateCR3().*/
+                        VMCPU_FF_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3);
+                    }
+                }
+
+                /* If the guest is in PAE mode, sync back the PDPE's into the guest state. */
+                if (CPUMIsGuestInPAEModeEx(pCtx))
+                {
+                    rc  = VMXReadVmcs64(VMX_VMCS64_GUEST_PDPTE0_FULL, &pVCpu->hm.s.aPdpes[0].u);
+                    rc |= VMXReadVmcs64(VMX_VMCS64_GUEST_PDPTE1_FULL, &pVCpu->hm.s.aPdpes[1].u);
+                    rc |= VMXReadVmcs64(VMX_VMCS64_GUEST_PDPTE2_FULL, &pVCpu->hm.s.aPdpes[2].u);
+                    rc |= VMXReadVmcs64(VMX_VMCS64_GUEST_PDPTE3_FULL, &pVCpu->hm.s.aPdpes[3].u);
+                    AssertRCReturn(rc, rc);
+
+                    if (VMMRZCallRing3IsEnabled(pVCpu))
+                    {
+                        PGMGstUpdatePaePdpes(pVCpu, &pVCpu->hm.s.aPdpes[0]);
+                        Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES));
+                    }
+                    else
+                    {
+                        /* Set the force flag to inform PGM about it when necessary. It is cleared by PGMGstUpdatePaePdpes(). */
+                        VMCPU_FF_SET(pVCpu, VMCPU_FF_HM_UPDATE_PAE_PDPES);
+                    }
+                }
+            }
+            ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_CR3);
+        }
+    }
+
+    /* If everything has been imported, clear the HM keeper bit. */
+    if (!(pCtx->fExtrn & HMVMX_CPUMCTX_EXTRN_ALL))
+    {
+        ASMAtomicUoAndU64(&pCtx->fExtrn, ~CPUMCTX_EXTRN_KEEPER_HM);
+        Assert(!pCtx->fExtrn);
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Saves the guest state from the VMCS into the guest-CPU context.
+ *
+ * @returns VBox status code.
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pCtx    Pointer to the guest-CPU or nested-guest-CPU context.
+ * @param   fWhat   What to import, CPUMCTX_EXTRN_XXX.
+ */
+VMMR0DECL(int) VMXR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat)
+{
+    return hmR0VmxImportGuestState(pVCpu, pCtx, fWhat);
 }
 
@@ -7236 +7638 @@
     AssertRCReturn(rc3, rc3);
 
+    /** @todo  r=ramshankar: VMCPU_FF_HM_UPDATE_CR3 and VMCPU_FF_HM_UPDATE_PAE_PDPES
+     *         are not part of VMCPU_FF_HP_R0_PRE_HM_MASK. Hence, the two if
+     *         statements below won't ever be entered. Consider removing it or
+     *         determine if it is necessary to add these flags to VMCPU_FF_HP_R0_PRE_HM_MASK. */
     /* Pending HM CR3 sync. */
     if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_UPDATE_CR3))
@@ -10818 +11224 @@
 {
 # ifdef DEBUG_ramshankar
-#  define RETURN_EXIT_CALL(a_CallExpr) \
+#  define VMEXIT_CALL_RET(a_CallExpr) \
        do { \
             int rc2 = hmR0VmxSaveGuestState(pVCpu, pMixedCtx); AssertRC(rc2); \
@@ -10826 +11232 @@
         } while (0)
 # else
-#  define RETURN_EXIT_CALL(a_CallExpr) return a_CallExpr
+#  define VMEXIT_CALL_RET(a_CallExpr) return a_CallExpr
 # endif
     switch (rcReason)
     {
-        case VMX_EXIT_EPT_MISCONFIG:           RETURN_EXIT_CALL(hmR0VmxExitEptMisconfig(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_EPT_VIOLATION:           RETURN_EXIT_CALL(hmR0VmxExitEptViolation(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_IO_INSTR:                RETURN_EXIT_CALL(hmR0VmxExitIoInstr(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_CPUID:                   RETURN_EXIT_CALL(hmR0VmxExitCpuid(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RDTSC:                   RETURN_EXIT_CALL(hmR0VmxExitRdtsc(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RDTSCP:                  RETURN_EXIT_CALL(hmR0VmxExitRdtscp(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_APIC_ACCESS:             RETURN_EXIT_CALL(hmR0VmxExitApicAccess(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_XCPT_OR_NMI:             RETURN_EXIT_CALL(hmR0VmxExitXcptOrNmi(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_MOV_CRX:                 RETURN_EXIT_CALL(hmR0VmxExitMovCRx(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_EXT_INT:                 RETURN_EXIT_CALL(hmR0VmxExitExtInt(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_INT_WINDOW:              RETURN_EXIT_CALL(hmR0VmxExitIntWindow(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_MWAIT:                   RETURN_EXIT_CALL(hmR0VmxExitMwait(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_MONITOR:                 RETURN_EXIT_CALL(hmR0VmxExitMonitor(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_TASK_SWITCH:             RETURN_EXIT_CALL(hmR0VmxExitTaskSwitch(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_PREEMPT_TIMER:           RETURN_EXIT_CALL(hmR0VmxExitPreemptTimer(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RDMSR:                   RETURN_EXIT_CALL(hmR0VmxExitRdmsr(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_WRMSR:                   RETURN_EXIT_CALL(hmR0VmxExitWrmsr(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_MOV_DRX:                 RETURN_EXIT_CALL(hmR0VmxExitMovDRx(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_TPR_BELOW_THRESHOLD:     RETURN_EXIT_CALL(hmR0VmxExitTprBelowThreshold(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_HLT:                     RETURN_EXIT_CALL(hmR0VmxExitHlt(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_INVD:                    RETURN_EXIT_CALL(hmR0VmxExitInvd(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_INVLPG:                  RETURN_EXIT_CALL(hmR0VmxExitInvlpg(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RSM:                     RETURN_EXIT_CALL(hmR0VmxExitRsm(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_MTF:                     RETURN_EXIT_CALL(hmR0VmxExitMtf(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_PAUSE:                   RETURN_EXIT_CALL(hmR0VmxExitPause(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_XDTR_ACCESS:             RETURN_EXIT_CALL(hmR0VmxExitXdtrAccess(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_TR_ACCESS:               RETURN_EXIT_CALL(hmR0VmxExitXdtrAccess(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_WBINVD:                  RETURN_EXIT_CALL(hmR0VmxExitWbinvd(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_XSETBV:                  RETURN_EXIT_CALL(hmR0VmxExitXsetbv(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RDRAND:                  RETURN_EXIT_CALL(hmR0VmxExitRdrand(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_INVPCID:                 RETURN_EXIT_CALL(hmR0VmxExitInvpcid(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_GETSEC:                  RETURN_EXIT_CALL(hmR0VmxExitGetsec(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_RDPMC:                   RETURN_EXIT_CALL(hmR0VmxExitRdpmc(pVCpu, pMixedCtx, pVmxTransient));
-        case VMX_EXIT_VMCALL:                  RETURN_EXIT_CALL(hmR0VmxExitVmcall(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_EPT_MISCONFIG:           VMEXIT_CALL_RET(hmR0VmxExitEptMisconfig(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_EPT_VIOLATION:           VMEXIT_CALL_RET(hmR0VmxExitEptViolation(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_IO_INSTR:                VMEXIT_CALL_RET(hmR0VmxExitIoInstr(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_CPUID:                   VMEXIT_CALL_RET(hmR0VmxExitCpuid(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RDTSC:                   VMEXIT_CALL_RET(hmR0VmxExitRdtsc(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RDTSCP:                  VMEXIT_CALL_RET(hmR0VmxExitRdtscp(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_APIC_ACCESS:             VMEXIT_CALL_RET(hmR0VmxExitApicAccess(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_XCPT_OR_NMI:             VMEXIT_CALL_RET(hmR0VmxExitXcptOrNmi(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_MOV_CRX:                 VMEXIT_CALL_RET(hmR0VmxExitMovCRx(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_EXT_INT:                 VMEXIT_CALL_RET(hmR0VmxExitExtInt(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_INT_WINDOW:              VMEXIT_CALL_RET(hmR0VmxExitIntWindow(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_MWAIT:                   VMEXIT_CALL_RET(hmR0VmxExitMwait(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_MONITOR:                 VMEXIT_CALL_RET(hmR0VmxExitMonitor(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_TASK_SWITCH:             VMEXIT_CALL_RET(hmR0VmxExitTaskSwitch(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_PREEMPT_TIMER:           VMEXIT_CALL_RET(hmR0VmxExitPreemptTimer(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RDMSR:                   VMEXIT_CALL_RET(hmR0VmxExitRdmsr(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_WRMSR:                   VMEXIT_CALL_RET(hmR0VmxExitWrmsr(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_MOV_DRX:                 VMEXIT_CALL_RET(hmR0VmxExitMovDRx(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_TPR_BELOW_THRESHOLD:     VMEXIT_CALL_RET(hmR0VmxExitTprBelowThreshold(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_HLT:                     VMEXIT_CALL_RET(hmR0VmxExitHlt(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_INVD:                    VMEXIT_CALL_RET(hmR0VmxExitInvd(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_INVLPG:                  VMEXIT_CALL_RET(hmR0VmxExitInvlpg(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RSM:                     VMEXIT_CALL_RET(hmR0VmxExitRsm(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_MTF:                     VMEXIT_CALL_RET(hmR0VmxExitMtf(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_PAUSE:                   VMEXIT_CALL_RET(hmR0VmxExitPause(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_XDTR_ACCESS:             VMEXIT_CALL_RET(hmR0VmxExitXdtrAccess(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_TR_ACCESS:               VMEXIT_CALL_RET(hmR0VmxExitXdtrAccess(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_WBINVD:                  VMEXIT_CALL_RET(hmR0VmxExitWbinvd(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_XSETBV:                  VMEXIT_CALL_RET(hmR0VmxExitXsetbv(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RDRAND:                  VMEXIT_CALL_RET(hmR0VmxExitRdrand(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_INVPCID:                 VMEXIT_CALL_RET(hmR0VmxExitInvpcid(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_GETSEC:                  VMEXIT_CALL_RET(hmR0VmxExitGetsec(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_RDPMC:                   VMEXIT_CALL_RET(hmR0VmxExitRdpmc(pVCpu, pMixedCtx, pVmxTransient));
+        case VMX_EXIT_VMCALL:                  VMEXIT_CALL_RET(hmR0VmxExitVmcall(pVCpu, pMixedCtx, pVmxTransient));
 
         case VMX_EXIT_TRIPLE_FAULT:            return hmR0VmxExitTripleFault(pVCpu, pMixedCtx, pVmxTransient);
@@ -10896 +11302 @@
             return hmR0VmxExitErrUndefined(pVCpu, pMixedCtx, pVmxTransient);
     }
-#undef RETURN_EXIT_CALL
+#undef VMEXIT_CALL_RET
 }
 #endif /* !HMVMX_USE_FUNCTION_TABLE */

trunk/src/VBox/VMM/VMMR0/HMVMXR0.h

@@ -29 +29 @@
 #ifdef IN_RING0
 
-VMMR0DECL(int)  VMXR0Enter(PVM pVM, PVMCPU pVCpu, PHMGLOBALCPUINFO pCpu);
-VMMR0DECL(void) VMXR0ThreadCtxCallback(RTTHREADCTXEVENT enmEvent, PVMCPU pVCpu, bool fGlobalInit);
-VMMR0DECL(int)  VMXR0EnableCpu(PHMGLOBALCPUINFO pCpu, PVM pVM, void *pvPageCpu, RTHCPHYS pPageCpuPhys, bool fEnabledBySystem,
-                               void *pvMsrs);
-VMMR0DECL(int)  VMXR0DisableCpu(PHMGLOBALCPUINFO pCpu, void *pvPageCpu, RTHCPHYS pPageCpuPhys);
-VMMR0DECL(int)  VMXR0GlobalInit(void);
-VMMR0DECL(void) VMXR0GlobalTerm(void);
-VMMR0DECL(int)  VMXR0InitVM(PVM pVM);
-VMMR0DECL(int)  VMXR0TermVM(PVM pVM);
-VMMR0DECL(int)  VMXR0SetupVM(PVM pVM);
-VMMR0DECL(int)  VMXR0SaveHostState(PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          VMXR0Enter(PVM pVM, PVMCPU pVCpu, PHMGLOBALCPUINFO pCpu);
+VMMR0DECL(void)         VMXR0ThreadCtxCallback(RTTHREADCTXEVENT enmEvent, PVMCPU pVCpu, bool fGlobalInit);
+VMMR0DECL(int)          VMXR0EnableCpu(PHMGLOBALCPUINFO pCpu, PVM pVM, void *pvPageCpu, RTHCPHYS pPageCpuPhys,
+                                       bool fEnabledBySystem, void *pvMsrs);
+VMMR0DECL(int)          VMXR0DisableCpu(PHMGLOBALCPUINFO pCpu, void *pvPageCpu, RTHCPHYS pPageCpuPhys);
+VMMR0DECL(int)          VMXR0GlobalInit(void);
+VMMR0DECL(void)         VMXR0GlobalTerm(void);
+VMMR0DECL(int)          VMXR0InitVM(PVM pVM);
+VMMR0DECL(int)          VMXR0TermVM(PVM pVM);
+VMMR0DECL(int)          VMXR0SetupVM(PVM pVM);
+VMMR0DECL(int)          VMXR0SaveHostState(PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          VMXR0InvalidatePage(PVM pVM, PVMCPU pVCpu, RTGCPTR GCVirt);
+VMMR0DECL(int)          VMXR0ImportStateOnDemand(PVMCPU pVCpu, PCPUMCTX pCtx, uint64_t fWhat);
 VMMR0DECL(VBOXSTRICTRC) VMXR0RunGuestCode(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
-DECLASM(int)    VMXR0StartVM32(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
-DECLASM(int)    VMXR0StartVM64(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
-
+DECLASM(int)            VMXR0StartVM32(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
+DECLASM(int)            VMXR0StartVM64(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
 
 # if HC_ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS)
-DECLASM(int)    VMXR0SwitcherStartVM64(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
-VMMR0DECL(int)  VMXR0Execute64BitsHandler(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, HM64ON32OP enmOp, uint32_t cbParam,
-                                         uint32_t *paParam);
+DECLASM(int)            VMXR0SwitcherStartVM64(RTHCUINT fResume, PCPUMCTX pCtx, PVMCSCACHE pCache, PVM pVM, PVMCPU pVCpu);
+VMMR0DECL(int)          VMXR0Execute64BitsHandler(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, HM64ON32OP enmOp, uint32_t cbParam,
+                                                  uint32_t *paParam);
 # endif
 

trunk/src/VBox/VMM/VMMR3/CPUM.cpp

@@ -1433 +1433 @@
             SSMR3PutU16(pSSM,    pGstCtx->hwvirt.svm.cPauseFilterThreshold);
             SSMR3PutBool(pSSM,   pGstCtx->hwvirt.svm.fInterceptEvents);
-            SSMR3PutBool(pSSM,   pGstCtx->hwvirt.svm.fHMCachedVmcb);
             SSMR3PutStructEx(pSSM, &pGstCtx->hwvirt.svm.HostState, sizeof(pGstCtx->hwvirt.svm.HostState), 0 /* fFlags */,
                              g_aSvmHwvirtHostState, NULL /* pvUser */);
@@ -1674 +1673 @@
                         SSMR3GetU16(pSSM,      &pGstCtx->hwvirt.svm.cPauseFilterThreshold);
                         SSMR3GetBool(pSSM,     &pGstCtx->hwvirt.svm.fInterceptEvents);
-                        SSMR3GetBool(pSSM,     &pGstCtx->hwvirt.svm.fHMCachedVmcb);
                         SSMR3GetStructEx(pSSM, &pGstCtx->hwvirt.svm.HostState, sizeof(pGstCtx->hwvirt.svm.HostState),
                                          0 /* fFlags */, g_aSvmHwvirtHostState, NULL /* pvUser */);

trunk/src/VBox/VMM/VMMR3/EM.cpp

@@ -1886 +1886 @@
                     if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, &pVCpu->cpum.GstCtx, SVM_CTRL_INTERCEPT_INTR))
                     {
+                        CPUM_IMPORT_EXTRN_RET(pVCpu, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
                         VBOXSTRICTRC rcStrict = IEMExecSvmVmexit(pVCpu, SVM_EXIT_INTR, 0, 0);
                         if (RT_SUCCESS(rcStrict))
@@ -1904 +1905 @@
                     /* Note: it's important to make sure the return code from TRPMR3InjectEvent isn't ignored! */
                     /** @todo this really isn't nice, should properly handle this */
+                    CPUM_IMPORT_EXTRN_RET(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
                     int rc = TRPMR3InjectEvent(pVM, pVCpu, TRPM_HARDWARE_INT);
                     Assert(rc != VINF_PGM_CHANGE_MODE);
@@ -1926 +1928 @@
                 if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, &pVCpu->cpum.GstCtx, SVM_CTRL_INTERCEPT_VINTR))
                 {
+                    CPUM_IMPORT_EXTRN_RET(pVCpu, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
                     VBOXSTRICTRC rcStrict = IEMExecSvmVmexit(pVCpu, SVM_EXIT_VINTR, 0, 0);
                     if (RT_SUCCESS(rcStrict))

trunk/src/VBox/VMM/VMMR3/HM.cpp

@@ -3491 +3491 @@
         {
             PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVM->aCpus[i].hm.s.svm.NstGstVmcbCache;
-            rc  = SSMR3PutU16(pSSM,  pVmcbNstGstCache->u16InterceptRdCRx);
+            rc  = SSMR3PutBool(pSSM, pVmcbNstGstCache->fCacheValid);
+            rc |= SSMR3PutU16(pSSM,  pVmcbNstGstCache->u16InterceptRdCRx);
             rc |= SSMR3PutU16(pSSM,  pVmcbNstGstCache->u16InterceptWrCRx);
             rc |= SSMR3PutU16(pSSM,  pVmcbNstGstCache->u16InterceptRdDRx);
@@ -3576 +3577 @@
             {
                 PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVM->aCpus[i].hm.s.svm.NstGstVmcbCache;
-                rc  = SSMR3GetU16(pSSM,  &pVmcbNstGstCache->u16InterceptRdCRx);
+                rc  = SSMR3GetBool(pSSM, &pVmcbNstGstCache->fCacheValid);
+                rc |= SSMR3GetU16(pSSM,  &pVmcbNstGstCache->u16InterceptRdCRx);
                 rc |= SSMR3GetU16(pSSM,  &pVmcbNstGstCache->u16InterceptWrCRx);
                 rc |= SSMR3GetU16(pSSM,  &pVmcbNstGstCache->u16InterceptRdDRx);
@@ -3687 +3689 @@
 
 /**
- * Displays the guest VM-exit history.
+ * Displays HM info.
  *
  * @param   pVM         The cross context VM structure.
@@ -3761 +3763 @@
         && pVM->cpum.ro.GuestFeatures.fSvm)
     {
-        PCCPUMCTX            pCtx = CPUMQueryGuestCtxPtr(pVCpu);
         PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
         pHlp->pfnPrintf(pHlp, "CPU[%u]: HM SVM nested-guest VMCB cache\n", pVCpu->idCpu);
-        pHlp->pfnPrintf(pHlp, "  fHMCachedVmcb           = %#RTbool\n", pCtx->hwvirt.svm.fHMCachedVmcb);
+        pHlp->pfnPrintf(pHlp, "  fCacheValid             = %#RTbool\n", pVmcbNstGstCache->fCacheValid);
         pHlp->pfnPrintf(pHlp, "  u16InterceptRdCRx       = %#RX16\n",   pVmcbNstGstCache->u16InterceptRdCRx);
         pHlp->pfnPrintf(pHlp, "  u16InterceptWrCRx       = %#RX16\n",   pVmcbNstGstCache->u16InterceptWrCRx);

trunk/src/VBox/VMM/include/CPUMInternal.mac

@@ -243 +243 @@
     .Guest.hwvirt.svm.cPauseFilterThreshold  resw         1
     .Guest.hwvirt.svm.fInterceptEvents       resb         1
-    .Guest.hwvirt.svm.fHMCachedVmcb          resb         1
     alignb 8
     .Guest.hwvirt.svm.pvMsrBitmapR0          RTR0PTR_RES  1
@@ -531 +530 @@
     .Hyper.hwvirt.svm.cPauseFilterThreshold  resw         1
     .Hyper.hwvirt.svm.fInterceptEvents       resb         1
-    .Hyper.hwvirt.svm.fHMCachedVmcb          resb         1
     alignb 8
     .Hyper.hwvirt.svm.pvMsrBitmapR0          RTR0PTR_RES  1

trunk/src/VBox/VMM/include/HMInternal.h

@@ -143 +143 @@
  * @{
  */
+#if 0
+#define HM_CHANGED_HOST_CONTEXT                    UINT64_C(0x0000000000000001)
+#define HM_CHANGED_GUEST_RIP                       UINT64_C(0x0000000000000004)
+#define HM_CHANGED_GUEST_RFLAGS                    UINT64_C(0x0000000000000008)
+#define HM_CHANGED_GUEST_RAX                       UINT64_C(0x0000000000000010)
+#define HM_CHANGED_GUEST_RCX                       UINT64_C(0x0000000000000020)
+#define HM_CHANGED_GUEST_RDX                       UINT64_C(0x0000000000000040)
+#define HM_CHANGED_GUEST_RBX                       UINT64_C(0x0000000000000080)
+#define HM_CHANGED_GUEST_RSP                       UINT64_C(0x0000000000000100)
+#define HM_CHANGED_GUEST_RBP                       UINT64_C(0x0000000000000200)
+#define HM_CHANGED_GUEST_RSI                       UINT64_C(0x0000000000000400)
+#define HM_CHANGED_GUEST_RDI                       UINT64_C(0x0000000000000800)
+#define HM_CHANGED_GUEST_R8_R15                    UINT64_C(0x0000000000001000)
+#define HM_CHANGED_GUEST_GPRS_MASK                 UINT64_C(0x0000000000001ff0)
+#define HM_CHANGED_GUEST_ES                        UINT64_C(0x0000000000002000)
+#define HM_CHANGED_GUEST_CS                        UINT64_C(0x0000000000004000)
+#define HM_CHANGED_GUEST_SS                        UINT64_C(0x0000000000008000)
+#define HM_CHANGED_GUEST_DS                        UINT64_C(0x0000000000010000)
+#define HM_CHANGED_GUEST_FS                        UINT64_C(0x0000000000020000)
+#define HM_CHANGED_GUEST_GS                        UINT64_C(0x0000000000040000)
+#define HM_CHANGED_GUEST_SREG_MASK                 UINT64_C(0x000000000007e000)
+#define HM_CHANGED_GUEST_GDTR                      UINT64_C(0x0000000000080000)
+#define HM_CHANGED_GUEST_IDTR                      UINT64_C(0x0000000000100000)
+#define HM_CHANGED_GUEST_LDTR                      UINT64_C(0x0000000000200000)
+#define HM_CHANGED_GUEST_TR                        UINT64_C(0x0000000000400000)
+#define HM_CHANGED_GUEST_TABLE_MASK                UINT64_C(0x0000000000780000)
+#define HM_CHANGED_GUEST_CR0                       UINT64_C(0x0000000000800000)
+#define HM_CHANGED_GUEST_CR2                       UINT64_C(0x0000000001000000)
+#define HM_CHANGED_GUEST_CR3                       UINT64_C(0x0000000002000000)
+#define HM_CHANGED_GUEST_CR4                       UINT64_C(0x0000000004000000)
+#define HM_CHANGED_GUEST_CR_MASK                   UINT64_C(0x0000000007800000)
+#define HM_CHANGED_GUEST_APIC_TPR                  UINT64_C(0x0000000008000000)
+#define HM_CHANGED_GUEST_EFER                      UINT64_C(0x0000000010000000)
+#define HM_CHANGED_GUEST_DR0_DR3                   UINT64_C(0x0000000020000000)
+#define HM_CHANGED_GUEST_DR6                       UINT64_C(0x0000000040000000)
+#define HM_CHANGED_GUEST_DR7                       UINT64_C(0x0000000080000000)
+#define HM_CHANGED_GUEST_DR_MASK                   UINT64_C(0x00000000e0000000)
+#define HM_CHANGED_GUEST_X87                       UINT64_C(0x0000000100000000)
+#define HM_CHANGED_GUEST_SSE_AVX                   UINT64_C(0x0000000200000000)
+#define HM_CHANGED_GUEST_OTHER_XSAVE               UINT64_C(0x0000000400000000)
+#define HM_CHANGED_GUEST_XCRx                      UINT64_C(0x0000000800000000)
+#define HM_CHANGED_GUEST_KERNEL_GS_BASE            UINT64_C(0x0000001000000000)
+#define HM_CHANGED_GUEST_SYSCALL_MSRS              UINT64_C(0x0000002000000000)
+#define HM_CHANGED_GUEST_SYSENTER_MSRS             UINT64_C(0x0000004000000000)
+#define HM_CHANGED_GUEST_TSC_AUX                   UINT64_C(0x0000008000000000)
+#define HM_CHANGED_GUEST_OTHER_MSRS                UINT64_C(0x0000010000000000)
+#define HM_CHANGED_GUEST_ALL_MSRS                  (  HM_CHANGED_GUEST_EFER            \
+                                                    | HM_CHANGED_GUEST_KERNEL_GS_BASE  \
+                                                    | HM_CHANGED_GUEST_SYSCALL_MSRS    \
+                                                    | HM_CHANGED_GUEST_SYSENTER_MSRS   \
+                                                    | HM_CHANGED_GUEST_TSC_AUX         \
+                                                    | HM_CHANGED_GUEST_OTHER_MSRS)
+#define HM_CHANGED_GUEST_HWVIRT                    UINT64_C(0x0000020000000000)
+#define HM_CHANGED_GUEST_CONTEXT                   UINT64_C(0x000003fffffffffc)
+
+#define HM_CHANGED_KEEPER_STATE_MASK               UINT64_C(0xffff000000000000)
+
+#define HM_CHANGED_VMX_GUEST_XCPT_INTERCEPTS       UINT64_C(0x0001000000000000)
+#define HM_CHANGED_VMX_GUEST_AUTO_MSRS             UINT64_C(0x0002000000000000)
+#define HM_CHANGED_VMX_GUEST_LAZY_MSRS             UINT64_C(0x0004000000000000)
+#define HM_CHANGED_VMX_ENTRY_CTLS                  UINT64_C(0x0008000000000000)
+#define HM_CHANGED_VMX_EXIT_CTLS                   UINT64_C(0x0010000000000000)
+#define HM_CHANGED_VMX_MASK                        UINT64_C(0x001f000000000000)
+
+#define HM_CHANGED_SVM_GUEST_XCPT_INTERCEPTS       UINT64_C(0x0001000000000000)
+#define HM_CHANGED_SVM_MASK                        UINT64_C(0x0001000000000000)
+
+#define HM_CHANGED_HOST_GUEST_SHARED_STATE         (  HM_CHANGED_GUEST_CR0             \
+                                                    | HM_CHANGED_GUEST_DR_MASK         \
+                                                    | HM_CHANGED_VMX_GUEST_LAZY_MSRS)
+
+#define HM_CHANGED_ALL_GUEST                       (  HM_CHANGED_GUEST_CONTEXT
+                                                    | HM_CHANGED_KEEPER_STATE_MASK)
+#endif
+
 #define HM_CHANGED_GUEST_CR0                     RT_BIT(0)      /* Shared */
 #define HM_CHANGED_GUEST_CR3                     RT_BIT(1)

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -639 +639 @@
  * @param   a_fExtrnMbz     The mask of CPUMCTX_EXTRN_XXX flags that must be zero.
  */
-#define IEM_CTX_ASSERT(a_pVCpu, a_fExtrnMbz)     Assert(!((a_pVCpu)->cpum.GstCtx.fExtrn & (a_fExtrnMbz)))
+#define IEM_CTX_ASSERT(a_pVCpu, a_fExtrnMbz)    AssertMsg(!((a_pVCpu)->cpum.GstCtx.fExtrn & (a_fExtrnMbz)), \
+                                                          ("fExtrn=%#RX64 fExtrnMbz=%#RX64\n", (a_pVCpu)->cpum.GstCtx.fExtrn, \
+                                                          (a_fExtrnMbz)))
 
 /** @def IEM_CTX_IMPORT_RET

trunk/src/VBox/VMM/testcase/tstVMStruct.h

@@ -141 +141 @@
     GEN_CHECK_OFF(CPUMCTX, hwvirt.svm.cPauseFilterThreshold);
     GEN_CHECK_OFF(CPUMCTX, hwvirt.svm.fInterceptEvents);
-    GEN_CHECK_OFF(CPUMCTX, hwvirt.svm.fHMCachedVmcb);
     GEN_CHECK_OFF(CPUMCTX, hwvirt.svm.pvMsrBitmapR0);
     GEN_CHECK_OFF(CPUMCTX, hwvirt.svm.pvMsrBitmapR3);