Index: /trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp
===================================================================
--- /trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp	(revision 65934)
+++ /trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp	(revision 65935)
@@ -4246,4 +4246,5 @@
 }
 
+
 /**
  * Updates interrupt shadow for the current RIP.
@@ -4257,4 +4258,5 @@
     } while (0)
 
+
 /**
  * Advances the guest RIP making use of the CPU's NRIP_SAVE feature if
@@ -4274,5 +4276,5 @@
     if (pVCpu->CTX_SUFF(pVM)->hm.s.svm.u32Features & AMD_CPUID_SVM_FEATURE_EDX_NRIP_SAVE)
     {
-        PSVMVMCB pVmcb = (PSVMVMCB)pVCpu->hm.s.svm.pvVmcb;
+        PCSVMVMCB pVmcb = (PCSVMVMCB)pVCpu->hm.s.svm.pvVmcb;
         Assert(pVmcb->ctrl.u64NextRIP);
         Assert(pVmcb->ctrl.u64NextRIP - pCtx->rip == cb);
@@ -4285,4 +4287,27 @@
 }
 
+/* Currently only used by nested hw.virt instructions, so ifdef'd as such, otherwise compilers start whining. */
+#ifdef VBOX_WITH_NESTED_HWVIRT
+/**
+ * Gets the length of the current instruction if the CPU supports the NRIP_SAVE
+ * feature. Otherwise, returns the value in @a cbLikely.
+ *
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   pCtx        Pointer to the guest-CPU context.
+ * @param   cbLikely    The likely instruction length.
+ */
+DECLINLINE(uint8_t) hmR0SvmGetInstrLengthHwAssist(PVMCPU pVCpu, PCPUMCTX pCtx, uint8_t cbLikely)
+{
+    Assert(cbLikely <= 15);   /* See Intel spec. 2.3.11 "AVX Instruction Length" */
+    if (pVCpu->CTX_SUFF(pVM)->hm.s.svm.u32Features & AMD_CPUID_SVM_FEATURE_EDX_NRIP_SAVE)
+    {
+        PCSVMVMCB pVmcb = (PCSVMVMCB)pVCpu->hm.s.svm.pvVmcb;
+        uint8_t const cbInstr = pVmcb->ctrl.u64NextRIP - pCtx->rip;
+        Assert(cbInstr == cbLikely);
+        return cbInstr;
+    }
+    return cbLikely;
+}
+#endif
 
 /**
@@ -5672,6 +5697,6 @@
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitClgi); */
-    /** @todo Decode Assist. */
-    VBOXSTRICTRC rcStrict = IEMExecDecodedClgi(pVCpu, 3);
+    uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
+    VBOXSTRICTRC rcStrict = IEMExecDecodedClgi(pVCpu, cbInstr);
     return VBOXSTRICTRC_VAL(rcStrict);
 }
@@ -5686,6 +5711,6 @@
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitStgi); */
-    /** @todo Decode Assist. */
-    VBOXSTRICTRC rcStrict = IEMExecDecodedStgi(pVCpu, 3);
+    uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
+    VBOXSTRICTRC rcStrict = IEMExecDecodedStgi(pVCpu, cbInstr);
     return VBOXSTRICTRC_VAL(rcStrict);
 }
@@ -5700,6 +5725,6 @@
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitVmload); */
-    /** @todo Decode Assist. */
-    VBOXSTRICTRC rcStrict = IEMExecDecodedVmload(pVCpu, 3);
+    uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
+    VBOXSTRICTRC rcStrict = IEMExecDecodedVmload(pVCpu, cbInstr);
     return VBOXSTRICTRC_VAL(rcStrict);
 }
@@ -5714,6 +5739,6 @@
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitVmsave); */
-    /** @todo Decode Assist. */
-    VBOXSTRICTRC rcStrict = IEMExecDecodedVmsave(pVCpu, 3);
+    uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
+    VBOXSTRICTRC rcStrict = IEMExecDecodedVmsave(pVCpu, cbInstr);
     return VBOXSTRICTRC_VAL(rcStrict);
 }
@@ -5728,6 +5753,6 @@
     /** @todo Stat. */
     /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitInvlpga); */
-    /** @todo Decode Assist. */
-    VBOXSTRICTRC rcStrict = IEMExecDecodedInvlpga(pVCpu, 3);
+    uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
+    VBOXSTRICTRC rcStrict = IEMExecDecodedInvlpga(pVCpu, cbInstr);
     return VBOXSTRICTRC_VAL(rcStrict);
 }