Protecting state information for virtual machines

1 . A method comprising: detecting an exit condition of a virtual machine (VM) running on a processor that implements registers to define a state of the VM while the processor is running the VM; storing, in response to detecting the exit condition, contents of the registers in a first data structure that is isolated from a hypervisor of the VM; and selectively exposing contents of a subset of the registers to the hypervisor. 2 . The method of claim 1 , wherein storing the contents of the registers in the first data structure comprises storing the contents of the registers at a memory location that is inaccessible to the hypervisor. 3 . The method of claim 1 , wherein storing the contents of the registers in the first data structure comprises encrypting the contents of the registers using a hardware encryption module prior to storing the contents of the registers in the first data structure. 4 . The method of claim 1 , wherein selectively exposing the contents of the subset of the registers comprises storing the contents of the subset of the registers in a second data structure that is visible to the hypervisor. 5 . The method of claim 4 , further comprising: detecting an exception issued by the processor in response to detecting the exit condition; and determining the subset of the contents of the registers to be exposed to the hypervisor in response to detecting the exception. 6 . The method of claim 5 , further comprising: completing an exit process for the VM based on the subset of the contents of the registers exposed to the hypervisor in the second data structure. 7 . The method of claim 6 , wherein completing the exit process for the VM comprises modifying at least one of the subset of the contents of the registers in the second data structure. 8 . The method of claim 7 , further comprising: loading the contents of the registers from the first data structure in response to initiating execution of the VM on the processor after completing the exit process; and modifying at least one value in the registers to correspond to the modified at least one of the subset of the contents of the registers in the second data structure. 9 . The method of claim 8 , wherein loading the contents of the registers from the first data structure comprises loading the contents of the registers from the first data structure in response to a checksum calculated based on the contents of the registers in the first data structure matching a previously stored checksum. 10 . An apparatus comprising: a processor that implements registers to define a state of a virtual machine (VM) while the VM is running on the processor, wherein the processor detects exit conditions of the VM, wherein the processor is to store, in response to the processor detecting an exit condition, contents of the registers in a first data structure that is isolated from a hypervisor of the VM, wherein the VM is to selectively expose contents of a subset of the registers to the hypervisor. 11 . The apparatus of claim 10 , wherein the processor is to store the contents of the registers at a location that is inaccessible to the hypervisor. 12 . The apparatus of claim 10 , further comprising: a hardware encryption module to encrypt the contents of the registers prior to storing the contents of the registers in the first data structure. 13 . The apparatus of claim 10 , wherein the VM is to selectively expose the contents of the subset of the registers by storing the contents of the subset of the registers in a second data structure that is visible to the hypervisor. 14 . The apparatus of claim 13 , wherein the VM is to execute an exception handler to detect an exception issued by the processor in response to detecting the exit condition and determine the subset of the contents of the registers to be exposed to the hypervisor in response to detecting the exception. 15 . The apparatus of claim 14 , wherein the hypervisor is to complete an exit process for the VM based on the subset of the contents of the registers exposed to the hypervisor in the second data structure. 16 . The apparatus of claim 15 , wherein the hypervisor is to modify at least one of the subset of the contents of the registers in the second data structure. 17 . The apparatus of claim 16 , wherein the hypervisor is to load the contents of the registers from the first data structure in response to initiating execution of the VM on the processor after completing the exit process, and wherein the exception handler is to modify at least one value in the registers to correspond to the modified at least one of the subset of the contents of the registers in the second data structure. 18 . The apparatus of claim 17 , wherein the hypervisor is to load the contents of the registers from the first data structure in response to a checksum calculated based on the contents of the registers in the first data structure matching a previously stored checksum. 19 . A non-transitory computer readable storage medium embodying a set of executable instructions, the set of executable instructions to manipulate a computer system to perform a portion of a process to fabricate at least part of a processing system, the processing system comprising: a processor that implements registers to define a state of a virtual machine (VM) while the VM is running on the processor, wherein the processor detects exit conditions of the VM, wherein the processor is to store, in response to the processor detecting an exit condition, contents of the registers in a first data structure that is isolated from a hypervisor of the VM, wherein the VM is to selectively expose contents of a subset of the registers to the hypervisor. 20 . The non-transitory computer readable storage medium of claim 19 , wherein the processing system further comprises: a hardware encryption module to encrypt the contents of the registers prior to storing the contents of the registers in the first data structure.