On 22/07/19 12:43, Jan Kiszka wrote: >> Currently QEMU writes to userspace maintained nested-state only at >> kvm_arch_init_vcpu() and >> when loading vmstate_nested_state vmstate subsection. >> kvm_arch_reset_vcpu() do not modify userspace maintained nested-state. > Hmm, then we probably achieve that effect by clearing the related bit in CR4.
Almost: by clearing the VMX enable bit in MSR_IA32_FEATURE_CONTROL. Actually I think you contributed that. :) I think we could in principle skip that MSR write if env->nested_state != NULL, but it doesn't hurt either, and it makes sense that nested virt state goes together with MSR_IA32_FEATURE_CONTROL since the latter is indede nested virtualization related. Paolo > If doing that implies an invalidation of the nested state by KVM, we > are fine. Otherwise, I would expect userspace to reset the state to > VMCLEAR and purge any traces of prior use.
