On 19/02/2018 06:44, KarimAllah Ahmed wrote: > 1- It ensures that user-space tools that does not understand nesting > can still see the expected guest state when querying guest state or > even when trying to read memory, translate an address, etc. How does it work when L1 assigns an MMIO region or PIO region for direct L2 access, and then L2 requests MMIO from userspace? You cannot do a vmexit in that case. > 2- It is very simple and does not require a whole lot of state in user- > space. It's still requires _some_ state. If you need a new API, the amount of state that the API saves/restores is not particularly interesting. Paolo
