Here's what I think is going on (with the C repro anyway): 1. KVM_RUN a nested VM, and eventually we end up with nested_run_pending=1. 2. Exit KVM_RUN with EINTR (or any reason really, but I see EINTR in repro attempts). 3. KVM_SET_REGS to set rflags to 0x1ac585, which has X86_EFLAGS_VM, flipping it and setting vmx->emulation_required = true. 3. KVM_RUN again. vmx->emulation_required will stop KVM from clearing nested_run_pending, and then we hit the KVM_BUG_ON(nested_run_pending) in __vmx_handle_exit(). So I guess the KVM_BUG_ON() is a little bit too conservative, but this is nonsensical VMM behavior. So I'm not really sure what the best solution is. Sean, any thoughts?
