On 25/09/20 18:32, Marc Zyngier wrote: > I'm quite like the idea. However, I wonder whether preventing the > vcpus from re-entering the guest is enough. When something goes really > wrong, is it safe to allow the userspace process to terminate normally > and free the associated memory? And is it still safe to allow new VMs > to be started? For something that bad, where e.g. you can't rule out future memory corruptions via use-after-free bugs or similar, you're probably entering BUG_ON territory. Paolo
