On 19/06/2015 18:33, Michael S. Tsirkin wrote: > On Fri, Jun 19, 2015 at 06:26:27PM +0200, Paolo Bonzini wrote: >> >> >> On 19/06/2015 18:20, Michael S. Tsirkin wrote: >>>> We could, but I/O is just an example. It can be I/O, a network ring, >>>> whatever. We cannot audit all address_space_map uses. >>>> >>> >>> No need to audit them all: defer device_add using an hva range until >>> address_space_unmap drops using hvas in range drops reference count to >>> 0. >> >> That could be forever. You certainly don't want to lockup the monitor >> forever just because a device model isn't too friendly to memory hot-unplug. > > We can defer the addition, no need to lockup the monitor. Patches are welcome. >> That's why you need to audit them (also, it's perfectly in the device >> model's right to use address_space_unmap this way: it's the guest that's >> buggy and leaves a dangling reference to a region before unplugging it). > > Then maybe it's not too bad that the guest will crash because the memory > was unmapped. That's a matter of taste. I strongly prefer using 12K extra memory per VCPU to a guest crash. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in
