On 28/06/2017 15:38, Radim Krčmář wrote: >> Radim, Wanpeng, >> >> the patch is nice now but I'm still not 100% sure about the live >> migration part. Why do we need to pass nested_apf to userspace, but not >> nested_apf_token? > > We do not need it for migration, but unavailable nested_apf_token > already breaks checkpoint & restore from userspace ... I think the > cleanest way would be to add a new paravirtual event for nested_apf. > (Or just keep delaying the apf.) Indeed. With Jim's plans to migrate nested virt data, I was wondering if nested_apf and nested_apf_token would be better placed in that ioctl, rather than GET/SET_VCPU_EVENTS. Nested-virt migration is broken anyway until we have Jim's patches, so there's little point in migrating nested_apf only. Do you agree? > Migration does a "async-pf-broadcast" while setting the async-pf MSR on > destination, which resumes all async-pf waiters. > Userspace actually has to drop the async-pf event on migration, because > the destination has invalid nested_apf_token. (It's a horrible design.) Yes, this was my question essentially. I would still migrate nested_apf_token (as part of nested virt state), and then clear it in KVM when doing the async-pf broadcast. Paolo > nested_apf is not #PF: if we didn't pass nested_apf, then the exception > would be injected as #PF to L2 after migration. (Local KVM could > remember that the #PF is nested_apf and do some ugly hacks.)
