On 05/08/2017 10:00, Andrei Vlad LUTAS wrote: > Of course, just how Paolo suggested, we can place finer-grained > intercepts (such as execute-protect a page in order to ensure no VCPU > runs code from it while we modify it), but this is a more complicated > solution and we've never had to think for something other than simply > pausing the VCPUs, since that was always available so far. > > Hope this piece of info helps. We can certainly add a "pause the VCPU with a given id" command. The command reports its success with an event, and replying to the event restarts the VCPU. If the VCPU is currently in userspace, the event would be delayed until the next time KVM is re-entered, but this should not be an issue in general. The introspector can operate as if the VCPU was paused. "Pause all VCPUs and stop all DMA" would definitely be a layering violation, so it cannot be added. "Pause all VCPUs" is basically a shortcut for many "pause the VCPU with a given id" commands. I lean towards omitting it. However, now that I'm thinking of it, we need a new event for "new VCPU created". When the event is enabled, newly-created VCPUs should be in paused mode. Paolo
