On Sun, Jan 19, 2020 at 10:09:53AM +0100, Paolo Bonzini wrote: > On 09/01/20 20:15, Peter Xu wrote: > > Regarding dropping the indices: I feel like it can be done, though we > > probably need two extra bits for each GFN entry, for example: > > > > - Bit 0 of the GFN address to show whether this is a valid publish > > of dirty gfn > > > > - Bit 1 of the GFN address to show whether this is collected by the > > user > > We can use bit 62 and 63 of the GFN. If we are short on bits we can just use 1 bit. E.g. set if userspace has collected the GFN. > I think this can be done in a secure way. Later in the thread you say: > > > We simply check fetch_index (sorry I > > meant this when I said reset_index, anyway it's the only index that we > > expose to userspace) to make sure: > > > > reset_index <= fetch_index <= dirty_index > > So this means that KVM_RESET_DIRTY_RINGS should only test the "collected > by user" flag on dirty ring entries between reset_index and dirty_index. > > Also I would make it > > 00b (invalid GFN) -> > 01b (valid gfn published by kernel, which is dirty) -> > 1*b (gfn dirty page collected by userspace) -> > 00b (gfn reset by kernel, so goes back to invalid gfn) > That is 10b and 11b are equivalent. The kernel doesn't read that bit if > userspace has collected the page. > > Paolo
