On Thursday 21 Apr 2022 at 16:40:56 (+0000), Oliver Upton wrote: > The other option would be to not touch the subtree at all until the rcu > callback, as at that point software will not tweak the tables any more. > No need for atomics/spinning and can just do a boring traversal. Right that is sort of what I had in mind. Note that I'm still trying to make my mind about the overall approach -- I can see how RCU protection provides a rather elegant solution to this problem, but this makes the whole thing inaccessible to e.g. pKVM where RCU is a non-starter. A possible alternative that comes to mind would be to have all walkers take references on the pages as they walk down, and release them on their way back, but I'm still not sure how to make this race-safe. I'll have a think ...