On 9/29/22 17:18, Sean Christopherson wrote:
IMO, KVM_MEM_DISABLED or similar is the way to go. I.e. formalize the "restart page faults" semantics without taking on the complexity of batched updates.
If userspace has to collaborate, KVM_MEM_DISABLED (or KVM_MEM_USER_EXIT would be a better name) is not needed either except as an optimization; you can just kick all CPUs unconditionally.
And in fact KVM_MEM_DISABLED is not particularly easy to implement either; in order to allow split/merge it should be possible for a new memslot to replace multiple disabled memslots, in order to allow merging, and to be only partially overlap the first/last disabled memslot it replaces.
None of this is allowed for other memslots, so exactly the same metadata complications exist as for other options such as wholesale replacement or batched updates. The only semantics with a sane implementation would be to destroy the dirty bitmap of disabled memslots when they are replaced. At least it would be possible for userspace to set KVM_MEM_DISABLED, issue KVM_GET_DIRTY_LOG and then finally create the new memslot. That would be _correct_, but still not very appealing.
I don't exclude suffering from tunnel vision, but batched updates to me still seem to be the least bad option.
Paolo