On Tue, Oct 3, 2023 at 4:46 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > The only way a KVM_EXIT_MEMORY_FAULT that actually reaches userspace could be > "unreliable" is if something other than a memory_fault exit clobbered the union, > but didn't signal its KVM_EXIT_* reason. And that would be an egregious bug that > isn't unique to KVM_EXIT_MEMORY_FAULT, i.e. the same data corruption would affect > each and every other KVM_EXIT_* reason. Keep in mind the case where an "unreliable" annotation sets up a KVM_EXIT_MEMORY_FAULT, KVM_RUN ends up continuing, then something unrelated comes up and causes KVM_RUN to EFAULT. Although this at least is a case of "outdated" information rather than blatant corruption. IIRC the last time this came up we said that there's minimal harm in userspace acting on the outdated info, but it seems like another good argument for just restricting the annotations to paths we know are reliable. What if the second EFAULT above is fatal (as I understand all are today) and sets up subsequent KVM_RUNs to crash and burn somehow? Seems like that'd be a safety issue.
