On Fri, Jan 02, 2026, Fred Griffoul wrote: > First, the current approach is missing proper invalidation handling in > critical scenarios. Enlightened VMCS (eVMCS) pages can become stale when > memslots are modified, as there is no mechanism to invalidate the cached > mappings.
This is a non-issue. Modifying memslots while vCPUs are active will cause problems, period. There is no magic on earth that will prevent that. > Similarly, APIC access and virtual APIC pages can be migrated > by the host, but without proper notification through mmu_notifier > callbacks, the mappings become invalid and can lead to incorrect > behavior. No, they can't, at least not for unmanaged memory. For kernel-managed memory, KVM obtains a long-term pin, which prevents the host from migrating the page.
