[Hypervisor Live Update] Notes from September 22, 2025

David Rientjes rientjes at google.com
Sat Oct 4 21:49:33 PDT 2025 

Hi everybody,

Here are the notes from the last Hypervisor Live Update call that happened 
on Monday, September 22.  Thanks to everybody who was involved!

These notes are intended to bring people up to speed who could not attend 
the call as well as keep the conversation going in between meetings.

----->o-----
Pasha updated LUO v4 by syncing with linux-next and was going over all 
feedback.  The session support had been added and he planned on sending 
the next series over the next couple days.  No major changes other than 
the session support.  There was a lot of discussion about versioning but 
that will not be included in the next series.

There were no major updates on luod, the design doc continued to be 
receiving feedback.  We planned on sending this to the googleprodkernel 
GitHub when ready[1].

----->o-----
We discussed memfd preservation and the 1GB limitation.  Pratyush noted 
that he had worked through all feedback based on v5.  The next version 
will still have the 1GB limitation and we're waiting for Mike's series 
before addressing that.  Once we have the vmalloc support, this will be 
more straightforward.

Pratyush noted that the next steps for memfd preservation would be sparse 
memfds and hugepages.  He suggested that guest_memfd may be simpler as an 
extension.  Pasha noted that HugeTLB support would actually be harder.

Vmalloc support should make it into the next merge window and then memfd 
support can avoid the 1GB limitation, so it may be possible for the next 
merge window to lift the 1GB limitation and include sparse memfd support.

----->o-----
Chris discussed preservation of memory with split folios and the error 
path.  If a folio is preserved and then it is split, the preservation 
needs to be undone before preserving it again.  Pasha said that this 
simply could not happen because KHO memory is not migratable.  Jason noted 
that memfd would have to prevent any split, including in cases of page 
fault with pinning.

Pratyush noted that we may want to add some debugging assertions to ensure 
all KHO memory is pinned, cannot be migrated, and the folio cannot be 
split.

Vishal noted for Confidential Computing that folios are sometimes split to 
handle the sharing of pages, the conversion of shared <-> private guest 
memory.  Since the guest can ask for this conversion during brown out, 
we'll need to ensure that this can't happen.

----->o-----
Chris updated the status of PCI preservation and sending out v2 of those 
patches.  The current patch series only preserves the bus master bit.  He 
asked for any feedback to be provided on the list as he was planning on 
pushing for this to be merged after LUO v4 is landed.

We discussed where to merge the changes when they are ready, the consensus 
was that this would go through the PCI maintainer tree but after the LUO 
APIs are already merged upstream.

----->o-----
Andrey provided an update on KSTATE, he said he will would be willing to 
go over the current status and plans through the end of the year in the 
next sync so we planned on carving out some time in the next instance.

----->o-----
Vipin went over VFIO device preservation at Google as a follow-up to the 
KVM forum[2].

Vipin noted the internal approach will be different from what is sent 
upstream.  Vipin discussed passing VFIO device file descriptor to the LUO 
ioctl for preservation similar to what is being done for memfd.  There was 
an open question on whether VFIO cdev should be shown in /dev/vfio/devices 
until the VMM has reclaimed the device from LUO.  Jason suggested that it 
should either error out or cancel the live update (resets the device and 
operates normally).  Pasha suggested that if the fd had not been reclaimed 
after kexec then it should reset the device.

Vipin discussed interrupt preservation and the internal approach for doing 
this.  There's an alternative of disabling interrupts on the device before 
kexec and then after kexec, set up new interrupts and blindly inject all 
configured interrupts.  At KVM Forum there was feedback provided about 
side effects of this for Windows guests.  Jason suggested sending patches 
for this alternative as a starting point.

----->o-----
Next meeting will be on Monday, October 6 at 8am PDT (UTC-7), everybody is
welcome: https://meet.google.com/rjn-dmzu-hgq

Topics for the next meeting:

 - update on latest status of LUO and next steps for merge into akpm's
   tree
 - update on the status of versioning support and anticipated timelines
   for inclusion
 - update on the status of stateless KHO RFC patches that should simplify
   LUO support
 - update on memfd preservation, vmalloc support, and 1GB limitation
 - discuss guest_memfd preservation use cases for Confidential Computing
   and any current work happening on it, including overlap with memfd
   preservation being worked on by Pratyush
   + discuss any use cases for Confidential Computing where folios may
     need to be split after being marked as preserved during brown out
 - [20 min] Andrey will discuss the current status of KSTATE and plans for
   it through the end of this year
 - [25 min] Samiullah will discuss IOMMU preservation plans to get early
   alignment with stakeholders
 - later: testing methodology to allow downstream consumers to qualify
   that live update works from one version to another
 - later: reducing blackout window during live update

Please let me know if you'd like to propose additional topics for
discussion, thank you!

[1] https://github.com/googleprodkernel/linux-liveupdate
[2]
https://gitlab.com/qemu-project/kvm-forum/-/raw/main/_attachments/2025/VFIO_device_DiiwG94.pdf

More information about the kexec mailing list