nice post. One interesting design is giving the host a callback function to allocate memory from the guest. Did you guys consider having something like hostcall_req_get_path(&mem, &size); where the guest can pass existing memory like stack memory to the host.
You can use stack memory/reuse buffers, by calling hostcall_init_mm() before the actual hostcall. A bit clunky, but this prevents issues with internal allocations.