Re: [PATCH v3 03/14] KVM: s390: pv: leak the ASCE page when destroy fails

[Claudio Imbrenda]

On Fri, 6 Aug 2021 09:31:54 +0200
David Hildenbrand <david@xxxxxxxxxx> wrote:

> On 04.08.21 17:40, Claudio Imbrenda wrote:
> > When a protected VM is created, the topmost level of page tables of
> > its ASCE is marked by the Ultravisor; any attempt to use that
> > memory for protected virtualization will result in failure.
> > 
> > Only a successful Destroy Configuration UVC will remove the marking.
> > 
> > When the Destroy Configuration UVC fails, the topmost level of page
> > tables of the VM does not get its marking cleared; to avoid issues
> > it must not be used again.
> > 
> > Since the page becomes in practice unusable, we set it aside and
> > leak it.  
> 
> Instead of leaking, can't we add it to some list and try again later?
> Or do we only expect permanent errors?

once the secure VM has been destroyed unsuccessfully, there is nothing
that can be done, this is a permanent error

> Also, we really should bail out loud (pr_warn) to tell the admin that 
> something really nasty is going on.

when a destroy secure VM UVC fails, there are already other warnings
printed, no need to add one more