Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1619822imw; Tue, 5 Jul 2022 12:29:21 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ve4BApxuQsZPcWMs76Wun3Xw0v33VQleofzrYkGGRZ+rQlMafjd2lBVbnUiTFcI/YotjTc X-Received: by 2002:a17:90a:4cc3:b0:1ec:7bda:2e68 with SMTP id k61-20020a17090a4cc300b001ec7bda2e68mr46734051pjh.33.1657049361299; Tue, 05 Jul 2022 12:29:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657049361; cv=none; d=google.com; s=arc-20160816; b=dc/f5GGsVAWVPt1Vym0cUG8cS7K+0jIFIV1F/8h441G5hV6bBusIHFffG+bo0B6sqX fQg2VTRQa7ZqnRuV8LcKsv9tz0sllAqy5dEZrd4X8kPi/RlUIu+9mwceKMgl0KL6hxUl HVmwCiIhmxsPHIJP2l7yMb2EmFu0gCwOxWLPnhDuyhumZ/s2nVqkN7d4/M4OpzBSfLTa gWBSvM8jaFZF/DDAKUorrImAZDl0sXKmlmV6SElfNTD1qU6tT+oPGGgbtNJbbqnzdAk5 KpDpw0chieM8wOwYp3GO2rrefTpVVaN95NTRcRgdj5gJtB3JTGOuF+BBQ6XV/PVP4LqG 9kQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=k2+s5sTgIqqLhW2vKPIMrtugcEnszkrv05zEDyf/QbQ=; b=Gsz9t7FWiEQg1bfeVVzgckAp36tGq/bxG+NUSWIYSaVqOovuPr2ORRw0KS73RhnOZP N9nyxDknRQLoN2P1W25ZGMyVzPQBACiT9a8XHf/s9LSRJmpgR7CeBDqU0kp/Wyh3W2XY sGAbc3MjW4gnro1ur0L0IZMtaTotYu0j/fPetPawelAzlmtElZrohxRpzdw+4RR/d/Uy r/U5tRAw58M3ipzmmGGWD3Q2/U18ns4J4x9BvsKpTRMRNu6TrdGB1ayqO+mDZWVqK0ot fEOuFBf5OkH4vJqYGoHllAssTlD2AtfM9dTDMUcdl6sHHfYjy4H98v+xWZINiMD3RLuf iJBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="LFl/02wf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s7-20020a632c07000000b0040dea78bf74si19415462pgs.686.2022.07.05.12.29.09; Tue, 05 Jul 2022 12:29:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="LFl/02wf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232587AbiGESyk (ORCPT + 99 others); Tue, 5 Jul 2022 14:54:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232804AbiGESyh (ORCPT ); Tue, 5 Jul 2022 14:54:37 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F7791658C; Tue, 5 Jul 2022 11:54:36 -0700 (PDT) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 265IkE10000897; Tue, 5 Jul 2022 18:54:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=k2+s5sTgIqqLhW2vKPIMrtugcEnszkrv05zEDyf/QbQ=; b=LFl/02wfk/7k7uwF9N9MSukQjYLM1o7CUR2c5jWq3ZsxqnE/ANW+CxRRimdjHqs4j4cc M/SBd6bE1YxZnoq/Yb9mVBd10eZJ5THhgdRUvo9V+jO5eh3bmIJDqZmF9tLSjt7I21kp yYgxPoI+1lFYdmkQqzyH/YXvGiRZaul+2HxTkUIAHFTNS2uEw7FCFD0QAfWsyNblFhvQ +KhUyHRMNRQk/iYtca/80HL+ct1aqk4LLB1GvecjN2xqci/8jp9tcGfGoXy0kijflT4L vGHk4WAKCy4PZtrgZ+OL7JJfaAuBpnadWWE/kea1dQfGZcpauE0fD8RIkOv0AhpQ8hnu BA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4s61u818-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 05 Jul 2022 18:54:35 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 265IlJx5006393; Tue, 5 Jul 2022 18:54:35 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4s61u80t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 05 Jul 2022 18:54:35 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 265IoVdZ025416; Tue, 5 Jul 2022 18:54:34 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma03wdc.us.ibm.com with ESMTP id 3h2dn9ccmj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 05 Jul 2022 18:54:34 +0000 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 265IsX4u34079122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 5 Jul 2022 18:54:33 GMT Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 27BF76E054; Tue, 5 Jul 2022 18:54:33 +0000 (GMT) Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D07E6E050; Tue, 5 Jul 2022 18:54:32 +0000 (GMT) Received: from li-2c1e724c-2c76-11b2-a85c-ae42eaf3cb3d.ibm.com.com (unknown [9.65.200.23]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 5 Jul 2022 18:54:32 +0000 (GMT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: jjherne@linux.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, mjrosato@linux.ibm.com, pasic@linux.ibm.com, pbonzini@redhat.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, david@redhat.com Subject: [RFC] kvm: reverse call order of kvm_arch_destroy_vm() and kvm_destroy_devices() Date: Tue, 5 Jul 2022 14:54:30 -0400 Message-Id: <20220705185430.499688-1-akrowiak@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: ddXMiZV97NvABjetn8h7hLjBv8_EX3Sp X-Proofpoint-ORIG-GUID: HaTxUGUMQZo_IuWd1YvdjedRqy54riVl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-05_16,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 adultscore=0 mlxscore=0 phishscore=0 suspectscore=0 spamscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=978 malwarescore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2207050080 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There is a new requirement for s390 secure execution guests that the hypervisor ensures all AP queues are reset and disassociated from the KVM guest before the secure configuration is torn down. It is the responsibility of the vfio_ap device driver to handle this. Prior to commit ("vfio: remove VFIO_GROUP_NOTIFY_SET_KVM"), the driver reset all AP queues passed through to a KVM guest when notified that the KVM pointer was being set to NULL. Subsequently, the AP queues are only reset when the fd for the mediated device used to pass the queues through to the guest is closed (the vfio_ap_mdev_close_device() callback). This is not a problem when userspace is well-behaved and uses the KVM_DEV_VFIO_GROUP_DEL attribute to remove the VFIO group; however, if userspace for some reason does not close the mdev fd, a secure execution guest will tear down its configuration before the AP queues are reset because the teardown is done in the kvm_arch_destroy_vm function which is invoked prior to vm_destroy_devices. This patch proposes a simple solution; rather than introducing a new notifier into vfio or callback into KVM, what aoubt reversing the order in which the kvm_arch_destroy_vm and kvm_destroy_devices are called. In some very limited testing (i.e., the automated regression tests for the vfio_ap device driver) this did not seem to cause any problems. The question remains, is there a good technical reason why the VM is destroyed before the devices it is using? This is not intuitive, so this is a request for comments on this proposed patch. The assumption here is that the medev fd will get closed when the devices are destroyed. Signed-off-by: Tony Krowiak --- virt/kvm/kvm_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index a49df8988cd6..edaf2918be9b 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1248,8 +1248,8 @@ static void kvm_destroy_vm(struct kvm *kvm) #else kvm_flush_shadow_all(kvm); #endif - kvm_arch_destroy_vm(kvm); kvm_destroy_devices(kvm); + kvm_arch_destroy_vm(kvm); for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) { kvm_free_memslots(kvm, &kvm->__memslots[i][0]); kvm_free_memslots(kvm, &kvm->__memslots[i][1]); -- 2.31.1