Re: [PATCH] s390/vfio-ap: Clean up vfio_ap resources when KVM pointer invalidated

From: Halil Pasic
Date: Mon Dec 07 2020 - 19:02:33 EST

Next message: Doug Anderson: "Re: [PATCH v3] ath10k: add option for chip-id based BDF selection"
Previous message: Lino Sanfilippo: "Re: [PATCH v2] pwm: bcm2835: Support apply function for atomic configuration"
In reply to: Tony Krowiak: "Re: [PATCH] s390/vfio-ap: Clean up vfio_ap resources when KVM pointer invalidated"
Next in thread: Tony Krowiak: "Re: [PATCH] s390/vfio-ap: Clean up vfio_ap resources when KVM pointer invalidated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 7 Dec 2020 13:50:36 -0500
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:

> On 12/4/20 2:05 PM, Halil Pasic wrote:
> > On Fri, 4 Dec 2020 09:43:59 -0500
> > Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
> >
> >>>> +{
> >>>> + if (matrix_mdev->kvm) {
> >>>> + (matrix_mdev->kvm);
> >>>> + matrix_mdev->kvm->arch.crypto.pqap_hook = NULL;
> >>> Is a plain assignment to arch.crypto.pqap_hook apropriate, or do we need
> >>> to take more care?
> >>>
> >>> For instance kvm_arch_crypto_set_masks() takes kvm->lock before poking
> >>> kvm->arch.crypto.crycb.
> >> I do not think so. The CRYCB is used by KVM to provide crypto resources
> >> to the guest so it makes sense to protect it from changes to it while
> >> passing
> >> the AP devices through to the guest. The hook is used only when an AQIC
> >> executed on the guest is intercepted by KVM. If the notifier
> >> is being invoked to notify vfio_ap that KVM has been set to NULL, this means
> >> the guest is gone in which case there will be no AP instructions to
> >> intercept.
> > If the update to pqap_hook isn't observed as atomic we still have a
> > problem. With torn writes or reads we would try to use a corrupt function
> > pointer. While the compiler probably ain't likely to generate silly code
> > for the above assignment (multiple write instructions less then
> > quadword wide), I know of nothing that would prohibit the compiler to do
> > so.
>
> I'm sorry, but I still don't understand why you tkvm_vfio_group_set_kvmhink this is a problem
> given what I stated above.

I assume you are specifically referring to 'the guest is gone in which
case there will be no AP instructions to intercept'. I assume by 'guest
is gone' you mean that the VM is being destroyed, and the vcpus are out
of SIE. You are probably right for the invocation of
kvm_vfio_group_set_kvm() in kvm_vfio_destroy(), but is that true for
the invocation in the KVM_DEV_VFIO_GROUP_DEL case in
kvm_vfio_set_group()? I.e. can't we get the notifier called when the
qemu device is hot unplugged (modulo remove which unregisters the
notifier and usually precludes the notifier being with NULL called at
all)?

Regards,
Halil

Next message: Doug Anderson: "Re: [PATCH v3] ath10k: add option for chip-id based BDF selection"
Previous message: Lino Sanfilippo: "Re: [PATCH v2] pwm: bcm2835: Support apply function for atomic configuration"
In reply to: Tony Krowiak: "Re: [PATCH] s390/vfio-ap: Clean up vfio_ap resources when KVM pointer invalidated"
Next in thread: Tony Krowiak: "Re: [PATCH] s390/vfio-ap: Clean up vfio_ap resources when KVM pointer invalidated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]