On 06.08.21 11:32, Claudio Imbrenda wrote:

On Fri, 6 Aug 2021 09:31:54 +0200
David Hildenbrand [off-list ref] wrote:

quoted

On 04.08.21 17:40, Claudio Imbrenda wrote:

quoted

When a protected VM is created, the topmost level of page tables of
its ASCE is marked by the Ultravisor; any attempt to use that
memory for protected virtualization will result in failure.

Only a successful Destroy Configuration UVC will remove the marking.

When the Destroy Configuration UVC fails, the topmost level of page
tables of the VM does not get its marking cleared; to avoid issues
it must not be used again.

Since the page becomes in practice unusable, we set it aside and
leak it.

Instead of leaking, can't we add it to some list and try again later?
Or do we only expect permanent errors?

once the secure VM has been destroyed unsuccessfully, there is nothing
that can be done, this is a permanent error

quoted

Also, we really should bail out loud (pr_warn) to tell the admin that
something really nasty is going on.

when a destroy secure VM UVC fails, there are already other warnings
printed, no need to add one more

Okay, makes sense then to me, thanks! Might be worth adding some of that 
info to the patch description.

-- 
Thanks,

David / dhildenb