• Claudio Imbrenda's avatar
    KVM: s390: pv: asynchronous destroy for reboot · fb491d55
    Claudio Imbrenda authored
    Until now, destroying a protected guest was an entirely synchronous
    operation that could potentially take a very long time, depending on
    the size of the guest, due to the time needed to clean up the address
    space from protected pages.
    
    This patch implements an asynchronous destroy mechanism, that allows a
    protected guest to reboot significantly faster than previously.
    
    This is achieved by clearing the pages of the old guest in background.
    In case of reboot, the new guest will be able to run in the same
    address space almost immediately.
    
    The old protected guest is then only destroyed when all of its memory
    has been destroyed or otherwise made non protected.
    
    Two new PV commands are added for the KVM_S390_PV_COMMAND ioctl:
    
    KVM_PV_ASYNC_CLEANUP_PREPARE: set aside the current protected VM for
    later asynchronous teardown. The current KVM VM will then continue
    immediately as non-protected. If a protected VM had already been
    set aside for asynchronous teardown, but without starting the teardown
    process, this call will fail. There can be at most one VM set aside at
    any time. Once it is set aside, the protected VM only exists in the
    context of the Ultravisor, it is not associated with the KVM VM
    anymore. Its protected CPUs have already been destroyed, but not its
    memory. This command can be issued again immediately after starting
    KVM_PV_ASYNC_CLEANUP_PERFORM, without having to wait for completion.
    
    KVM_PV_ASYNC_CLEANUP_PERFORM: tears down the protected VM previously
    set aside using KVM_PV_ASYNC_CLEANUP_PREPARE. Ideally the
    KVM_PV_ASYNC_CLEANUP_PERFORM PV command should be issued by userspace
    from a separate thread. If a fatal signal is received (or if the
    process terminates naturally), the command will terminate immediately
    without completing. All protected VMs whose teardown was interrupted
    will be put in the need_cleanup list. The rest of the normal KVM
    teardown process will take care of properly cleaning up all remaining
    protected VMs, including the ones on the need_cleanup list.
    Signed-off-by: default avatarClaudio Imbrenda <imbrenda@linux.ibm.com>
    Reviewed-by: default avatarNico Boehr <nrb@linux.ibm.com>
    Reviewed-by: default avatarJanosch Frank <frankja@linux.ibm.com>
    Reviewed-by: default avatarSteffen Eiden <seiden@linux.ibm.com>
    Link: https://lore.kernel.org/r/20221111170632.77622-2-imbrenda@linux.ibm.com
    Message-Id: <20221111170632.77622-2-imbrenda@linux.ibm.com>
    Signed-off-by: default avatarJanosch Frank <frankja@linux.ibm.com>
    fb491d55
kvm-s390.h 16.8 KB