[PATCH v3 3/9] KVM: arm64: vgic: Be tolerant to the lack of maintenance interrupt
Mark Rutland
mark.rutland at arm.com
Tue May 11 04:13:03 PDT 2021
On Mon, May 10, 2021 at 06:44:49PM +0100, Marc Zyngier wrote:
> On Mon, 10 May 2021 17:19:07 +0100,
> Mark Rutland <mark.rutland at arm.com> wrote:
> >
> > On Mon, May 10, 2021 at 02:48:18PM +0100, Marc Zyngier wrote:
> > > As it turns out, not all the interrupt controllers are able to
> > > expose a vGIC maintenance interrupt as a distrete signal.
> > > And to be fair, it doesn't really matter as all we require is
> > > for *something* to kick us out of guest mode out way or another.
> > >
> > > On systems that do not expose a maintenance interrupt as such,
> > > there are two outcomes:
> > >
> > > - either the virtual CPUIF does generate an interrupt, and
> > > by the time we are back to the host the interrupt will have long
> > > been disabled (as we set ICH_HCR_EL2.EN to 0 on exit). In this case,
> > > interrupt latency is as good as it gets.
> > >
> > > - or some other event (physical timer) will take us out of the guest
> > > anyway, and the only drawback is a bad interrupt latency.
> >
> > IIRC we won't have a a guaranteed schedular tick for NO_HZ_FULL, so in
> > that case we'll either need to set a period software maintenance
> > interrupt, or reject this combination at runtime (either when trying to
> > isolate the dynticks CPUs, or when trying to create a VM).
>
> That's a good point.
>
> On sensible systems, the maintenance interrupt is a standard GIC PPI
> that requires enabling, and that is all that KVM requires (the
> maintenance interrupt is only used as an exit mechanism and will be
> disabled before reaching the handler).
>
> On the M1, owing to the lack of a per-CPU interrupt controller, there
> is nothing to enable. The virtual CPU interface will fire at will and
> take us out of the guest in a timely manner.
Ah, so the M1 does have a maintenance interrupt, but you can't silence
it at the irqchip level.
> So maybe instead of relaxing the requirement for a maintenance
> interrupt, we should only bypass the checks if the root interrupt
> controller advertises that it is safe to do so, making it a
> M1-specific hack.
That certainly sounds safer than permitting running without any
maintenance interrupt at all.
Thanks,
Mark.
More information about the linux-arm-kernel
mailing list