On Tue, 19 Nov 2019 09:40:40 +0000 Marc Zyngier <maz@xxxxxxxxxx> wrote: Hi Marc, [ ... ] > >> > >> I think that could work. One queue for each group, holding pending, > >> enabled, group-disabled interrupts. Pending, disabled interrupts are > >> not queued anywhere, just like today. > >> > >> The only snag is per-cpu interrupts. On which queue do they live? > >> Do you have per-CPU queues? or a global one? > > > > Yes, the idea was to have a per-VCPU "grp_dis_list" in addition to > > the ap_list, reusing the ap_list list_head in struct vgic_irq. > > vgic_queue_irq_unlock() would put them into *one* of those two lists, > > depending on their group-enabled status. When a group gets enabled, > > we > > just have to transfer the IRQs from grp_dis_list to ap_list. > > > > But fleshing this out I was wondering if it couldn't be much simpler: > > We ignore the group-enabled status most of the time, except in > > vgic_flush_lr_state(). So group-disabled IRQs *would go* to the > > ap_list (when they are otherwise pending|active and enabled), but > > would be skipped when eventually populating the LRs. > > vgic_prune_ap_list would also not touch them, so they would stay in > > the ap_list (unless removed for other reasons). > > > > That might raise some eyebrows (because we keep IRQs in the ap_list > > which are not ready), but would require only minimal changes and > > avoid > > all kind of nasty/racy code to be added. The only downside I see is > > that the ap_list could potentially be much longer, but we could > > change > > the sorting algorithm if needed to keep group-disabled IRQs at the > > end, at which point it wouldn't really matter. > > > > Do you see any problem with that approach? Alex seemed to remember > > that you had an objection against a very similar (if not identical) > > idea before. > > My main worry with this is that it causes overhead on the fast path. > Disabled interrupts (for whichever reason they are disabled) shouldn't > have to be evaluated on the fast path. > > Take for example kvm_vgic_vcpu_pending_irq(), which we evaluate pretty > often (each time a vcpu wakes up). Do we want to scan a bunch of > group-disabled interrupts there? No. > > At the end of the day, what we're looking at is a list of disabled, > pending interrupts. They can be disabled for multiple reasons > (group is disabled, or interrupt itself is disabled). But they should > *not* end-up on the AP list, because that list has a precise semantic. > > Your suggestion to add the group-disabled interrupts to the AP list > may be a cool hack, but it is mostly a hack that opens the whole thing > to a bunch of corner cases. Let's not do that. I understand what you are saying, and I had similar gripes. It was just too tempting to not give it a try ;-) > >> >> And if a group has > >> >> been disabled, how do you retire these interrupts from the AP > >> list? > >> > > >> > This is done above: we kick the respective VCPU and rely on > >> > vgic_prune_ap_list() to remove them (that uses > >> vgic_target_oracle(), > >> > which in turn checks vgic_irq_is_grp_enabled()). > >> > >> But what if the CPU isn't running? Kicking it isn't going to do > >> much, > >> is it? > > > > Not directly, but in either approach that would be handled similar to > > disabled interrupts: once the VCPU runs, they would *not* end up in > > LRs (because we check the oracle before), and would be cleaned up in > > prune() once the guest exits (at least for the original approach). > > I lost track of the original approach already :-/ > > Try and build the above suggestion. It should follow the same flow as > the enabled, group-enabled interrupts, just with a different list. OK, will do. Thanks! Andre.
