On Mon, 10 May 2021 17:19:07 +0100, Mark Rutland <mark.rutland@xxxxxxx> wrote: > > On Mon, May 10, 2021 at 02:48:18PM +0100, Marc Zyngier wrote: > > As it turns out, not all the interrupt controllers are able to > > expose a vGIC maintenance interrupt as a distrete signal. > > And to be fair, it doesn't really matter as all we require is > > for *something* to kick us out of guest mode out way or another. > > > > On systems that do not expose a maintenance interrupt as such, > > there are two outcomes: > > > > - either the virtual CPUIF does generate an interrupt, and > > by the time we are back to the host the interrupt will have long > > been disabled (as we set ICH_HCR_EL2.EN to 0 on exit). In this case, > > interrupt latency is as good as it gets. > > > > - or some other event (physical timer) will take us out of the guest > > anyway, and the only drawback is a bad interrupt latency. > > IIRC we won't have a a guaranteed schedular tick for NO_HZ_FULL, so in > that case we'll either need to set a period software maintenance > interrupt, or reject this combination at runtime (either when trying to > isolate the dynticks CPUs, or when trying to create a VM). That's a good point. On sensible systems, the maintenance interrupt is a standard GIC PPI that requires enabling, and that is all that KVM requires (the maintenance interrupt is only used as an exit mechanism and will be disabled before reaching the handler). On the M1, owing to the lack of a per-CPU interrupt controller, there is nothing to enable. The virtual CPU interface will fire at will and take us out of the guest in a timely manner. So maybe instead of relaxing the requirement for a maintenance interrupt, we should only bypass the checks if the root interrupt controller advertises that it is safe to do so, making it a M1-specific hack. Thanks, M. -- Without deviation from the norm, progress is not possible.