On Mon, May 10, 2021 at 06:44:49PM +0100, Marc Zyngier wrote: > On Mon, 10 May 2021 17:19:07 +0100, > Mark Rutland <mark.rutland@xxxxxxx> wrote: > > > > On Mon, May 10, 2021 at 02:48:18PM +0100, Marc Zyngier wrote: > > > As it turns out, not all the interrupt controllers are able to > > > expose a vGIC maintenance interrupt as a distrete signal. > > > And to be fair, it doesn't really matter as all we require is > > > for *something* to kick us out of guest mode out way or another. > > > > > > On systems that do not expose a maintenance interrupt as such, > > > there are two outcomes: > > > > > > - either the virtual CPUIF does generate an interrupt, and > > > by the time we are back to the host the interrupt will have long > > > been disabled (as we set ICH_HCR_EL2.EN to 0 on exit). In this case, > > > interrupt latency is as good as it gets. > > > > > > - or some other event (physical timer) will take us out of the guest > > > anyway, and the only drawback is a bad interrupt latency. > > > > IIRC we won't have a a guaranteed schedular tick for NO_HZ_FULL, so in > > that case we'll either need to set a period software maintenance > > interrupt, or reject this combination at runtime (either when trying to > > isolate the dynticks CPUs, or when trying to create a VM). > > That's a good point. > > On sensible systems, the maintenance interrupt is a standard GIC PPI > that requires enabling, and that is all that KVM requires (the > maintenance interrupt is only used as an exit mechanism and will be > disabled before reaching the handler). > > On the M1, owing to the lack of a per-CPU interrupt controller, there > is nothing to enable. The virtual CPU interface will fire at will and > take us out of the guest in a timely manner. Ah, so the M1 does have a maintenance interrupt, but you can't silence it at the irqchip level. > So maybe instead of relaxing the requirement for a maintenance > interrupt, we should only bypass the checks if the root interrupt > controller advertises that it is safe to do so, making it a > M1-specific hack. That certainly sounds safer than permitting running without any maintenance interrupt at all. Thanks, Mark.
