Hi Sean,
On 7/6/22 10:39 PM, Sean Christopherson wrote:
On Wed, Jul 06, 2022, Dmytro Maluka wrote:
This is not a problem on native, since for oneshot irq we keep the interrupt
masked until the thread exits, so that the EOI at the end of hardirq doesn't
result in immediate re-assert. In vfio + KVM case, however, the host doesn't
check that the interrupt is still masked in the guest, so
vfio_platform_unmask() is called regardless.
Isn't not checking that an interrupt is unmasked the real bug? Fudging around vfio
(or whatever is doing the premature unmasking) bugs by delaying an ack notification
in KVM is a hack, no?
Yes, not checking that an interrupt is unmasked is IMO a bug, and my
patch actually adds this missing checking, only that it adds it in KVM,
not in VFIO. :)
Arguably it's not a bug that VFIO is not checking the guest interrupt
state on its own, provided that the resample notification it receives is
always a notification that the interrupt has been actually acked. That
is the motivation behind postponing ack notification in KVM in my patch:
it is to ensure that KVM "ack notifications" are always actual ack
notifications (as the name suggests), not just "eoi notifications".
That said, your idea of checking the guest interrupt status in VFIO (or
whatever is listening on the resample eventfd) makes sense to me too.
The problem, though, is that it's KVM that knows the guest interrupt
status, so KVM would need to let VFIO/whatever know it somehow. (I'm
assuming we are focusing on the case of KVM kernel irqchip, not
userspace or split irqchip.) So do you have in mind adding something
like "maskfd" and "unmaskfd" to KVM IRQFD interface, in addition to
resamplefd? If so, I'm actually in favor of such an idea, as I think it
would be also useful for other purposes, regardless of oneshot interrupts.
VFIO seems to have an assumption that once a device is initialized, its
interrupt stays unmasked all the time. I agree it might make sense to
revisit this assumption.
Thanks,
Dmytro
Therefore, since the interrupt has not yet been acked in the guest's threaded
handler, a new (unwanted) physical interrupt is generated in the host and
queued for injection to the guest in vfio_automasked_irq_handler().
