On Fri, Mar 24, 2023 at 02:46:57PM +0000, Marc Zyngier wrote:
> Having the timer IRQs duplicated into each vcpu isn't great, and
> becomes absolutely awful with NV. So let's move these into
> the per-VM arch_timer_vm_data structure.
>
> This simplifies a lot of code, but requires us to introduce a
> mutex so that we can reason about userspace trying to change
> an interrupt number while another vcpu is running, something
> that wasn't really well handled so far.
>
> Reviewed-by: Colton Lewis <coltonlewis@xxxxxxxxxx>
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> ---
> arch/arm64/include/asm/kvm_host.h | 2 +
> arch/arm64/kvm/arch_timer.c | 104 +++++++++++++++++-------------
> arch/arm64/kvm/arm.c | 2 +
> include/kvm/arm_arch_timer.h | 18 ++++--
> 4 files changed, 78 insertions(+), 48 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 116233a390e9..1280154c9ef3 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -223,6 +223,8 @@ struct kvm_arch {
> #define KVM_ARCH_FLAG_SYSTEM_SUSPEND_ENABLED 5
> /* VM counter offset */
> #define KVM_ARCH_FLAG_VM_COUNTER_OFFSET 6
> + /* Timer PPIs made immutable */
> +#define KVM_ARCH_FLAG_TIMER_PPIS_IMMUTABLE 7
>
> unsigned long flags;
>
> diff --git a/arch/arm64/kvm/arch_timer.c b/arch/arm64/kvm/arch_timer.c
> index 7cd0b0947454..88a38d45d352 100644
> --- a/arch/arm64/kvm/arch_timer.c
> +++ b/arch/arm64/kvm/arch_timer.c
> @@ -851,7 +851,6 @@ static void timer_context_init(struct kvm_vcpu *vcpu, int timerid)
>
> hrtimer_init(&ctxt->hrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS_HARD);
> ctxt->hrtimer.function = kvm_hrtimer_expire;
> - timer_irq(ctxt) = default_ppi[timerid];
>
> switch (timerid) {
> case TIMER_PTIMER:
> @@ -880,6 +879,13 @@ void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu)
> timer->bg_timer.function = kvm_bg_timer_expire;
> }
>
> +void kvm_timer_init_vm(struct kvm *kvm)
> +{
> + mutex_init(&kvm->arch.timer_data.lock);
> + for (int i = 0; i < NR_KVM_TIMERS; i++)
> + kvm->arch.timer_data.ppi[i] = default_ppi[i];
> +}
> +
> void kvm_timer_cpu_up(void)
> {
> enable_percpu_irq(host_vtimer_irq, host_vtimer_irq_flags);
> @@ -1292,44 +1298,52 @@ void kvm_timer_vcpu_terminate(struct kvm_vcpu *vcpu)
>
> static bool timer_irqs_are_valid(struct kvm_vcpu *vcpu)
> {
> - int vtimer_irq, ptimer_irq, ret;
> - unsigned long i;
> + u32 ppis = 0;
>
> - vtimer_irq = timer_irq(vcpu_vtimer(vcpu));
> - ret = kvm_vgic_set_owner(vcpu, vtimer_irq, vcpu_vtimer(vcpu));
> - if (ret)
> - return false;
> + mutex_lock(&vcpu->kvm->arch.timer_data.lock);
>
> - ptimer_irq = timer_irq(vcpu_ptimer(vcpu));
> - ret = kvm_vgic_set_owner(vcpu, ptimer_irq, vcpu_ptimer(vcpu));
> - if (ret)
> - return false;
> + for (int i = 0; i < NR_KVM_TIMERS; i++) {
> + struct arch_timer_context *ctx;
> + int irq;
>
> - kvm_for_each_vcpu(i, vcpu, vcpu->kvm) {
> - if (timer_irq(vcpu_vtimer(vcpu)) != vtimer_irq ||
> - timer_irq(vcpu_ptimer(vcpu)) != ptimer_irq)
> - return false;
> + ctx = vcpu_get_timer(vcpu, i);
> + irq = timer_irq(ctx);
> + if (kvm_vgic_set_owner(vcpu, irq, ctx))
> + break;
> +
> + /*
> + * We know by construction that we only have PPIs, so
> + * all values are less than 32.
> + */
> + ppis |= BIT(irq);
> }
>
> - return true;
> + set_bit(KVM_ARCH_FLAG_TIMER_PPIS_IMMUTABLE, &vcpu->kvm->arch.flags);
> +
> + mutex_unlock(&vcpu->kvm->arch.timer_data.lock);
> +
> + return hweight32(ppis) == NR_KVM_TIMERS;
Does it make sense to only set the IMMUTABLE flag if the timer IRQs are
indeed valid? I doubt userspace would do anything when it gets the
EINVAL, but it is possible userspace could make another attempt at
configuring the IRQs correctly.
I believe that was the existing behavior of the UAPI.
--
Thanks,
Oliver
