On Thu, 30 Mar 2023 08:02:13 +0100,
Oliver Upton <oliver.upton@xxxxxxxxx> wrote:
>
> On Fri, Mar 24, 2023 at 02:46:57PM +0000, Marc Zyngier wrote:
> > Having the timer IRQs duplicated into each vcpu isn't great, and
> > becomes absolutely awful with NV. So let's move these into
> > the per-VM arch_timer_vm_data structure.
> >
> > This simplifies a lot of code, but requires us to introduce a
> > mutex so that we can reason about userspace trying to change
> > an interrupt number while another vcpu is running, something
> > that wasn't really well handled so far.
> >
> > Reviewed-by: Colton Lewis <coltonlewis@xxxxxxxxxx>
> > Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> > ---
> > arch/arm64/include/asm/kvm_host.h | 2 +
> > arch/arm64/kvm/arch_timer.c | 104 +++++++++++++++++-------------
> > arch/arm64/kvm/arm.c | 2 +
> > include/kvm/arm_arch_timer.h | 18 ++++--
> > 4 files changed, 78 insertions(+), 48 deletions(-)
> >
> > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > index 116233a390e9..1280154c9ef3 100644
> > --- a/arch/arm64/include/asm/kvm_host.h
> > +++ b/arch/arm64/include/asm/kvm_host.h
> > @@ -223,6 +223,8 @@ struct kvm_arch {
> > #define KVM_ARCH_FLAG_SYSTEM_SUSPEND_ENABLED 5
> > /* VM counter offset */
> > #define KVM_ARCH_FLAG_VM_COUNTER_OFFSET 6
> > + /* Timer PPIs made immutable */
> > +#define KVM_ARCH_FLAG_TIMER_PPIS_IMMUTABLE 7
> >
> > unsigned long flags;
> >
> > diff --git a/arch/arm64/kvm/arch_timer.c b/arch/arm64/kvm/arch_timer.c
> > index 7cd0b0947454..88a38d45d352 100644
> > --- a/arch/arm64/kvm/arch_timer.c
> > +++ b/arch/arm64/kvm/arch_timer.c
> > @@ -851,7 +851,6 @@ static void timer_context_init(struct kvm_vcpu *vcpu, int timerid)
> >
> > hrtimer_init(&ctxt->hrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS_HARD);
> > ctxt->hrtimer.function = kvm_hrtimer_expire;
> > - timer_irq(ctxt) = default_ppi[timerid];
> >
> > switch (timerid) {
> > case TIMER_PTIMER:
> > @@ -880,6 +879,13 @@ void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu)
> > timer->bg_timer.function = kvm_bg_timer_expire;
> > }
> >
> > +void kvm_timer_init_vm(struct kvm *kvm)
> > +{
> > + mutex_init(&kvm->arch.timer_data.lock);
> > + for (int i = 0; i < NR_KVM_TIMERS; i++)
> > + kvm->arch.timer_data.ppi[i] = default_ppi[i];
> > +}
> > +
> > void kvm_timer_cpu_up(void)
> > {
> > enable_percpu_irq(host_vtimer_irq, host_vtimer_irq_flags);
> > @@ -1292,44 +1298,52 @@ void kvm_timer_vcpu_terminate(struct kvm_vcpu *vcpu)
> >
> > static bool timer_irqs_are_valid(struct kvm_vcpu *vcpu)
> > {
> > - int vtimer_irq, ptimer_irq, ret;
> > - unsigned long i;
> > + u32 ppis = 0;
> >
> > - vtimer_irq = timer_irq(vcpu_vtimer(vcpu));
> > - ret = kvm_vgic_set_owner(vcpu, vtimer_irq, vcpu_vtimer(vcpu));
> > - if (ret)
> > - return false;
> > + mutex_lock(&vcpu->kvm->arch.timer_data.lock);
> >
> > - ptimer_irq = timer_irq(vcpu_ptimer(vcpu));
> > - ret = kvm_vgic_set_owner(vcpu, ptimer_irq, vcpu_ptimer(vcpu));
> > - if (ret)
> > - return false;
> > + for (int i = 0; i < NR_KVM_TIMERS; i++) {
> > + struct arch_timer_context *ctx;
> > + int irq;
> >
> > - kvm_for_each_vcpu(i, vcpu, vcpu->kvm) {
> > - if (timer_irq(vcpu_vtimer(vcpu)) != vtimer_irq ||
> > - timer_irq(vcpu_ptimer(vcpu)) != ptimer_irq)
> > - return false;
> > + ctx = vcpu_get_timer(vcpu, i);
> > + irq = timer_irq(ctx);
> > + if (kvm_vgic_set_owner(vcpu, irq, ctx))
> > + break;
> > +
> > + /*
> > + * We know by construction that we only have PPIs, so
> > + * all values are less than 32.
> > + */
> > + ppis |= BIT(irq);
> > }
> >
> > - return true;
> > + set_bit(KVM_ARCH_FLAG_TIMER_PPIS_IMMUTABLE, &vcpu->kvm->arch.flags);
> > +
> > + mutex_unlock(&vcpu->kvm->arch.timer_data.lock);
> > +
> > + return hweight32(ppis) == NR_KVM_TIMERS;
>
> Does it make sense to only set the IMMUTABLE flag if the timer IRQs are
> indeed valid? I doubt userspace would do anything when it gets the
> EINVAL, but it is possible userspace could make another attempt at
> configuring the IRQs correctly.
Yup, that's fair enough. I'll flip things around.
Thanks!
M.
--
Without deviation from the norm, progress is not possible.
