Re: [PATCH v9 2/2] kvm: On Ack, De-assert & Notify KVM_IRQFD extension

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 21, 2012 at 01:29:14PM -0600, Alex Williamson wrote:
> For VFIO based device assignment we'd like a mechanism to allow level
> triggered interrutps to be directly injected into KVM.  KVM_IRQFD
> already allows this for edge triggered interrupts, but for level, we
> need to watch for acknowledgement of the interrupt from the guest to
> provide us a hint when to test the device and allow it to re-assert
> if necessary.  To do this, we create a new KVM_IRQFD mode called
> "On Ack, De-assert & Notify", or OADN.  In this mode, an interrupt
> injection provides only a gsi assertion.  We then hook into the IRQ
> ACK notifier, which when triggered de-asserts the gsi and notifies
> via another eventfd.  It's then the responsibility of the user to
> re-assert the interrupt is service is still required.
> 
> Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

Naming aside, looks good.
I think I see some minor bugs, and I added some improvement
suggestions below.

Thanks!

> ---
> 
>  Documentation/virtual/kvm/api.txt |   13 ++
>  arch/x86/kvm/x86.c                |    1 
>  include/linux/kvm.h               |    6 +
>  include/linux/kvm_host.h          |    1 
>  virt/kvm/eventfd.c                |  193 ++++++++++++++++++++++++++++++++++++-
>  5 files changed, 210 insertions(+), 4 deletions(-)
> 
> diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
> index bf33aaa..87d7321 100644
> --- a/Documentation/virtual/kvm/api.txt
> +++ b/Documentation/virtual/kvm/api.txt
> @@ -1946,6 +1946,19 @@ the guest using the specified gsi pin.  The irqfd is removed using
>  the KVM_IRQFD_FLAG_DEASSIGN flag, specifying both kvm_irqfd.fd
>  and kvm_irqfd.gsi.
>  
> +With KVM_CAP_IRQFD_OADN, KVM_IRQFD supports an "On Ack, De-assert &
> +Notify" option that allows emulation of level-triggered interrupts.
> +When kvm_irqfd.fd is triggered, the requested gsi is asserted and
> +remains asserted until interaction with the irqchip indicates the
> +VM has acknowledged the interrupt, such as an EOI.  On acknoledgement
> +the gsi is automatically de-asserted and the user is notified via
> +kvm_irqfd.notifyfd.  The user is then required to re-assert the
> +interrupt if the associated device still requires service.  To enable
> +this mode, configure the KVM_IRQFD using the KVM_IRQFD_FLAG_OADN flag
> +and specify kvm_irqfd.notifyfd.  Note that closing kvm_irqfd.notifyfd
> +while configured in this mode does not disable the irqfd.  The
> +KVM_IRQFD_FLAG_OADN flag is only necessary on assignment.
> +
>  4.76 KVM_PPC_ALLOCATE_HTAB
>  
>  Capability: KVM_CAP_PPC_ALLOC_HTAB
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index cd98673..fde7b66 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -2175,6 +2175,7 @@ int kvm_dev_ioctl_check_extension(long ext)
>  	case KVM_CAP_PCI_2_3:
>  	case KVM_CAP_KVMCLOCK_CTRL:
>  	case KVM_CAP_IRQFD_IRQ_SOURCE_ID:
> +	case KVM_CAP_IRQFD_OADN:
>  		r = 1;
>  		break;
>  	case KVM_CAP_COALESCED_MMIO:
> diff --git a/include/linux/kvm.h b/include/linux/kvm.h
> index ae66b9c..ec0f1d8 100644
> --- a/include/linux/kvm.h
> +++ b/include/linux/kvm.h
> @@ -619,6 +619,7 @@ struct kvm_ppc_smmu_info {
>  #define KVM_CAP_S390_COW 79
>  #define KVM_CAP_PPC_ALLOC_HTAB 80
>  #define KVM_CAP_IRQFD_IRQ_SOURCE_ID 81
> +#define KVM_CAP_IRQFD_OADN 82
>  
>  #ifdef KVM_CAP_IRQ_ROUTING
>  
> @@ -684,12 +685,15 @@ struct kvm_xen_hvm_config {
>  #endif
>  
>  #define KVM_IRQFD_FLAG_DEASSIGN (1 << 0)
> +/* Availabie with KVM_CAP_IRQFD_OADN */

Need to also explain what it is.

> +#define KVM_IRQFD_FLAG_OADN (1 << 1)
>  
>  struct kvm_irqfd {
>  	__u32 fd;
>  	__u32 gsi;
>  	__u32 flags;
> -	__u8  pad[20];
> +	__u32 notifyfd;

Document that this is only valid with OADN flag.  Might be a good idea
to rename this to deassert_on_ack_notifyfd or oadn_notifyfd
to avoid confusion.


> +	__u8  pad[16];
>  };
>  
>  struct kvm_clock_data {
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index b763230..d502d08 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -284,6 +284,7 @@ struct kvm {
>  	struct {
>  		spinlock_t        lock;
>  		struct list_head  items;
> +		struct list_head  oadns;
>  	} irqfds;
>  	struct list_head ioeventfds;
>  #endif
> diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
> index 2245cfa..dfdb5b2 100644
> --- a/virt/kvm/eventfd.c
> +++ b/virt/kvm/eventfd.c
> @@ -43,6 +43,23 @@
>   * --------------------------------------------------------------------
>   */
>  
> +/*
> + * OADN irqfds (On Ack, De-assert & Notify) are a special variety of
> + * irqfds that assert an interrupt to the irqchip on eventfd trigger,
> + * receieve notification when userspace acknowledges the interrupt,
> + * automatically de-asserts the irqchip level, and notifies userspace
> + * via the oadn_eventfd.  This object helps to provide one-to-many
> + * deassert-to-notify so we can share a single irq source ID per OADN.
> + */
> +struct _irqfd_oadn {
> +	struct kvm *kvm;
> +	int irq_source_id; /* IRQ source ID shared by these irqfds */
> +	struct list_head irqfds; /* list of irqfds using this object */
> +	struct kvm_irq_ack_notifier notifier; /* IRQ ACK notification */
> +	struct kref kref; /* Race-free removal */
> +	struct list_head list;
> +};
> +
>  struct _irqfd {
>  	/* Used for MSI fast-path */
>  	struct kvm *kvm;
> @@ -52,6 +69,10 @@ struct _irqfd {
>  	/* Used for level IRQ fast-path */
>  	int gsi;
>  	struct work_struct inject;
> +	/* Used for OADN (On Ack, De-assert & Notify) path */
> +	struct eventfd_ctx *oadn_eventfd;
> +	struct list_head oadn_list;

Could you document RCU and locking rules for this field please?

> +	struct _irqfd_oadn *oadn;
>  	/* Used for setup/shutdown */
>  	struct eventfd_ctx *eventfd;
>  	struct list_head list;
> @@ -71,6 +92,51 @@ irqfd_inject(struct work_struct *work)
>  	kvm_set_irq(kvm, KVM_IRQFD_IRQ_SOURCE_ID, irqfd->gsi, 0);
>  }
>  
> +static void
> +irqfd_oadn_inject(struct work_struct *work)
> +{
> +	struct _irqfd *irqfd = container_of(work, struct _irqfd, inject);
> +
> +	kvm_set_irq(irqfd->kvm, irqfd->oadn->irq_source_id, irqfd->gsi, 1);
> +}
> +
> +/*
> + * Since OADN irqfds share an IRQ source ID, we de-assert once then
> + * notify all of the OADN irqfds using this GSI.  We can't do multiple
> + * de-asserts or we risk racing with incoming re-asserts.
> + */
> +static void
> +irqfd_oadn_notify(struct kvm_irq_ack_notifier *kian)
> +{
> +	struct _irqfd_oadn *oadn;
> +	struct _irqfd *irqfd;
> +
> +	oadn = container_of(kian, struct _irqfd_oadn, notifier);
> +
> +	rcu_read_lock();
> +
> +	kvm_set_irq(oadn->kvm, oadn->irq_source_id,
> +		    oadn->notifier.gsi, 0);
> +
> +	list_for_each_entry_rcu(irqfd, &oadn->irqfds, oadn_list)
> +		eventfd_signal(irqfd->oadn_eventfd, 1);
> +
> +	rcu_read_unlock();
> +}
> +
> +/*
> + * Assumes kvm->irqfds.lock is held.  Remove from the list of OADNs, new
> + * users will allocate their own, letting us de-assert this GSI on free,
> + * after the RCU grace period.
> + */
> +static void
> +irqfd_oadn_release(struct kref *kref)
> +{
> +	struct _irqfd_oadn *oadn = container_of(kref, struct _irqfd_oadn, kref);
> +
> +	list_del(&oadn->list);
> +}
> +
>  /*
>   * Race-free decouple logic (ordering is critical)
>   */
> @@ -93,6 +159,35 @@ irqfd_shutdown(struct work_struct *work)
>  	flush_work_sync(&irqfd->inject);
>  
>  	/*
> +	 * OADN irqfds use an RCU list for lockless de-assert and user
> +	 * notification.  Modify the list using RCU under lock and release
> +	 * the OADN object.  Since we later free this irqfd, we must wait
> +	 * for an RCU grace period.  If the OADN was released, we can then
> +	 * unregister the irq ack notifier, free the irq source ID (assuring
> +	 * that the GSI is de-asserted), and free the object.
> +	 */
> +	if (irqfd->oadn) {
> +		struct _irqfd_oadn *oadn = irqfd->oadn;
> +		struct kvm *kvm = oadn->kvm;
> +		bool released;
> +
> +		spin_lock_irq(&irqfd->kvm->irqfds.lock);
> +		list_del_rcu(&irqfd->oadn_list);
> +		released = kref_put(&oadn->kref, irqfd_oadn_release);
> +		spin_unlock_irq(&irqfd->kvm->irqfds.lock);
> +
> +		synchronize_rcu();
> +
> +		if (released) {
> +			kvm_unregister_irq_ack_notifier(kvm, &oadn->notifier);
> +			kvm_free_irq_source_id(kvm, oadn->irq_source_id);
> +			kfree(oadn);
> +		}
> +
> +		eventfd_ctx_put(irqfd->oadn_eventfd);
> +	}
> +
> +	/*
>  	 * It is now safe to release the object's resources
>  	 */
>  	eventfd_ctx_put(irqfd->eventfd);
> @@ -202,8 +297,9 @@ kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
>  {
>  	struct kvm_irq_routing_table *irq_rt;
>  	struct _irqfd *irqfd, *tmp;
> +	struct _irqfd_oadn *oadn = NULL;
>  	struct file *file = NULL;
> -	struct eventfd_ctx *eventfd = NULL;
> +	struct eventfd_ctx *eventfd = NULL, *oadn_eventfd = NULL;
>  	int ret;
>  	unsigned int events;
>  
> @@ -214,7 +310,49 @@ kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
>  	irqfd->kvm = kvm;
>  	irqfd->gsi = args->gsi;
>  	INIT_LIST_HEAD(&irqfd->list);
> -	INIT_WORK(&irqfd->inject, irqfd_inject);
> +	INIT_LIST_HEAD(&irqfd->oadn_list);
> +
> +	if (args->flags & KVM_IRQFD_FLAG_OADN) {
> +		oadn_eventfd = eventfd_ctx_fdget(args->notifyfd);
> +		if (IS_ERR(oadn_eventfd)) {
> +			ret = PTR_ERR(oadn_eventfd);
> +			goto fail;
> +		}
> +
> +		irqfd->oadn_eventfd = oadn_eventfd;
> +
> +		/*
> +		 * We may be able to share an existing OADN, but we won't
> +		 * know that until we search under spinlock.  We can't get
> +		 * an irq_source_id under spinlock, and we'd prefer not to
> +		 * do an atomic allocation, so prep an object here and free
> +		 * it if we don't need it.
> +		 */

So if everyone uses same source ID this code will be simpler too?

> +		oadn = kzalloc(sizeof(*oadn), GFP_KERNEL);
> +		if (!oadn) {
> +			ret = -ENOMEM;
> +			goto fail;
> +		}
> +
> +		oadn->kvm = kvm;
> +		INIT_LIST_HEAD(&oadn->irqfds);
> +		oadn->notifier.gsi = irqfd->gsi;
> +		oadn->notifier.irq_acked = irqfd_oadn_notify;
> +		kref_init(&oadn->kref);
> +		INIT_LIST_HEAD(&oadn->list);
> +
> +		oadn->irq_source_id = kvm_request_irq_source_id(kvm);
> +		if (oadn->irq_source_id < 0) {
> +			ret = oadn->irq_source_id;
> +			goto fail;
> +		}
> +

This still has the problem that by allocating these
OADN irqfds you can run out of source IDs for other uses.
Why don't OADNs just use KVM_IRQFD_IRQ_SOURCE_ID?
I thought this is why it was introduced in this patchset ...


> +		irqfd->oadn = oadn;
> +
> +		INIT_WORK(&irqfd->inject, irqfd_oadn_inject);
> +	} else
> +		INIT_WORK(&irqfd->inject, irqfd_inject);
> +
>  	INIT_WORK(&irqfd->shutdown, irqfd_shutdown);
>  
>  	file = eventfd_fget(args->fd);
> @@ -250,6 +388,27 @@ kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
>  		goto fail;
>  	}
>  
> +	/*
> +	 * When configuring an OADN irqfd, try to re-use an existing OADN.
> +	 */
> +	if (oadn) {
> +		struct _irqfd_oadn *oadn_tmp;
> +
> +		list_for_each_entry(oadn_tmp, &kvm->irqfds.oadns, list) {
> +			if (oadn_tmp->notifier.gsi == irqfd->gsi) {
> +				irqfd->oadn = oadn_tmp;
> +				break;
> +			}
> +		}
> +
> +		if (irqfd->oadn != oadn)
> +			kref_get(&irqfd->oadn->kref);
> +		else
> +			list_add(&oadn->list, &kvm->irqfds.oadns);
> +
> +		list_add_rcu(&irqfd->oadn_list, &irqfd->oadn->irqfds);

Hang on, don't we need irqfds_lock here? 

> +	}
> +
>  	irq_rt = rcu_dereference_protected(kvm->irq_routing,
>  					   lockdep_is_held(&kvm->irqfds.lock));
>  	irqfd_update(kvm, irqfd, irq_rt);
> @@ -267,6 +426,26 @@ kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
>  
>  	spin_unlock_irq(&kvm->irqfds.lock);
>  
> +	if (oadn) {
> +		synchronize_rcu();

Seems unexpected on assign.
What does this synchronize_rcu do?

> +
> +		/*
> +		 * If we weren't able to re-use an OADN, setup the irq ack
> +		 * notifier outside of spinlock.  Our interface requires
> +		 * users to be able to handle spurious de-assert & notifies,
> +		 * so trigger one here to make sure we didn't miss anything.
> +		 * Cleanup unused OADN if we share.
> +		 */
> +		if (irqfd->oadn == oadn)
> +			kvm_register_irq_ack_notifier(kvm, &oadn->notifier);
> +		else {
> +			kvm_free_irq_source_id(kvm, oadn->irq_source_id);

This is unfortunate - so we need a spare source ID for internal use.
Thus if 1 source ID is available, then it is possible that

- allocate irqfd for A
- allocate irqfd for B

succeeds because A uses a shared source id so it is freed here.

While

- allocate irqfd for B
- allocate irqfd for A

fails because B used the last ID and now temporary allocation
above fails.

> +			kfree(oadn);
> +		}
> +
> +		irqfd_oadn_notify(&irqfd->oadn->notifier);
> +	}
> +
>  	/*
>  	 * do not drop the file until the irqfd is fully initialized, otherwise
>  	 * we might race against the POLLHUP
> @@ -276,12 +455,19 @@ kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
>  	return 0;
>  
>  fail:
> +	if (oadn_eventfd && !IS_ERR(oadn_eventfd))
> +		eventfd_ctx_put(oadn_eventfd);
> +
> +	if (oadn && oadn->irq_source_id >= 0)
> +		kvm_free_irq_source_id(kvm, oadn->irq_source_id);
> +

A bit cleaner to have distinct labels for failures
at different stages of the setup.
I know it's not written this way ATM so it's not a must
to address this.

>  	if (eventfd && !IS_ERR(eventfd))
>  		eventfd_ctx_put(eventfd);
>  
>  	if (!IS_ERR(file))
>  		fput(file);
>  
> +	kfree(oadn);
>  	kfree(irqfd);
>  	return ret;
>  }
> @@ -291,6 +477,7 @@ kvm_eventfd_init(struct kvm *kvm)
>  {
>  	spin_lock_init(&kvm->irqfds.lock);
>  	INIT_LIST_HEAD(&kvm->irqfds.items);
> +	INIT_LIST_HEAD(&kvm->irqfds.oadns);
>  	INIT_LIST_HEAD(&kvm->ioeventfds);
>  }
>  
> @@ -340,7 +527,7 @@ kvm_irqfd_deassign(struct kvm *kvm, struct kvm_irqfd *args)
>  int
>  kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args)
>  {
> -	if (args->flags & ~KVM_IRQFD_FLAG_DEASSIGN)
> +	if (args->flags & ~(KVM_IRQFD_FLAG_DEASSIGN | KVM_IRQFD_FLAG_OADN))
>  		return -EINVAL;
>  
>  	if (args->flags & KVM_IRQFD_FLAG_DEASSIGN)
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux