mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-18 03:44:27 +08:00
71cc849b70
kvm_cpu_accept_dm_intr and kvm_vcpu_ready_for_interrupt_injection are a hodge-podge of conditions, hacked together to get something that more or less works. But what is actually needed is much simpler; in both cases the fundamental question is, do we have a place to stash an interrupt if userspace does KVM_INTERRUPT? In userspace irqchip mode, that is !vcpu->arch.interrupt.injected. Currently kvm_event_needs_reinjection(vcpu) covers it, but it is unnecessarily restrictive. In split irqchip mode it's a bit more complicated, we need to check kvm_apic_accept_pic_intr(vcpu) (the IRQ window exit is basically an INTACK cycle and thus requires ExtINTs not to be masked) as well as !pending_userspace_extint(vcpu). However, there is no need to check kvm_event_needs_reinjection(vcpu), since split irqchip keeps pending ExtINT state separate from event injection state, and checking kvm_cpu_has_interrupt(vcpu) is wrong too since ExtINT has higher priority than APIC interrupts. In fact the latter fixes a bug: when userspace requests an IRQ window vmexit, an interrupt in the local APIC can cause kvm_cpu_has_interrupt() to be true and thus kvm_vcpu_ready_for_interrupt_injection() to return false. When this happens, vcpu_run does not exit to userspace but the interrupt window vmexits keep occurring. The VM loops without any hope of making progress. Once we try to fix these with something like return kvm_arch_interrupt_allowed(vcpu) && - !kvm_cpu_has_interrupt(vcpu) && - !kvm_event_needs_reinjection(vcpu) && - kvm_cpu_accept_dm_intr(vcpu); + (!lapic_in_kernel(vcpu) + ? !vcpu->arch.interrupt.injected + : (kvm_apic_accept_pic_intr(vcpu) + && !pending_userspace_extint(v))); we realize two things. First, thanks to the previous patch the complex conditional can reuse !kvm_cpu_has_extint(vcpu). Second, the interrupt window request in vcpu_enter_guest() bool req_int_win = dm_request_for_irq_injection(vcpu) && kvm_cpu_accept_dm_intr(vcpu); should be kept in sync with kvm_vcpu_ready_for_interrupt_injection(): it is unnecessary to ask the processor for an interrupt window if we would not be able to return to userspace. Therefore, kvm_cpu_accept_dm_intr(vcpu) is basically !kvm_cpu_has_extint(vcpu) ANDed with the existing check for masked ExtINT. It all makes sense: - we can accept an interrupt from userspace if there is a place to stash it (and, for irqchip split, ExtINTs are not masked). Interrupts from userspace _can_ be accepted even if right now EFLAGS.IF=0. - in order to tell userspace we will inject its interrupt ("IRQ window open" i.e. kvm_vcpu_ready_for_interrupt_injection), both KVM and the vCPU need to be ready to accept the interrupt. ... and this is what the patch implements. Reported-by: David Woodhouse <dwmw@amazon.co.uk> Analyzed-by: David Woodhouse <dwmw@amazon.co.uk> Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Nikos Tsironis <ntsironis@arrikto.com> Reviewed-by: David Woodhouse <dwmw@amazon.co.uk> Tested-by: David Woodhouse <dwmw@amazon.co.uk>
156 lines
3.5 KiB
C
156 lines
3.5 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* irq.c: API for in kernel interrupt controller
|
|
* Copyright (c) 2007, Intel Corporation.
|
|
* Copyright 2009 Red Hat, Inc. and/or its affiliates.
|
|
*
|
|
* Authors:
|
|
* Yaozu (Eddie) Dong <Eddie.dong@intel.com>
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/kvm_host.h>
|
|
|
|
#include "irq.h"
|
|
#include "i8254.h"
|
|
#include "x86.h"
|
|
|
|
/*
|
|
* check if there are pending timer events
|
|
* to be processed.
|
|
*/
|
|
int kvm_cpu_has_pending_timer(struct kvm_vcpu *vcpu)
|
|
{
|
|
if (lapic_in_kernel(vcpu))
|
|
return apic_has_pending_timer(vcpu);
|
|
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL(kvm_cpu_has_pending_timer);
|
|
|
|
/*
|
|
* check if there is a pending userspace external interrupt
|
|
*/
|
|
static int pending_userspace_extint(struct kvm_vcpu *v)
|
|
{
|
|
return v->arch.pending_external_vector != -1;
|
|
}
|
|
|
|
/*
|
|
* check if there is pending interrupt from
|
|
* non-APIC source without intack.
|
|
*/
|
|
int kvm_cpu_has_extint(struct kvm_vcpu *v)
|
|
{
|
|
/*
|
|
* FIXME: interrupt.injected represents an interrupt whose
|
|
* side-effects have already been applied (e.g. bit from IRR
|
|
* already moved to ISR). Therefore, it is incorrect to rely
|
|
* on interrupt.injected to know if there is a pending
|
|
* interrupt in the user-mode LAPIC.
|
|
* This leads to nVMX/nSVM not be able to distinguish
|
|
* if it should exit from L2 to L1 on EXTERNAL_INTERRUPT on
|
|
* pending interrupt or should re-inject an injected
|
|
* interrupt.
|
|
*/
|
|
if (!lapic_in_kernel(v))
|
|
return v->arch.interrupt.injected;
|
|
|
|
if (!kvm_apic_accept_pic_intr(v))
|
|
return 0;
|
|
|
|
if (irqchip_split(v->kvm))
|
|
return pending_userspace_extint(v);
|
|
else
|
|
return v->kvm->arch.vpic->output;
|
|
}
|
|
|
|
/*
|
|
* check if there is injectable interrupt:
|
|
* when virtual interrupt delivery enabled,
|
|
* interrupt from apic will handled by hardware,
|
|
* we don't need to check it here.
|
|
*/
|
|
int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v)
|
|
{
|
|
if (kvm_cpu_has_extint(v))
|
|
return 1;
|
|
|
|
if (!is_guest_mode(v) && kvm_vcpu_apicv_active(v))
|
|
return 0;
|
|
|
|
return kvm_apic_has_interrupt(v) != -1; /* LAPIC */
|
|
}
|
|
EXPORT_SYMBOL_GPL(kvm_cpu_has_injectable_intr);
|
|
|
|
/*
|
|
* check if there is pending interrupt without
|
|
* intack.
|
|
*/
|
|
int kvm_cpu_has_interrupt(struct kvm_vcpu *v)
|
|
{
|
|
if (kvm_cpu_has_extint(v))
|
|
return 1;
|
|
|
|
return kvm_apic_has_interrupt(v) != -1; /* LAPIC */
|
|
}
|
|
EXPORT_SYMBOL_GPL(kvm_cpu_has_interrupt);
|
|
|
|
/*
|
|
* Read pending interrupt(from non-APIC source)
|
|
* vector and intack.
|
|
*/
|
|
static int kvm_cpu_get_extint(struct kvm_vcpu *v)
|
|
{
|
|
if (!kvm_cpu_has_extint(v)) {
|
|
WARN_ON(!lapic_in_kernel(v));
|
|
return -1;
|
|
}
|
|
|
|
if (!lapic_in_kernel(v))
|
|
return v->arch.interrupt.nr;
|
|
|
|
if (irqchip_split(v->kvm)) {
|
|
int vector = v->arch.pending_external_vector;
|
|
|
|
v->arch.pending_external_vector = -1;
|
|
return vector;
|
|
} else
|
|
return kvm_pic_read_irq(v->kvm); /* PIC */
|
|
}
|
|
|
|
/*
|
|
* Read pending interrupt vector and intack.
|
|
*/
|
|
int kvm_cpu_get_interrupt(struct kvm_vcpu *v)
|
|
{
|
|
int vector = kvm_cpu_get_extint(v);
|
|
if (vector != -1)
|
|
return vector; /* PIC */
|
|
|
|
return kvm_get_apic_interrupt(v); /* APIC */
|
|
}
|
|
EXPORT_SYMBOL_GPL(kvm_cpu_get_interrupt);
|
|
|
|
void kvm_inject_pending_timer_irqs(struct kvm_vcpu *vcpu)
|
|
{
|
|
if (lapic_in_kernel(vcpu))
|
|
kvm_inject_apic_timer_irqs(vcpu);
|
|
}
|
|
EXPORT_SYMBOL_GPL(kvm_inject_pending_timer_irqs);
|
|
|
|
void __kvm_migrate_timers(struct kvm_vcpu *vcpu)
|
|
{
|
|
__kvm_migrate_apic_timer(vcpu);
|
|
__kvm_migrate_pit_timer(vcpu);
|
|
if (kvm_x86_ops.migrate_timers)
|
|
kvm_x86_ops.migrate_timers(vcpu);
|
|
}
|
|
|
|
bool kvm_arch_irqfd_allowed(struct kvm *kvm, struct kvm_irqfd *args)
|
|
{
|
|
bool resample = args->flags & KVM_IRQFD_FLAG_RESAMPLE;
|
|
|
|
return resample ? irqchip_kernel(kvm) : irqchip_in_kernel(kvm);
|
|
}
|