On Thu, May 29, 2025, Kai Huang wrote: > On Thu, 2025-05-29 at 07:31 -0700, Sean Christopherson wrote: > > On Thu, May 29, 2025, Kai Huang wrote: > > > On Thu, 2025-05-29 at 23:55 +1200, Kai Huang wrote: > > > > On Mon, 2025-05-19 at 16:28 -0700, Sean Christopherson wrote: > > > > > Add a Kconfig to allowing building KVM without support for emulating an > > > > ^ > > > > allow > > > > > > > > > I/O APIC, PIC, and PIT, which is desirable for deployments that effectively > > > > > don't support a fully in-kernel IRQ chip, i.e. never expect any VMM to > > > > > create an in-kernel I/O APIC. > > > > > > > > Do you happen to know what developments don't support a full in-kernel IRQ chip? > > > > Google Cloud, for one. I suspect/assume many/most CSPs don't utilize an in-kernel > > I/O APIC. > > > > > > Do they only support userspace IRQ chip, or not support any IRQ chip at all? > > > > The former, only userspace I/O APIC (and associated devices), though some VM > > shapes, e.g. TDX, don't provide an I/O APIC or PIC. > > Thanks for the info. > > Just wondering what's the benefit of using userspace IRQCHIP instead of > emulating in the kernel? Reduced kernel attack surface (this was especially true years ago, before KVM's I/O APIC emulation was well-tested) and more flexibility (e.g. shipping userspace changes is typically easier than shipping new kernels. I'm pretty sure there's one more big one that I'm blanking on at the moment. > I thought one should either use in-kernel IRQCHIP or doesn't use any. > > > > > > Forgot to ask: > > > > > > Since this new Kconfig option is not only for IOAPIC but also includes PIC and > > > PIT, is CONFIG_KVM_IRQCHIP a better name? > > > > I much prefer IOAPIC, because IRQCHIP is far too ambiguous and confusing, e.g. > > just look at KVM's internal APIs, where these: > > > > irqchip_in_kernel() > > irqchip_kernel() > > > > are not equivalent. In practice, no modern guest kernel is going to utilize the > > PIC, and the PIT isn't an IRQ chip, i.e. isn't strictly covered by IRQCHIP either. > > Right. > > Maybe it is worth to further have dedicated Kconfig for PIC, PIT and IOAPIC? Nah. PIC and I/O APIC can't be split (without new uAPI and non-trivial complexity), and I highly doubt there is any use case that would want an in-kernel I/O APIC with a userspace PIT. I.e. in practice, the threealmost always come as a group; either a setup wants all, or a setup wants none. > But hmm, I am not sure whether emulating IOAPIC has more value than PIC. AIUI, it's not really an either or, since most software expects both an I/O APIC and PIC. Any remotely modern kernel will definitely prefer the I/O APIC, but I don't think it's something that can be guaranteed. > For modern guests all emulated/assigned devices should just use MSI/MSI-X? Not all emulated devices, since some legacy hang off the I/O APIC, i.e. aren't capable of generating MISs. > > So I think/hope the vast majority of users/readers will be able to intuit that > > CONFIG_KVM_IOAPIC also covers the PIC and PIT. > > Sure. > > Btw, I also find irqchip_in_kernel() and irqchip_kernel() confusing. I am not > sure the value of having irqchip_in_kernel() in fact. The guest should always > have an in-kernel APIC for modern guests. I am wondering whether we can get rid > of it completely (the logic will be it is always be true), or we can have a > Kconfig to only build it when user truly wants it. For better or worse, an in-kernel local APIC is still optional. I do hope/want to make it mandatory, but that's not a small ABI change.
