On Thu, 2025-05-29 at 16:08 -0700, Sean Christopherson wrote: > On Thu, May 29, 2025, Kai Huang wrote: > > On Thu, 2025-05-29 at 07:31 -0700, Sean Christopherson wrote: > > > On Thu, May 29, 2025, Kai Huang wrote: > > > > On Thu, 2025-05-29 at 23:55 +1200, Kai Huang wrote: > > > > > On Mon, 2025-05-19 at 16:28 -0700, Sean Christopherson wrote: > > > > > > Add a Kconfig to allowing building KVM without support for emulating an > > > > > ^ > > > > > allow > > > > > > > > > > > I/O APIC, PIC, and PIT, which is desirable for deployments that effectively > > > > > > don't support a fully in-kernel IRQ chip, i.e. never expect any VMM to > > > > > > create an in-kernel I/O APIC. > > > > > > > > > > Do you happen to know what developments don't support a full in-kernel IRQ chip? > > > > > > Google Cloud, for one. I suspect/assume many/most CSPs don't utilize an in-kernel > > > I/O APIC. > > > > > > > > Do they only support userspace IRQ chip, or not support any IRQ chip at all? > > > > > > The former, only userspace I/O APIC (and associated devices), though some VM > > > shapes, e.g. TDX, don't provide an I/O APIC or PIC. > > > > Thanks for the info. > > > > Just wondering what's the benefit of using userspace IRQCHIP instead of > > emulating in the kernel? > > Reduced kernel attack surface (this was especially true years ago, before KVM's > I/O APIC emulation was well-tested) and more flexibility (e.g. shipping userspace > changes is typically easier than shipping new kernels. I'm pretty sure there's > one more big one that I'm blanking on at the moment. Yeah those make sense. I thought it was from functionality/performance's perspective but I was at wrong direction. > > > I thought one should either use in-kernel IRQCHIP or doesn't use any. > > > > > > > > > Forgot to ask: > > > > > > > > Since this new Kconfig option is not only for IOAPIC but also includes PIC and > > > > PIT, is CONFIG_KVM_IRQCHIP a better name? > > > > > > I much prefer IOAPIC, because IRQCHIP is far too ambiguous and confusing, e.g. > > > just look at KVM's internal APIs, where these: > > > > > > irqchip_in_kernel() > > > irqchip_kernel() > > > > > > are not equivalent. In practice, no modern guest kernel is going to utilize the > > > PIC, and the PIT isn't an IRQ chip, i.e. isn't strictly covered by IRQCHIP either. > > > > Right. > > > > Maybe it is worth to further have dedicated Kconfig for PIC, PIT and IOAPIC? > > Nah. PIC and I/O APIC can't be split (without new uAPI and non-trivial complexity), Right. I forgot this. > and I highly doubt there is any use case that would want an in-kernel I/O APIC > with a userspace PIT. I.e. in practice, the threealmost always come as a group; > either a setup wants all, or a setup wants none. OK. > > > But hmm, I am not sure whether emulating IOAPIC has more value than PIC. > > AIUI, it's not really an either or, since most software expects both an I/O APIC > and PIC. Any remotely modern kernel will definitely prefer the I/O APIC, but I > don't think it's something that can be guaranteed. OK :-) > > > For modern guests all emulated/assigned devices should just use MSI/MSI-X? > > Not all emulated devices, since some legacy hang off the I/O APIC, i.e. aren't > capable of generating MISs. Yeah. I thought in those deployments the guests should not be configured to have those devices. > > > > So I think/hope the vast majority of users/readers will be able to intuit that > > > CONFIG_KVM_IOAPIC also covers the PIC and PIT. > > > > Sure. > > > > Btw, I also find irqchip_in_kernel() and irqchip_kernel() confusing. I am not > > sure the value of having irqchip_in_kernel() in fact. The guest should always > > have an in-kernel APIC for modern guests. I am wondering whether we can get rid > > of it completely (the logic will be it is always be true), or we can have a > > Kconfig to only build it when user truly wants it. > > For better or worse, an in-kernel local APIC is still optional. I do hope/want > to make it mandatory, but that's not a small ABI change. Right. The ABI change is concern. Thanks for all the explanation!
