Add support for redirected VTL0 interrupts #80

ricardon · 2025-05-22T16:45:53Z

Hi,

This pull request implements microsoft/openvmm#406. The issue describes the problem statement and proposed solution.

This code enables the changes made here: microsoft/openvmm#384.

Thank you for your consideration.

ricardon · 2025-05-22T16:58:33Z

@microsoft-github-policy-service agree [company="Intel Corporation"] From: microsoft-github-policy-service[bot] ***@***.***> Sent: Thursday, May 22, 2025 12:47 PM To: microsoft/OHCL-Linux-Kernel ***@***.***> Cc: Neri, Ricardo ***@***.***>; Mention ***@***.***> Subject: Re: [microsoft/OHCL-Linux-Kernel] Add support for redirected VTL0 interrupts (PR #80) [https://avatars.githubusercontent.com/in/95686?s=20&v=4]microsoft-github-policy-service[bot] left a comment (microsoft/OHCL-Linux-Kernel#80)<#80 (comment)> @ricardon<https://github.com/ricardon> please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information. @microsoft-github-policy-service agree [company="{your company}"] Options: * (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer. @microsoft-github-policy-service agree * (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer. @microsoft-github-policy-service agree company="Microsoft" Contributor License Agreement Contribution License Agreement This Contribution License Agreement (“Agreement”) is agreed to by the party signing below (“You”), and conveys certain license rights to Microsoft Corporation and its affiliates (“Microsoft”) for Your contributions to Microsoft open source projects. This Agreement is effective as of the latest signature date below. 1. Definitions. “Code” means the computer software code, whether in human-readable or machine-executable form, that is delivered by You to Microsoft under this Agreement. “Project” means any of the projects owned or managed by Microsoft and offered under a license approved by the Open Source Initiative (www.opensource.org<http://www.opensource.org>). “Submit” is the act of uploading, submitting, transmitting, or distributing code or other content to any Project, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Project for the purpose of discussing and improving that Project, but excluding communication that is conspicuously marked or otherwise designated in writing by You as “Not a Submission.” “Submission” means the Code and any other copyrightable material Submitted by You, including any associated comments and documentation. 2. Your Submission. You must agree to the terms of this Agreement before making a Submission to any Project. This Agreement covers any and all Submissions that You, now or in the future (except as described in Section 4 below), Submit to any Project. 3. Originality of Work. You represent that each of Your Submissions is entirely Your original work. Should You wish to Submit materials that are not Your original work, You may Submit them separately to the Project if You (a) retain all copyright and license information that was in the materials as You received them, (b) in the description accompanying Your Submission, include the phrase “Submission containing materials of a third party:” followed by the names of the third party and any licenses or other restrictions of which You are aware, and (c) follow any other instructions in the Project’s written guidelines concerning Submissions. 4. Your Employer. References to “employer” in this Agreement include Your employer or anyone else for whom You are acting in making Your Submission, e.g. as a contractor, vendor, or agent. If Your Submission is made in the course of Your work for an employer or Your employer has intellectual property rights in Your Submission by contract or applicable law, You must secure permission from Your employer to make the Submission before signing this Agreement. In that case, the term “You” in this Agreement will refer to You and the employer collectively. If You change employers in the future and desire to Submit additional Submissions for the new employer, then You agree to sign a new Agreement and secure permission from the new employer before Submitting those Submissions. 5. Licenses. * Copyright License. You grant Microsoft, and those who receive the Submission directly or indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license in the Submission to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute the Submission and such derivative works, and to sublicense any or all of the foregoing rights to third parties. * Patent License. You grant Microsoft, and those who receive the Submission directly or indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license under Your patent claims that are necessarily infringed by the Submission or the combination of the Submission with the Project to which it was Submitted to make, have made, use, offer to sell, sell and import or otherwise dispose of the Submission alone or with the Project. * Other Rights Reserved. Each party reserves all rights not expressly granted in this Agreement. No additional licenses or rights whatsoever (including, without limitation, any implied licenses) are granted by implication, exhaustion, estoppel or otherwise. 1. Representations and Warranties. You represent that You are legally entitled to grant the above licenses. You represent that each of Your Submissions is entirely Your original work (except as You may have disclosed under Section 3). You represent that You have secured permission from Your employer to make the Submission in cases where Your Submission is made in the course of Your work for Your employer or Your employer has intellectual property rights in Your Submission by contract or applicable law. If You are signing this Agreement on behalf of Your employer, You represent and warrant that You have the necessary authority to bind the listed employer to the obligations contained in this Agreement. You are not expected to provide support for Your Submission, unless You choose to do so. UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, AND EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED UNDER THIS AGREEMENT IS PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. 2. Notice to Microsoft. You agree to notify Microsoft in writing of any facts or circumstances of which You later become aware that would make Your representations in this Agreement inaccurate in any respect. 3. Information about Submissions. You agree that contributions to Projects and information about contributions may be maintained indefinitely and disclosed publicly, including Your name and other information that You submit with Your Submission. 4. Governing Law/Jurisdiction. This Agreement is governed by the laws of the State of Washington, and the parties consent to exclusive jurisdiction and venue in the federal courts sitting in King County, Washington, unless no federal subject matter jurisdiction exists, in which case the parties consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington. The parties waive all defenses of lack of personal jurisdiction and forum non-conveniens. 5. Entire Agreement/Assignment. This Agreement is the entire agreement between the parties, and supersedes any and all prior agreements, understandings or communications, written or oral, between the parties relating to the subject matter hereof. This Agreement may be assigned by Microsoft. — Reply to this email directly, view it on GitHub<#80 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAEV22GZBESN5S6QTJOGZMT27X5ORAVCNFSM6AAAAAB5WSPRFCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSMBRHEYDSMRTHE>. You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>

ricardon · 2025-05-22T17:07:54Z

@microsoft-github-policy-service agree [company="Intel Corporation"]

ricardon · 2025-05-22T17:08:26Z

@microsoft-github-policy-service agree company="Intel Corporation"

romank-msft · 2025-05-29T18:53:49Z

include/uapi/linux/mshv.h

@@ -359,6 +363,8 @@ struct mshv_kick_cpus {
 /* For x86-64 TDX only */
 #define MSHV_VTL_TDCALL _IOWR(MSHV_IOCTL, 0x32, struct mshv_tdcall)
 #define MSHV_VTL_READ_VMX_CR4_FIXED1 _IOR(MSHV_IOCTL, 0x33, __u64)
+#define MSHV_VTL_MAP_REDIRECTED_DEVICE_INTERRUPT _IOWR(MSHV_IOCTL, 0x38, \


that was taken recently by the KICK_CPUS ioctl. If you've rebased, please change to a free code.

Sure. I didn't realize. I will update it.

romank-msft · 2025-05-29T18:57:07Z

drivers/hv/mshv_vtl_main.c

+		 * vector is mapped.
+		 */
+		intr_data.vector = ret;
+		ret = copy_to_user(user_arg, &intr_data, sizeof(intr_data));


This might fail returning the number of bytes that weren't copied. Is that good to return from this ioctl?

Right. This does not look correct. I'll fix the error handling.

romank-msft · 2025-05-29T18:58:29Z

drivers/hv/mshv_vtl_main.c

+		return (long)-EFAULT;
+
+	if (!intr_data.create_mapping)
+		/* User space provides the hardware vector to unmap. */


maybe move the comment above the if statement?

Sure. Will do.

romank-msft · 2025-05-29T19:00:10Z

drivers/hv/mshv_vtl_main.c

@@ -430,13 +430,30 @@ static int mshv_vtl_get_vsm_regs(void)
 	return ret;
 }

+static void do_assert_single_proxy_intr(const u32 vector, struct mshv_vtl_run *run)
+{
+	const u32 bank = vector / 32;


the compiler should optimize this, but maybe >>5 would be good here?

Sure. This is a good improvement. I will update it.

romank-msft · 2025-05-29T19:01:39Z

drivers/hv/mshv_vtl_main.c

+static void do_assert_single_proxy_intr(const u32 vector, struct mshv_vtl_run *run)
+{
+	const u32 bank = vector / 32;
+	const u32 masked_irr = BIT(vector % 32) & ~READ_ONCE(run->proxy_irr_blocked[bank]);


& 0x1f instead of the modulo? Thinkling if the compiler doesn't optimize, that's the hot path

Sure. Good suggestion. I will add it.

arch/x86/kernel/cpu/mshyperv.c

The proxy interrupts that the VTL2 kernel relays to the VTL0 guest are handled via the single interrupt vector of the VMBus synthetic interrupt controller. On TDX guests in particular, Hyper-V does not use posted interrupts for these interrupts. This results in a TDEXIT for every interrupt and consequent performance degradation. To recoup performance, updated versions of Hyper-V will feature support the posting of VTL0 interrupts directly to the VTL2 guest. In such setup, the VTL2 guest still relays interrupts to the VTL0 guest, but uses a dedicated VTL2 interrupt vector for each VTL0 interrupt. Since user space in the VTL2 guest is responsible of requesting such redirection, implement the new MAP_REDIRECTED_DEVICE_INTERRUPT IOCTL. User space provides the vector of the VTL0 guest that wants the VTL2 kernel to redirect. On success, return the corresponding VTL2 interrupt vector on the payload of the IOCTL. Reuse the same IOCTL to also request the removal of the redirection when needed. When removing a redirection user space must provide the number of the hardware vector. Provide weak stub functions. Subsequent changsets will implement actual functionality for x86. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * Assigned 0x39 to MAP_REDIRECTED_DEVICE_INTERRUPT as 0x38 was already taken. (Roman) * Fixed error handling for copy_to_user(). (Roman) * Moved comment about unmapping above the conditional statement. (Roman)

The computation of the proxy interrupt needs to be computed each time it needs to be flagged. Optimize the computation using bit shifts and masks. While here, fix a minor issue on a comment. Suggested-by: Roman Kisel <[email protected]> Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * Introduced this patch.

Proxy interrupts can be asserted in group or individually via the vector of the VMBus synthetic interrupt controller. They can also be asserted individually if the proxy interrupt has been redirected to a hardware interrupt vector in the VTL2 guest. Add a helper function to handle single proxy interrupts that both cases can use. No functional change intended. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * Rebased on the previous changeset that optimizes the calculation of the proxy interrupt bit.

The Hyper-V VTL driver owns all the data structures of proxy interrupts. Add an architecture-independent handler to assert those that are redirected (one proxy interrupt is redirected to one hardware interrupt). The servicing of hardware interrupts is implemented in architecture- specific code that is usually compiled as built-in. The Hyper-V driver can be a module. The handler is out of scope of built-in code at build time. It needs to be registered at runtime when the Hyper-V driver is loaded. Since the registration of the handler is architecture-specific, add weak stub functions that architectures can use to implement such registration. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * None

Recent versions of Hyper-V hosts use IOMMU posted interrupts to deliver the interrupts of VTL0 passthrough devices directly the underlying VTL2 guest. These interrupts are hardware vectors in the VTL2 guest and need an interrupt gate in the Interrupt Descriptor Table. Reserve a block of 32 interrupt vectors immediately below the FIRST_ SYSTEM_VECTOR. This can be regarded as an expansion of the system vectors at the expense of external vectors. This should be acceptable since not many external vectors are used in the normal operation of the VTL2 kernel. Moreover, the proxy interrupts that the VTL2 guest handles come from devices. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * None

The symbols irq_entries_start and spurious_entries_start are tables of IDT entry stubs that are subsequently used to populate the interrupt descriptor table. The code for both stubs tables is identical. Wrap it in a macro. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * None

Create a block interrupt gates that start at FIRST_HV_VTL_REDIRECTED_ VECTOR. Service this interrupt with the function hv_vtl_redirected_ interrupt(). Only tell the APIC that the interrupt has been handled. Subsequent changesets will use these interrupt vectors to deliver their corresponding proxy interrupts to a VTL0 guest. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * None

The MAP_REDIRECTED_DEVICE_INTERRUPT IOCTL maps an interrupt of a VTL0 guest to a hadware vector interrupt in the VTL2 kernel. On x86, we reserve a block of 32 vectors starting at FIRST_HV_VTL_ REDIRECTED_VECTOR for this mapping. Keep track of this redirection using an array hardware interrupt vectors and their mapping to a proxy interrupt, if any. Note that the array starts at zero but the first hardware vector is FIRST_HV_VTL_REDIRECTED_VECTOR. Account for this offset as needed. The array of mapped proxy interrupts is only updated when processing the IOCTL. It is only read during interrupts. Serialize access using a seqcount. This allows lockless read access for cases in which multiple CPUs want to access the mapping data structures. Since we are using a seqcount, writers cannot be preempted. Protect write access using a spinlock. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * Used a seqcount for serialization.

Implement the hv_{setup, remove}__redirected_proxy_intr_handler() function. Store a pointer to the handler that the Hyper-V VTL driver provides. It will be needed when dispatching hardware interrupt vectors that have been mapped to proxy interrupts. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * None

Once a redirected proxy interrupt has been configured, the IOMMU at the host will post it directly to a hardware vector in the VTL2 guest. Calculate the index of the proxy interrupt based on the hardware interrupt vector and indicate that it needs to be asserted. We only read the redirected data structures during interrupts. Protect access using the provided seqcount. This allows lockless access for readers. Signed-off-by: Ricardo Neri <[email protected]> --- Changes since v1: * Used a seqcount for serialization

ricardon · 2025-05-31T00:48:40Z

I updated the patches to incorporate feedback from @romank-msft and use a seqcount to serialize access to the redirected proxy interrupts data structures.

romank-msft · 2025-06-03T23:14:50Z

LGTM. Someone more familiar with the intent might want to take a look.

ricardon mentioned this pull request May 27, 2025

Add support in L1 kernel handle interrupts posted from the IOMMU microsoft/openvmm#406

Open

chris-oo self-assigned this May 28, 2025

romank-msft reviewed May 29, 2025

View reviewed changes

arch/x86/kernel/cpu/mshyperv.c Show resolved Hide resolved

ricardon force-pushed the rneri/redirec-posted-intr branch from 3a546de to 76e36f5 Compare May 31, 2025 00:43

ricardon added 10 commits May 30, 2025 17:45

ricardon force-pushed the rneri/redirec-posted-intr branch from 76e36f5 to 9fe424d Compare May 31, 2025 00:46

romank-msft approved these changes Jun 3, 2025

View reviewed changes

Add support for redirected VTL0 interrupts #80

Are you sure you want to change the base?

Add support for redirected VTL0 interrupts #80

Uh oh!

Conversation

ricardon commented May 22, 2025

Uh oh!

ricardon commented May 22, 2025 via email

Uh oh!

ricardon commented May 22, 2025

Uh oh!

ricardon commented May 22, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

ricardon commented May 31, 2025

Uh oh!

romank-msft commented Jun 3, 2025

Uh oh!

Uh oh!