Commit 628a2773 authored by Sean Christopherson's avatar Sean Christopherson
Browse files

KVM: x86: Add CONFIG_KVM_IOAPIC to allow disabling in-kernel I/O APIC 



Add a Kconfig to allow building KVM without support for emulating a I/O
APIC, PIC, and PIT, which is desirable for deployments that effectively
don't support a fully in-kernel IRQ chip, i.e. never expect any VMM to
create an in-kernel I/O APIC.  E.g. compiling out support eliminates a few
thousand lines of guest-facing code and gives security folks warm fuzzies.

As a bonus, wrapping relevant paths with CONFIG_KVM_IOAPIC #ifdefs makes
it much easier for readers to understand which bits and pieces exist
specifically for fully in-kernel IRQ chips.

Opportunistically convert all two in-kernel uses of __KVM_HAVE_IOAPIC to
CONFIG_KVM_IOAPIC, e.g. rather than add a second #ifdef to generate a stub
for kvm_arch_post_irq_routing_update().

Acked-by: default avatarKai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/r/20250611213557.294358-15-seanjc@google.com


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent 2c938850

arch/x86/include/asm/kvm_host.h

+2 −0
Original line number Diff line number Diff line
@@ -1375,9 +1375,11 @@ struct kvm_arch { 
	atomic_t noncoherent_dma_count;

#define __KVM_HAVE_ARCH_ASSIGNED_DEVICE

	atomic_t assigned_device_count;

#ifdef CONFIG_KVM_IOAPIC

	struct kvm_pic *vpic;

	struct kvm_ioapic *vioapic;

	struct kvm_pit *vpit;

#endif

	atomic_t vapics_in_nmi_mode;

	struct mutex apic_map_lock;

	struct kvm_apic_map __rcu *apic_map;

arch/x86/kvm/Kconfig

+10 −0
Original line number Diff line number Diff line
@@ -166,6 +166,16 @@ config KVM_AMD_SEV 
	  Encrypted State (SEV-ES), and Secure Encrypted Virtualization with

	  Secure Nested Paging (SEV-SNP) technologies on AMD processors.



config KVM_IOAPIC

	bool "I/O APIC, PIC, and PIT emulation"

	default y

	depends on KVM

	help

	  Provides support for KVM to emulate an I/O APIC, PIC, and PIT, i.e.

	  for full in-kernel APIC emulation.



	  If unsure, say Y.



config KVM_SMM

	bool "System Management Mode emulation"

	default y

arch/x86/kvm/Makefile

+3 −2
Original line number Diff line number Diff line
@@ -5,12 +5,13 @@ ccflags-$(CONFIG_KVM_WERROR) += -Werror 


include $(srctree)/virt/kvm/Makefile.kvm



kvm-y			+= x86.o emulate.o i8259.o irq.o lapic.o \

			   i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \

kvm-y			+= x86.o emulate.o irq.o lapic.o \

			   irq_comm.o cpuid.o pmu.o mtrr.o \

			   debugfs.o mmu/mmu.o mmu/page_track.o \

			   mmu/spte.o



kvm-$(CONFIG_X86_64) += mmu/tdp_iter.o mmu/tdp_mmu.o

kvm-$(CONFIG_KVM_IOAPIC) += i8259.o i8254.o ioapic.o

kvm-$(CONFIG_KVM_HYPERV) += hyperv.o

kvm-$(CONFIG_KVM_XEN)	+= xen.o

kvm-$(CONFIG_KVM_SMM)	+= smm.o

arch/x86/kvm/i8254.h

+2 −0
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ 


#include <uapi/asm/kvm.h>



#ifdef CONFIG_KVM_IOAPIC

struct kvm_kpit_channel_state {

	u32 count; /* can be 65536 */

	u16 latched_count;
@@ -64,5 +65,6 @@ int kvm_vm_ioctl_reinject(struct kvm *kvm, struct kvm_reinject_control *control) 


struct kvm_pit *kvm_create_pit(struct kvm *kvm, u32 flags);

void kvm_free_pit(struct kvm *kvm);

#endif /* CONFIG_KVM_IOAPIC */



#endif

arch/x86/kvm/irq.c

+8 −0
Original line number Diff line number Diff line
@@ -76,8 +76,10 @@ int kvm_cpu_has_extint(struct kvm_vcpu *v) 
	if (!kvm_apic_accept_pic_intr(v))

		return 0;



#ifdef CONFIG_KVM_IOAPIC

	if (pic_in_kernel(v->kvm))

		return v->kvm->arch.vpic->output;

#endif



	WARN_ON_ONCE(!irqchip_split(v->kvm));

	return pending_userspace_extint(v);
@@ -136,8 +138,10 @@ int kvm_cpu_get_extint(struct kvm_vcpu *v) 
		return v->kvm->arch.xen.upcall_vector;

#endif



#ifdef CONFIG_KVM_IOAPIC

	if (pic_in_kernel(v->kvm))

		return kvm_pic_read_irq(v->kvm); /* PIC */

#endif



	WARN_ON_ONCE(!irqchip_split(v->kvm));

	return get_userspace_extint(v);
@@ -171,7 +175,9 @@ void kvm_inject_pending_timer_irqs(struct kvm_vcpu *vcpu) 
void __kvm_migrate_timers(struct kvm_vcpu *vcpu)

{

	__kvm_migrate_apic_timer(vcpu);

#ifdef CONFIG_KVM_IOAPIC

	__kvm_migrate_pit_timer(vcpu);

#endif

	kvm_x86_call(migrate_timers)(vcpu);

}
@@ -187,6 +193,7 @@ bool kvm_arch_irqchip_in_kernel(struct kvm *kvm) 
	return irqchip_in_kernel(kvm);

}



#ifdef CONFIG_KVM_IOAPIC

#define IOAPIC_ROUTING_ENTRY(irq) \

	{ .gsi = irq, .type = KVM_IRQ_ROUTING_IRQCHIP,	\

	  .u.irqchip = { .irqchip = KVM_IRQCHIP_IOAPIC, .pin = (irq) } }
@@ -273,3 +280,4 @@ int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip) 
	kvm_pic_update_irq(pic);

	return r;

}

#endif