[PATCH v3 20/62] KVM: SVM: Add a comment to explain why avic_vcpu_blocking() ignores IRQ blocking

From: Sean Christopherson
Date: Wed Jun 11 2025 - 18:56:20 EST

Next message: Sean Christopherson: "[PATCH v3 28/62] KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU"
Previous message: Sean Christopherson: "[PATCH v3 26/62] KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c"
In reply to: Sean Christopherson: "[PATCH v3 26/62] KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c"
Next in thread: Sean Christopherson: "[PATCH v3 28/62] KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add a comment to explain why KVM clears IsRunning when putting a vCPU,
even though leaving IsRunning=1 would be ok from a functional perspective.
Per Maxim's experiments, a misbehaving VM could spam the AVIC doorbell so
fast as to induce a 50%+ loss in performance.

Link: https://lore.kernel.org/all/8d7e0d0391df4efc7cb28557297eb2ec9904f1e5.camel@xxxxxxxxxx
Cc: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/svm/avic.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index bf8b59556373..3cf929ac117f 100644
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -1121,19 +1121,24 @@ void avic_vcpu_blocking(struct kvm_vcpu *vcpu)
if (!kvm_vcpu_apicv_active(vcpu))
return;

- /*
- * Unload the AVIC when the vCPU is about to block, _before_
- * the vCPU actually blocks.
- *
- * Any IRQs that arrive before IsRunning=0 will not cause an
- * incomplete IPI vmexit on the source, therefore vIRR will also
- * be checked by kvm_vcpu_check_block() before blocking. The
- * memory barrier implicit in set_current_state orders writing
- * IsRunning=0 before reading the vIRR. The processor needs a
- * matching memory barrier on interrupt delivery between writing
- * IRR and reading IsRunning; the lack of this barrier might be
- * the cause of errata #1235).
- */
+ /*
+ * Unload the AVIC when the vCPU is about to block, _before_ the vCPU
+ * actually blocks.
+ *
+ * Note, any IRQs that arrive before IsRunning=0 will not cause an
+ * incomplete IPI vmexit on the source; kvm_vcpu_check_block() handles
+ * this by checking vIRR one last time before blocking. The memory
+ * barrier implicit in set_current_state orders writing IsRunning=0
+ * before reading the vIRR. The processor needs a matching memory
+ * barrier on interrupt delivery between writing IRR and reading
+ * IsRunning; the lack of this barrier might be the cause of errata #1235).
+ *
+ * Clear IsRunning=0 even if guest IRQs are disabled, i.e. even if KVM
+ * doesn't need to detect events for scheduling purposes. The doorbell
+ * used to signal running vCPUs cannot be blocked, i.e. will perturb the
+ * CPU and cause noisy neighbor problems if the VM is sending interrupts
+ * to the vCPU while it's scheduled out.
+ */
avic_vcpu_put(vcpu);
}

--
2.50.0.rc1.591.g9c95f17f64-goog

Next message: Sean Christopherson: "[PATCH v3 28/62] KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU"
Previous message: Sean Christopherson: "[PATCH v3 26/62] KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c"
In reply to: Sean Christopherson: "[PATCH v3 26/62] KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c"
Next in thread: Sean Christopherson: "[PATCH v3 28/62] KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]