| Andrew Walbran | 6e524d7 | 2019-11-12 17:36:57 +0000 | [diff] [blame] | 1 | # Scheduler VM expectations |
| 2 | |
| 3 | Hafnium requires there to be a special 'primary' or 'scheduler' VM which is |
| 4 | responsible for scheduling the other VMs. There are some particular expectations |
| 5 | on this VM that are required for the rest of the system to function normally. |
| 6 | |
| Andrew Walbran | b784997 | 2019-11-15 15:23:43 +0000 | [diff] [blame^] | 7 | [TOC] |
| 8 | |
| Andrew Walbran | 6e524d7 | 2019-11-12 17:36:57 +0000 | [diff] [blame] | 9 | ## Scheduling |
| 10 | |
| 11 | The scheduler VM is responsible for scheduling the vCPUs of all the other VMs. |
| 12 | It should request information about the VMs in the system using the |
| 13 | `SPCI_PARTITION_INFO_GET` function, and then schedule their vCPUs as it wishes. |
| 14 | The recommended way of doing this is to create a kernel thread for each vCPU, |
| 15 | which will repeatedly run that vCPU by calling `SPCI_RUN`. |
| 16 | |
| 17 | `SPCI_RUN` will return one of several possible functions, which must be handled |
| 18 | as follows: |
| 19 | |
| 20 | ### `SPCI_INTERRUPT` |
| 21 | |
| 22 | The vCPU has been preempted but still has work to do. If the scheduling quantum |
| 23 | has not expired, the scheduler MUST call `hf_vcpu_run` on the vCPU to allow it |
| 24 | to continue. |
| 25 | |
| 26 | ### `SPCI_YIELD` |
| 27 | |
| 28 | The vCPU has voluntarily yielded the CPU. The scheduler SHOULD take a scheduling |
| 29 | decision to give cycles to those that need them but MUST call `hf_vcpu_run` on |
| 30 | the vCPU at a later point. |
| 31 | |
| 32 | ### `SPCI_MSG_WAIT` |
| 33 | |
| 34 | The vCPU is blocked waiting for a message. The scheduler MUST take it off the |
| 35 | run queue and not call `SPCI_RUN` on the vCPU until it has either: |
| 36 | |
| 37 | * injected an interrupt |
| 38 | * sent it a message |
| 39 | * received `HF_SPCI_RUN_WAKE_UP` for it from another vCPU |
| 40 | * the timeout provided in `w2` is not `SPCI_SLEEP_INDEFINITE` and the |
| 41 | specified duration has expired. |
| 42 | |
| 43 | ### `SPCI_MSG_SEND` |
| 44 | |
| 45 | A message has been sent by the vCPU. If the recipient is the scheduler VM itself |
| 46 | then it can handle it as it pleases. Otherwise the scheduler MUST run a vCPU |
| 47 | from the recipient VM and priority SHOULD be given to those vCPUs that are |
| 48 | waiting for a message. The scheduler should call SPCI_RUN again on the sending |
| 49 | VM as usual. |
| 50 | |
| 51 | ### `SPCI_RX_RELEASE` |
| 52 | |
| 53 | The vCPU has made the mailbox writable and there are pending waiters. The |
| 54 | scheduler MUST call `hf_mailbox_waiter_get()` repeatedly and notify all waiters |
| 55 | by injecting an `HF_MAILBOX_WRITABLE_INTID` interrupt. The scheduler should call |
| 56 | SPCI_RUN again on the sending VM as usual. |
| 57 | |
| 58 | ### `HF_SPCI_RUN_WAIT_FOR_INTERRUPT` |
| 59 | |
| 60 | _This is a Hafnium-specific function not part of the SPCI standard._ |
| 61 | |
| 62 | The vCPU is blocked waiting for an interrupt. The scheduler MUST take it off the |
| 63 | run queue and not call `SPCI_RUN` on the vCPU until it has either: |
| 64 | |
| 65 | * injected an interrupt |
| 66 | * received `HF_SPCI_RUN_WAKE_UP` for it from another vCPU |
| 67 | * the timeout provided in `w2` is not `SPCI_SLEEP_INDEFINITE` and the |
| 68 | specified duration has expired. |
| 69 | |
| 70 | ### `HF_SPCI_RUN_WAKE_UP` |
| 71 | |
| 72 | _This is a Hafnium-specific function not part of the SPCI standard._ |
| 73 | |
| 74 | Hafnium would like `hf_vcpu_run` to be called on another vCPU, specified by |
| 75 | `hf_vcpu_run_return.wake_up`. The scheduler MUST either wake the vCPU in |
| 76 | question up if it is blocked, or preempt and re-run it if it is already running |
| 77 | somewhere. This gives Hafnium a chance to update any CPU state which might have |
| 78 | changed. The scheduler should call SPCI_RUN again on the sending VM as usual. |
| 79 | |
| 80 | ### `SPCI_ERROR` |
| 81 | |
| 82 | #### `SPCI_ABORTED` |
| 83 | |
| 84 | The vCPU has aborted triggering the whole VM to abort. The scheduler MUST treat |
| 85 | this the same as `HF_SPCI_RUN_WAKE_UP` for all the other vCPUs of the VM. For |
| 86 | this vCPU the scheduler SHOULD either never call SPCI_RUN on the vCPU again, or |
| 87 | treat it the same as `HF_SPCI_RUN_WAIT_FOR_INTERRUPT`. |
| 88 | |
| 89 | #### Any other error code |
| 90 | |
| 91 | This should not happen if the scheduler VM has called `SPCI_RUN` correctly, but |
| 92 | in case there is some other error it should be logged. The scheduler SHOULD |
| 93 | either try again or suspend the vCPU indefinitely. |
| 94 | |
| 95 | ## Interrupt handling |
| 96 | |
| 97 | The scheduler VM is responsible for handling all hardware interrupts. Many of |
| 98 | these will be intended for the scheduler VM itself and it can handle them as |
| 99 | usual. However, it must also: |
| 100 | |
| 101 | * Enable, handle and ignore interrupts for the non-secure hypervisor physical |
| 102 | timer (PPI 10, IRQ 26). |
| 103 | * Forward interrupts intended for secondary VMs to an appropriate vCPU of the |
| 104 | VM by calling `hf_interrupt_inject` and then running the vCPU as usual with |
| 105 | `SPCI_RUN`. (If the vCPU is already running at the time that |
| 106 | `hf_interrupt_inject` is called then it must be preempted and run again so |
| 107 | that Hafnium can inject the interrupt.) |