[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[XEN][PATCH] x86/hvm: vlapic: fix RO bits emulation in LVTx regs
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
- Date: Thu, 25 Sep 2025 19:55:59 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gzPredjRp3u8PrwWB70yDOQkOKdPO3jfQAYUIuRpkf4=; b=XEKHW6BYZdc48buQNlsBqmMQ7uFmU7yNeDC1ISE7m1nEym9r9Xl1j53D7jWYKw9SCEumAPi2OC4taMZJ9ykVxeWmF4asE/L0hopTIEXPdMk2hsdmddcyZXpACZfH2Y7C1eSLVeAOK1ORXxWMh7Rt+jo48A9q4lKTgBrhAx2T2lhcP6eeJN8tAyJy+FlhJuLPMg6SAplSUpohaF5GM517R6VlfUOhcFl2/qXX51jH8NFDSMman+o3LzalqkL/W0M6REkE4EFy+Y41pkxn4ub/QE9gVya2IqeNBKu3xPliEgL2Vaq2eY0GXBCAHrHkbK+9ebnGEBYdJ2FKFa3d+bsTnA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mLqJir9+aUROOt4NrSsSK0UjM83lSMKXQzvMU5NTqvnambZIc5ZZSAH4I8Aev6AgBSCxmEE5/pL7JaVJrPSPyUrwnTxON5p3kKiYSqTiAYoUS5bDkygdu2mzeqmNon1W+ss+47PnXEE3yVuKp4VQ7kjEikol6W8VPYYK/9eUl/ZJNbz0TStrSkJ6gFiBMgLyTydYWJ45yWaqzq95mwcj4yTBD+d4SlKeM7uO75UXUxVHtN7bxOnw9sVL1e3Od2qp87pSsQPmVd8CLULM8u2cY8/3NVzsipd7Yjy3qjaU7DUI2tYguR7vhthrhR6kSuOsCreQxktrTbmnDjD5HNyMmA==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Grygorii Strashko <grygorii_strashko@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>
- Delivery-date: Thu, 25 Sep 2025 19:56:28 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHcLlZqbf0MGzslLEaqcqespx3CAw==
- Thread-topic: [XEN][PATCH] x86/hvm: vlapic: fix RO bits emulation in LVTx regs
From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
The LAPIC LVTx registers have two RO bits:
- all: Delivery Status (DS) bit 12
- LINT0/LINT1: Remote IRR Flag (RIR) bit 14.
This bit is reserved for other LVTx regs with RAZ/WI access type (MMIO), while
WRMSR (guest_wrmsr_x2apic()) has appropiate checks for reserved bits
(MBZ access type).
and the current vLAPIC implementations allows guest to write to these RO bits.
The Delivery Status (DS) is not emulated by Xen - there is no IRQ msg bus, and
the IRQ is:
- or accepted at destination and appears as pending
(vLAPIC Interrupt Request Register (IRR))
- or get rejected immediately.
The Remote IRR Flag (RIR) behavior emulation is not implemented for LINT0/LINT1
in Xen for now.
Hence it is definitely wrong to allow guest to write to LVTx regs RO bits,
fix it by unconditionally cleaning up those bits in vlapic_reg_write().
Signed-off-by: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
---
xen/arch/x86/hvm/vlapic.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c
index 79697487ba90..78162afe7711 100644
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -880,6 +880,7 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg,
uint32_t val)
if ( vlapic_sw_disabled(vlapic) )
val |= APIC_LVT_MASKED;
val &= array_access_nospec(vlapic_lvt_mask, (reg - APIC_LVTT) >> 4);
+ val &= ~(APIC_LVT_REMOTE_IRR | APIC_SEND_PENDING);
vlapic_set_reg(vlapic, reg, val);
if ( reg == APIC_LVT0 )
{
--
2.34.1
|
