Re: [XEN][PATCH] x86/hvm: vlapic: fix RO bits emulation in LVTx regs

Fri, 26 Sep 2025 05:29:52 -0700 



On 26.09.25 14:12, Alejandro Vallejo wrote:

On Fri Sep 26, 2025 at 12:52 PM CEST, Jan Beulich wrote:

On 26.09.2025 12:38, Grygorii Strashko wrote:

On 26.09.25 11:17, Jan Beulich wrote:

On 25.09.2025 21:55, Grygorii Strashko wrote:

From: Grygorii Strashko <[email protected]>

The LAPIC LVTx registers have two RO bits:
- all: Delivery Status (DS) bit 12
- LINT0/LINT1: Remote IRR Flag (RIR) bit 14.
    This bit is reserved for other LVTx regs with RAZ/WI access type (MMIO), 
while
    WRMSR (guest_wrmsr_x2apic()) has appropiate checks for reserved bits
    (MBZ access type).


Question is what the behavior is for writing the r/o (but not reserved) bits.
I wasn't able to find any statement in the SDM.


Me too. Usually RO/WI on most HW.
For example, LAPIC MMIO "Write" will be ignored (WRMSR will trigger exception).


My remark was specifically about WRMSR, and what you say here contradicts ...


Not quite what you're asking, but writing to the X2APIC_ID register does trigger
#GP(0), so one would hope writing to RO bits triggers an exception too rather
than being WI when mixed with RW bits in a register.

Now again, it might not in order to avoid #GP(0) on a race.

Definitely worth running a silly test with wrmsr_safe() to make sure. I could
see real hardware going either way.


I see following code in Linux apic.c

        value = apic_read(APIC_LVT0);
        value &= ~(APIC_MODE_MASK | APIC_SEND_PENDING |
                APIC_INPUT_POLARITY | APIC_LVT_REMOTE_IRR |
                APIC_LVT_LEVEL_TRIGGER | APIC_LVT_MASKED);
        value |= APIC_LVT_REMOTE_IRR | APIC_SEND_PENDING;
        value = SET_APIC_DELIVERY_MODE(value, APIC_MODE_EXTINT);
        apic_write(APIC_LVT0, value);

where RO
#define         APIC_LVT_REMOTE_IRR             (1 << 14)
#define         APIC_SEND_PENDING               (1 << 12)

This means writing to RO bits (at least LVT) doesn't expect to trigger 
exception and
changing that in guest_wrmsr_x2apic() will break existing guests.

Xen has the similar code [2].

[1] 
https://github.com/torvalds/linux/blob/4ff71af020ae59ae2d83b174646fc2ad9fcd4dc4/arch/x86/kernel/apic/apic.c#L2251
[2] 
https://github.com/xen-project/xen/blob/382dd0d166cb85139d86ff26fd96af102ae4fef3/xen/arch/x86/apic.c#L244

--
Best regards,
-grygorii
























					Reply via email to