> >>>>>>>> According the SDM, software should not touch the IRR when target > > vcpu > >>> is > >>>>>>> running. Instead, use locked way to access PIR. So your solution may > >>>>>>> wrong. Then your apicv patches are broken, because they do exactly > >>>>>>> that. > >>>>>> Which code is broken? > >>>>>> > >>>>> The one that updates IRR directly on the apic page. > >>>> No, all the updates are ensuring the target vcpu is not running. So > >>>> it's safe to touch IRR. > >>>> > >>> Not at all. Read the code. > >> Sorry. I still cannot figure out which code is wrong. All the places > >> call sync_pir_to_irr() are on target vcpu. Can you point out the code? > >> Thanks. > >> > > I am taking about vapic patches which are already in, not pir patches. > Yes, but the issue will be fixed with pir patches. With posted interrupt, it will touch PIR instead IRR and access PIR is allowed by HW. > > Best regards, > Yang > >From http://www.mail-archive.com/kvm@xxxxxxxxxxxxxxx/msg82824.html: " > 2. Section 29.6 mentions that "Use of the posted-interrupt descriptor > differs from that of other data structures that are referenced by > pointers in a VMCS. There is a general requirement that software > ensure > that each such data structure is modified only when no logical > processor > with a current VMCS that references it is in VMX non-root operation. > That requirement does not apply to the posted-interrupt descriptor. > There is a requirement, however, that such modifications be done using > locked read-modify-write instructions." > > The APIC virtual page is being modified by a CPU while a logical > processor with current VMCS that references it is in VMX non-root > operation, in fact even modifying the APIC virtual page with EOI > virtualizaton, virtual interrupt delivery, etc. What are the > requirements in this case? It should be same with posted interrupt. Software must ensure to use atomic access to virtual apic page. " Can this point be clarified? Software can or cannot access virtual APIC page while VMCS that references it is in VMX non-root operation? Because if it cannot, then it means the current code is broken and VID usage without PIR should not be allowed. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
