KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing

Delete the IRTE link from the previous vCPU irrespective of the new
routing state, i.e. even if the IRTE won't be configured to post IRQs to a
vCPU.  Whether or not the new route is postable as no bearing on the *old*
route.  Failure to delete the link can result in KVM incorrectly updating
the IRTE, e.g. if the "old" vCPU is scheduled in/out.

Fixes: 411b44ba80ab ("svm: Implements update_pi_irte hook to setup posted interrupt")
Tested-by: Sairaj Kodilkar <sarunkod@amd.com>
Link: https://lore.kernel.org/r/20250611224604.313496-9-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index 38cdfb052a3a9727ee1376aaea887dd70d15123b..d7478a62de6327597bd553b3cac5277ae9923758 100644 (file)
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -862,6 +862,12 @@ int avic_pi_update_irte(struct kvm_kernel_irqfd *irqfd, struct kvm *kvm,
        if (!kvm_arch_has_assigned_device(kvm) || !kvm_arch_has_irq_bypass())
                return 0;
 
+       /*
+        * If the IRQ was affined to a different vCPU, remove the IRTE metadata
+        * from the *previous* vCPU's list.
+        */
+       svm_ir_list_del(irqfd);
+
        pr_debug("SVM: %s: host_irq=%#x, guest_irq=%#x, set=%#x\n",
                 __func__, host_irq, guest_irq, set);
 
@@ -884,8 +890,6 @@ int avic_pi_update_irte(struct kvm_kernel_irqfd *irqfd, struct kvm *kvm,
 
                WARN_ON_ONCE(new && memcmp(e, new, sizeof(*new)));
 
-               svm_ir_list_del(irqfd);
-
                /**
                 * Here, we setup with legacy mode in the following cases:
                 * 1. When cannot target interrupt to a specific vcpu.