From: Li RongQing <lirongqing@baidu.com>
Date: Thu, 28 May 2026 03:16:24 +0000 (-0400)
Subject: KVM: x86: ioapic: Use old_dest_mode consistently in ioapic_write_indirect()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=555aa0e83b16b55f47f1940f89ae30595de4f414;p=thirdparty%2Fkernel%2Flinux.git

KVM: x86: ioapic: Use old_dest_mode consistently in ioapic_write_indirect()

When reconstructing a temporary IRQ state from the historical/old IOAPIC
redirection table configuration in ioapic_write_indirect(), the code
previously assigned 'irq.dest_id' from 'old_dest_id', but incorrectly
queried the live/new 'e->fields.dest_mode' to populate 'irq.dest_mode'.

Mixing the old destination ID with the new destination mode creates an
inconsistent, hybrid IRQ state. This discrepancy leads to an incorrect
vCPU bitmap calculation via kvm_bitmap_or_dest_vcpus(), causing subsequent
interrupt routing updates (such as RTC interrupt handling) to target the
wrong set of virtual processors if both fields were modified simultaneously.

Fix this by using 'old_dest_mode' consistently alongside 'old_dest_id' to
ensure the historical IRQ structure is reconstructed accurately.

Fixes: c96001c5702e ("KVM: X86: Use APIC_DEST_* macros properly in kvm_lapic_irq.dest_mode")
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Link: https://patch.msgid.link/20260528031624.1929-1-lirongqing@baidu.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
---

diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index eed96ff6e722..f3f4a483ca15 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -441,7 +441,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
 				irq.dest_id = old_dest_id;
 				irq.dest_mode =
 				    kvm_lapic_irq_dest_mode(
-					!!e->fields.dest_mode);
+					!!old_dest_mode);
 				kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
 							 vcpu_bitmap);
 			}