From: Li RongQing When reconstructing a temporary IRQ state from the historical/old IOAPIC redirection table configuration in ioapic_write_indirect(), the code previously assigned 'irq.dest_id' from 'old_dest_id', but incorrectly queried the live/new 'e->fields.dest_mode' to populate 'irq.dest_mode'. Mixing the old destination ID with the new destination mode creates an inconsistent, hybrid IRQ state. This discrepancy leads to an incorrect vCPU bitmap calculation via kvm_bitmap_or_dest_vcpus(), causing subsequent interrupt routing updates (such as RTC interrupt handling) to target the wrong set of virtual processors if both fields were modified simultaneously. Fix this by using 'old_dest_mode' consistently alongside 'old_dest_id' to ensure the historical IRQ structure is reconstructed accurately. Fixes: c96001c5702e ("KVM: X86: Use APIC_DEST_* macros properly in kvm_lapic_irq.dest_mode") Signed-off-by: Li RongQing --- arch/x86/kvm/ioapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c index eed96ff..f3f4a48 100644 --- a/arch/x86/kvm/ioapic.c +++ b/arch/x86/kvm/ioapic.c @@ -441,7 +441,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val) irq.dest_id = old_dest_id; irq.dest_mode = kvm_lapic_irq_dest_mode( - !!e->fields.dest_mode); + !!old_dest_mode); kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq, vcpu_bitmap); } -- 2.9.4