On 26.06.2024 15:04, Andrew Cooper wrote: > One final thing. > > This logic here depends on interrupts not being enabled between these > atomic actions, and entering non-root mode. > > Specifically, Xen must not service a pending delivery-notification > vector between this point and the VMEntry microcode repeating the same > scan on the PIR Descriptor. > > Getting this wrong means that we'll miss the delivery of vectors which > arrive between here and the next time something causes a > delivery-notification vector to be sent. > > However, I've got no idea how to reasonably express this with > assertions. We could in principle have a per-cpu "mustn't enable > interrupts" flag, checked in local_irq_enable/restore(), but it only > works in HVM context, and gets too messy IMO.
I agree. It's also nothing this patch changes; it was like this before already. If and when we can think of a good way of expressing it, then surely we could improve things here. Jan
