KVM: nSVM: split nested_vmcb_check_controls

The authoritative state does not come from the VMCB once in guest mode,
but KVM_SET_NESTED_STATE can still perform checks on L1's provided SVM
controls because we get them from userspace.

Therefore, split out a function to do them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 65ecc85..bd3a89c 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -203,26 +203,31 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
        return true;
 }
 
-static bool nested_vmcb_checks(struct vmcb *vmcb)
+static bool nested_vmcb_check_controls(struct vmcb_control_area *control)
 {
-       if ((vmcb->save.efer & EFER_SVME) == 0)
+       if ((control->intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
                return false;
 
-       if (((vmcb->save.cr0 & X86_CR0_CD) == 0) &&
-           (vmcb->save.cr0 & X86_CR0_NW))
+       if (control->asid == 0)
                return false;
 
-       if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
+       if ((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) &&
+           !npt_enabled)
                return false;
 
-       if (vmcb->control.asid == 0)
+       return true;
+}
+
+static bool nested_vmcb_checks(struct vmcb *vmcb)
+{
+       if ((vmcb->save.efer & EFER_SVME) == 0)
                return false;
 
-       if ((vmcb->control.nested_ctl & SVM_NESTED_CTL_NP_ENABLE) &&
-           !npt_enabled)
+       if (((vmcb->save.cr0 & X86_CR0_CD) == 0) &&
+           (vmcb->save.cr0 & X86_CR0_NW))
                return false;
 
-       return true;
+       return nested_vmcb_check_controls(&vmcb->control);
 }
 
 static void load_nested_vmcb_control(struct vcpu_svm *svm,