KVM: nSVM: Report interrupts as allowed when in L2 and exit-on-interrupt is set

Report interrupts as allowed when the vCPU is in L2 and L2 is being run with
exit-on-interrupts enabled and EFLAGS.IF=1 (either on the host or on the guest
according to VINTR).  Interrupts are always unblocked from L1's perspective
in this case.

While moving nested_exit_on_intr to svm.h, use INTERCEPT_INTR properly instead
of assuming it's zero (which it is of course).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index aaec6d0aa701166361d65030e0c23464c40fe876..9c813e08e2cf6e7df0a39b7c09e15e9e2e9bfd12 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -828,11 +828,6 @@ static void nested_svm_intr(struct vcpu_svm *svm)
        nested_svm_vmexit(svm);
 }
 
-static bool nested_exit_on_intr(struct vcpu_svm *svm)
-{
-       return (svm->nested.intercept & 1ULL);
-}
-
 static int svm_check_nested_events(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5738be661a1fc92e147a0e9e91412ffde659287a..fba8bdcfed0e94dec5bfaa82e655cee272267dea 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3117,14 +3117,25 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
        struct vcpu_svm *svm = to_svm(vcpu);
        struct vmcb *vmcb = svm->vmcb;
 
-       if (!gif_set(svm) ||
-            (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
+       if (!gif_set(svm))
                return true;
 
-       if (is_guest_mode(vcpu) && (svm->vcpu.arch.hflags & HF_VINTR_MASK))
-               return !(svm->vcpu.arch.hflags & HF_HIF_MASK);
-       else
-               return !(kvm_get_rflags(vcpu) & X86_EFLAGS_IF);
+       if (is_guest_mode(vcpu)) {
+               /* As long as interrupts are being delivered...  */
+               if ((svm->vcpu.arch.hflags & HF_VINTR_MASK)
+                   ? !(svm->vcpu.arch.hflags & HF_HIF_MASK)
+                   : !(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
+                       return true;
+
+               /* ... vmexits aren't blocked by the interrupt shadow  */
+               if (nested_exit_on_intr(svm))
+                       return false;
+       } else {
+               if (!(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
+                       return true;
+       }
+
+       return (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK);
 }
 
 static bool svm_interrupt_allowed(struct kvm_vcpu *vcpu)

diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index f6d604b72a4c559b8c3cd20c4fd0ecc809a8efad..5cc559ab862df1770a739fff2e24854f72a092ce 100644 (file)
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -386,6 +386,11 @@ static inline bool nested_exit_on_smi(struct vcpu_svm *svm)
        return (svm->nested.intercept & (1ULL << INTERCEPT_SMI));
 }
 
+static inline bool nested_exit_on_intr(struct vcpu_svm *svm)
+{
+       return (svm->nested.intercept & (1ULL << INTERCEPT_INTR));
+}
+
 static inline bool nested_exit_on_nmi(struct vcpu_svm *svm)
 {
        return (svm->nested.intercept & (1ULL << INTERCEPT_NMI));