@@ -776,11 +776,6 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
return vmexit;
}
-static bool nested_exit_on_nmi(struct vcpu_svm *svm)
-{
- return (svm->nested.intercept & (1ULL << INTERCEPT_NMI));
-}
-
static void nested_svm_nmi(struct vcpu_svm *svm)
{
svm->vmcb->control.exit_code = SVM_EXIT_NMI;
@@ -3068,6 +3068,9 @@ static bool svm_nmi_allowed(struct kvm_vcpu *vcpu)
struct vmcb *vmcb = svm->vmcb;
bool ret;
+ if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
+ return true;
+
ret = !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
!(svm->vcpu.arch.hflags & HF_NMI_MASK);
ret = ret && gif_set(svm);
@@ -378,6 +378,11 @@ static inline bool svm_nested_virtualize_tpr(struct kvm_vcpu *vcpu)
return is_guest_mode(vcpu) && (vcpu->arch.hflags & HF_VINTR_MASK);
}
+static inline bool nested_exit_on_nmi(struct vcpu_svm *svm)
+{
+ return (svm->nested.intercept & (1ULL << INTERCEPT_NMI));
+}
+
void enter_svm_guest_mode(struct vcpu_svm *svm, u64 vmcb_gpa,
struct vmcb *nested_vmcb, struct kvm_host_map *map);
int nested_svm_vmrun(struct vcpu_svm *svm);
Report NMIs as allowed when the vCPU is in L2 and L2 is being run with Exit-on-NMI enabled, as NMIs are always unblocked from L1's perspective in this case. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- arch/x86/kvm/svm/nested.c | 5 ----- arch/x86/kvm/svm/svm.c | 3 +++ arch/x86/kvm/svm/svm.h | 5 +++++ 3 files changed, 8 insertions(+), 5 deletions(-)