@@ -102,6 +102,9 @@ struct nested_state {
u32 intercept_exceptions;
u64 intercept;
+ /* Mask of relevant host intercepts for recalculation */
+ u32 intercept_cr_mask;
+
/* Nested Paging related state */
u64 nested_cr3;
@@ -250,10 +253,11 @@ static void recalc_intercepts(struct vcpu_svm *svm)
h = &svm->host_vmcb->control;
g = &svm->nested;
- c->intercept_cr = h->intercept_cr | g->intercept_cr;
+ c->intercept_cr = (h->intercept_cr & g->intercept_cr_mask) |
+ g->intercept_cr;
c->intercept_dr = h->intercept_dr | g->intercept_dr;
c->intercept_exceptions = h->intercept_exceptions | g->intercept_exceptions;
- c->intercept = h->intercept | g->intercept;
+ c->intercept = (h->intercept & ~(INTERCEPT_VMMCALL)) | g->intercept;
}
static inline void set_cr_intercept(struct vcpu_svm *svm, int bit)
@@ -2376,13 +2380,12 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
svm->vcpu.arch.hflags |= HF_VINTR_MASK;
/* We only want the cr8 intercept bits of the guest */
- clr_cr_intercept(svm, INTERCEPT_CR8_READ);
- clr_cr_intercept(svm, INTERCEPT_CR8_WRITE);
+ svm->nested.intercept_cr_mask = ~(INTERCEPT_CR8_READ |
+ INTERCEPT_CR8_WRITE);
+ } else {
+ svm->nested.intercept_cr_mask = 0ULL;
}
- /* We don't want to see VMMCALLs from a nested guest */
- clr_intercept(svm, INTERCEPT_VMMCALL);
-
if (nested_vmcb->control.nested_ctl) {
kvm_mmu_unload(&svm->vcpu);
svm->nested.nested_cr3 = nested_vmcb->control.nested_cr3;
Rather than changing the host intercepts in nested_svm_vmrun, mask the intercepts we only want to see from the guest out in recalc_intercepts. Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> --- arch/x86/kvm/svm.c | 17 ++++++++++------- 1 files changed, 10 insertions(+), 7 deletions(-)