From nobody Sun Feb 8 15:58:14 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 096FC46AEE9 for ; Thu, 22 Jan 2026 04:57:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769057881; cv=none; b=YmFdlWhkOoGSPYXQaTgn2R8bmQrnFyO4prX9YSRrqUJivYcFez8NqKF+KtIjHQxaYeB3q4T9LFhjch8P8SkTI4h2YtOwQHcuaehRqSldFjjp6f3H4H8JGvZNpznDY+vmX47ejqgVZMmQr4qiUL3/DaTTQhm1tB3lAtwNAKWn+n4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769057881; c=relaxed/simple; bh=wpXekjAzG3IL5CI+i20pupSmQcFDGu1Q1AxNefcVdag=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IOxSdAvm6DcSxTnAPIh0YA5/zzabJRhx5PkV8CR5T0o6O+Fjl4r6LxArl7jZN2DEmun0xp4FsqZHGMHat3YD5qENYFf5Gim6c+9rQd7y/lRgzSTC1fnvSTOqDfs5p0R1gPwgeQY7561Q8znzyl9W9U8LaN0t74h0Gb1l+3anJbI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jBRNNN+j; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jBRNNN+j" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-34ab8693a2cso1337247a91.0 for ; Wed, 21 Jan 2026 20:57:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769057879; x=1769662679; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=RqpPgpBkcHsc1qhgHSbUd1JkeuX4eLvTF59kcb07cTA=; b=jBRNNN+j07a2FRn+gD+4c2DqUxlVq+8DU/CSvKJ+sJIASsd/TNhjb/ZovAWJQgiVJR o2V+3jDKheJ0iFe8i//DkDDbsEjIpWyFsMVdIF8dcD5cW354/JrauGA9WRrFfAm8D6Hx DIh/ym4O6zhoODwfoVs0HXdM4+TGvWT+DAEgKzAzYXf08CA8drUHhNCrSBU+gW66nIzC W7YRirn9FlHtnXEUyMRJtLUoDgCh1op/Cmnmd7GD37gcX5CH8hyYG2yGZpzzHdqUZco3 MdCuca2GTogRTJHgCgfO/1RL0kVzXBHP8XpC/pZlcnUaPfA2JjSnCpInQkI+/mb+xx+8 BPBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769057879; x=1769662679; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RqpPgpBkcHsc1qhgHSbUd1JkeuX4eLvTF59kcb07cTA=; b=HgGG/b9ZdZ5Ix9iuy1dIBamqQn/JLTtq4e//CdgkxOS6YloekTqREEZ3znvfqgsLj0 eqZyEBbHKhoXiOIOAmqq8jqX0JQomidLWLRwnuK9HY0I+OU/xrKdwCSG4LUcqS3FKhJQ o4Ld11xovx1C7dmffmrdGeXgTcc/h/IzmK5R0Hz9wszMv5rjb5F2m+T+9lHOkw0cysCJ 0KcBYDW5d5z1iQ06o6s0EtCyKqsU48phE+hq46uW0/zVKTT6EUwcBEGsepJgcSDq/6Ey DDfLeKISBsZaHYqISADWLOmPtRoj2xNiaA23O5N9/sTEhs5y9kEHXPM0pe9iYchy0jYE lWTg== X-Forwarded-Encrypted: i=1; AJvYcCW65rVl5Ywpnk1AAAshGtN+4rW5Ky/LL7cEiB+t8d+RSS1quR0ZjF/C8FqIPLE20/VL70M4fOgh0AJ6e6o=@vger.kernel.org X-Gm-Message-State: AOJu0YwCjGapD5o5VsPJpjCwYWk6orMfiPwsZoPjQqzXfXEU729fDpjO BUieVS9nNTJowAeWqkGz/aYTtlc7ibLaa6vrZ8CukbpG6ZK3Z2xjwantn74P1NbIeRMOZ9YpzM9 wqOeY2oRMbGlNiQ== X-Received: from pjbhl15.prod.google.com ([2002:a17:90b:134f:b0:352:fb17:1f20]) (user=chengkev job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5606:b0:34a:48ff:694 with SMTP id 98e67ed59e1d1-352c40b68admr5643968a91.31.1769057879216; Wed, 21 Jan 2026 20:57:59 -0800 (PST) Date: Thu, 22 Jan 2026 04:57:50 +0000 In-Reply-To: <20260122045755.205203-1-chengkev@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260122045755.205203-1-chengkev@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260122045755.205203-2-chengkev@google.com> Subject: [PATCH V3 1/5] KVM: SVM: Move STGI and CLGI intercept handling From: Kevin Cheng To: seanjc@google.com, pbonzini@redhat.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev, Kevin Cheng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the STGI/CLGI intercept handling to svm_recalc_instruction_intercepts() in preparation for making the function EFER-aware. A later patch will recalculate instruction intercepts when EFER.SVME is toggled, which is needed to inject #UD on STGI/CLGI when the guest clears EFER.SVME. When clearing the STGI intercept with vgif enabled, request KVM_REQ_EVENT if there is a pending GIF-controlled event. This avoids breaking NMI/SMI window tracking, as enable_{nmi,smi}_window() sets INTERCEPT_STGI to detect when NMIs become unblocked. KVM_REQ_EVENT forces kvm_check_and_inject_events() to re-evaluate pending events and re-enable the intercept if needed. Extract the pending GIF event check into a helper function svm_has_pending_gif_event() to deduplicate the logic between svm_recalc_instruction_intercepts() and svm_set_gif(). Signed-off-by: Kevin Cheng --- arch/x86/kvm/svm/svm.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 24d59ccfa40d9..7a854e81b6560 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -972,6 +972,14 @@ void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu) preempt_enable(); } =20 +static bool svm_has_pending_gif_event(struct vcpu_svm *svm) +{ + return svm->vcpu.arch.smi_pending || + svm->vcpu.arch.nmi_pending || + kvm_cpu_has_injectable_intr(&svm->vcpu) || + kvm_apic_has_pending_init_or_sipi(&svm->vcpu); +} + /* Evaluate instruction intercepts that depend on guest CPUID features. */ static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu) { @@ -1010,6 +1018,20 @@ static void svm_recalc_instruction_intercepts(struct= kvm_vcpu *vcpu) svm_clr_intercept(svm, INTERCEPT_VMSAVE); svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } + + if (vgif) { + /* + * If there is a pending interrupt controlled by GIF, set + * KVM_REQ_EVENT to re-evaluate if the intercept needs to be set + * again to track when GIF is re-enabled (e.g. for NMI + * injection). + */ + svm_clr_intercept(svm, INTERCEPT_STGI); + if (svm_has_pending_gif_event(svm)) + kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); + + svm_clr_intercept(svm, INTERCEPT_CLGI); + } } } =20 @@ -1147,11 +1169,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu, bool in= it_event) if (vnmi) svm->vmcb->control.int_ctl |=3D V_NMI_ENABLE_MASK; =20 - if (vgif) { - svm_clr_intercept(svm, INTERCEPT_STGI); - svm_clr_intercept(svm, INTERCEPT_CLGI); + if (vgif) svm->vmcb->control.int_ctl |=3D V_GIF_ENABLE_MASK; - } =20 if (vcpu->kvm->arch.bus_lock_detection_enabled) svm_set_intercept(svm, INTERCEPT_BUSLOCK); @@ -2247,10 +2266,7 @@ void svm_set_gif(struct vcpu_svm *svm, bool value) svm_clear_vintr(svm); =20 enable_gif(svm); - if (svm->vcpu.arch.smi_pending || - svm->vcpu.arch.nmi_pending || - kvm_cpu_has_injectable_intr(&svm->vcpu) || - kvm_apic_has_pending_init_or_sipi(&svm->vcpu)) + if (svm_has_pending_gif_event(svm)) kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); } else { disable_gif(svm); --=20 2.52.0.457.g6b5491de43-goog