From nobody Wed Apr 15 16:31:01 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 917062F659F
	for <linux-kernel@vger.kernel.org>; Wed,  4 Mar 2026 00:30:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772584215; cv=none;
 b=ZI/Gf1hho4svZUmyoUzMVY0FLJrh1RP+Co3ryhxI75d0Owur+kYqAGlmEuOXqWtRL2qB2EnO9wiV6tlG9+78JY+TIGw8+st75iHdUP4j6q5YdX//MI4a1wyqOMyNTS3Tq0r/gkqMsEhS/h2hwdwox1Fgtg46aIH4nsRoIY7wtDg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772584215; c=relaxed/simple;
	bh=ccMqsZsH0pOqdPvh+M4o4tLZ05ryk2Pk3IVrCCxCeo4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=dZIjEr4zHBQpP7PYlGsDkGOVLJ+3Catd8qeooc/06AdBYJyJgSJFRhm4eFt9gZLXUVXnIzenq2cQXbells1MFTWtjC/shLMFHnoQAH9q9L4e4KphLQzBBWpXF0A8Od4/1h3TPOXxEpUBbXktgQoOkFBD9d5t/ZGRUiMGC9PWeGI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=YAmlabUg; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="YAmlabUg"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-359887aece0so3176991a91.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 03 Mar 2026 16:30:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1772584214; x=1773189014;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Dq1B0TYlqPwxiWVLtbESTI9zQiKluvKfUnpH6I/C/Wk=;
        b=YAmlabUgyrGlGEIEWdFPJCZ1mbY4gQW9Y/IPgjGzBTPRxW3CbyfAb+l91mGtYRg8iH
         0hBhmjUv6iZOuk/v2jguwX5OLtJFiu3LiPExmEWJHspsuk0sXcCEpHJE5oZrKUkCwkwW
         MiUVNgu6qxDjcI4zXNRohWz+lEj3Kas70cRHUmWMFuRccjf3mJBalb0uJ1saPrcNxKYV
         9y9FgQzLedYktumIf+J+8VNDNfR5yri7zKIwqeMdBdEsOJvLaQQe9PIa3CHrKrp0k3Uf
         8BgT5UsWyNdKwbZkis3vuxx8WgaqNjELYUIjWLZ7DciL/yEFsFF887XYmZVTeGMu5s0q
         toOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772584214; x=1773189014;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Dq1B0TYlqPwxiWVLtbESTI9zQiKluvKfUnpH6I/C/Wk=;
        b=Q3bJd5yFQH35sQ5eWTXaRUVBCMHWc9ED6hYD5lBbUIE1x64/cofSYUpz9TmKOpzBKV
         JgS4s7NNL+Hokg+faalvOYBNYHRPvNAqmrnxDvYrBDV5TH4wzu1eIKlxEhqdGTZRuNdN
         0QdvpGmsIh9V4VMuDKqIlNtVavIfJ1Mbi8HavQcSn5VYPffMBcKGGZREvgelS6bn3aiS
         dBjDIw9DK0ABH1Vt4U632yJx5vyadLUgWtjiSVwP9OmI9CYNlYeDPA++Qgv4yNtsXGyR
         /rokodTd42Pty2r+czzz+eSJeLOhrJvNmUPYfI4opu1cO6D+7ON20hrlHOYWsxgGKtOT
         72lg==
X-Forwarded-Encrypted: i=1;
 AJvYcCX+3pKq4rxDZQ7YpJ4wIEaen1RsvbQqoiHXWsTwqTNWg8PneznZvMYshjrzFubx+658eDvMkXT20Ioq1BY=@vger.kernel.org
X-Gm-Message-State: AOJu0YxV9dMtjPt++uJxui1HAZpOMs5reSQK2zO1VFVqjHEEAmq9m2p4
	gIYAkdZreDj3nwjmlVH2jQ3WJm9TTh207WNH55hA5SV7GTzaerwg/X+BL0TUtpzlv4kFEc6PF3L
	caPoQ0Q==
X-Received: from pjbms20.prod.google.com
 ([2002:a17:90b:2354:b0:359:8d4a:7276])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1344:b0:359:8e59:16e6
 with SMTP id 98e67ed59e1d1-359a6a9f792mr190498a91.32.1772584213821; Tue, 03
 Mar 2026 16:30:13 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue,  3 Mar 2026 16:30:09 -0800
In-Reply-To: <20260304003010.1108257-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260304003010.1108257-1-seanjc@google.com>
X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog
Message-ID: <20260304003010.1108257-2-seanjc@google.com>
Subject: [PATCH v5 1/2] KVM: SVM: Move STGI and CLGI intercept handling
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Kevin Cheng <chengkev@google.com>

Move STGI/CLGI intercept handling to svm_recalc_instruction_intercepts()
in preparation for making the function EFER.SVME-aware.  This will allow
configuring STGI/CLGI intercepts along with other intercepts for other SVM
instructions when EFER.SVME is toggled (KVM needs to intercept SVM
instructions when EFER.SVME=3D0 to inject #UD).

When clearing the STGI intercept in particular, request KVM_REQ_EVENT if
there is at least one a pending GIF-controlled event. This avoids breaking
NMI/SMI window tracking, as enable_{nmi,smi}_window() sets INTERCEPT_STGI
to detect when NMIs become unblocked. KVM_REQ_EVENT forces
kvm_check_and_inject_events() to re-evaluate pending events and re-enable
the intercept if needed.

Extract the pending GIF event check into a helper function
svm_has_pending_gif_event() to deduplicate the logic between
svm_recalc_instruction_intercepts() and svm_set_gif().

Signed-off-by: Kevin Cheng <chengkev@google.com>
[sean: keep vgif handling out of the "Intel CPU model" path]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Yosry Ahmed <yosry@kernel.org>
---
 arch/x86/kvm/svm/svm.c | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 8f8bc863e214..5975a1e14ac9 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1009,6 +1009,14 @@ void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu)
 	preempt_enable();
 }
=20
+static bool svm_has_pending_gif_event(struct vcpu_svm *svm)
+{
+	return svm->vcpu.arch.smi_pending ||
+	       svm->vcpu.arch.nmi_pending ||
+	       kvm_cpu_has_injectable_intr(&svm->vcpu) ||
+	       kvm_apic_has_pending_init_or_sipi(&svm->vcpu);
+}
+
 /* Evaluate instruction intercepts that depend on guest CPUID features. */
 static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu)
 {
@@ -1052,6 +1060,20 @@ static void svm_recalc_instruction_intercepts(struct=
 kvm_vcpu *vcpu)
 		}
 	}
=20
+	if (vgif) {
+		svm_clr_intercept(svm, INTERCEPT_STGI);
+		svm_clr_intercept(svm, INTERCEPT_CLGI);
+
+		/*
+		 * Process pending events when clearing STGI/CLGI intercepts if
+		 * there's at least one pending event that is masked by GIF, so
+		 * that KVM re-evaluates if the intercept needs to be set again
+		 * to track when GIF is re-enabled (e.g. for NMI injection).
+		 */
+		if (svm_has_pending_gif_event(svm))
+			kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
+	}
+
 	if (kvm_need_rdpmc_intercept(vcpu))
 		svm_set_intercept(svm, INTERCEPT_RDPMC);
 	else
@@ -1195,11 +1217,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu, bool in=
it_event)
 	if (vnmi)
 		svm->vmcb->control.int_ctl |=3D V_NMI_ENABLE_MASK;
=20
-	if (vgif) {
-		svm_clr_intercept(svm, INTERCEPT_STGI);
-		svm_clr_intercept(svm, INTERCEPT_CLGI);
+	if (vgif)
 		svm->vmcb->control.int_ctl |=3D V_GIF_ENABLE_MASK;
-	}
=20
 	if (vls)
 		svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
@@ -2320,10 +2339,7 @@ void svm_set_gif(struct vcpu_svm *svm, bool value)
 			svm_clear_vintr(svm);
=20
 		enable_gif(svm);
-		if (svm->vcpu.arch.smi_pending ||
-		    svm->vcpu.arch.nmi_pending ||
-		    kvm_cpu_has_injectable_intr(&svm->vcpu) ||
-		    kvm_apic_has_pending_init_or_sipi(&svm->vcpu))
+		if (svm_has_pending_gif_event(svm))
 			kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
 	} else {
 		disable_gif(svm);
--=20
2.53.0.473.g4a7958ca14-goog
From nobody Wed Apr 15 16:31:01 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B0613016F2
	for <linux-kernel@vger.kernel.org>; Wed,  4 Mar 2026 00:30:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772584221; cv=none;
 b=cIsANvCAcp8ZTTeWzGlQ9w0G89qmisPv7RePPGaSxJ+J46j+0QgCYCdJzQPLr6XCAMx89mwaNsbSa6ZRwUGkeQLwYBDMoroXrj/uGuBJ94jZlJjV34jYOgubXpx59jrCRe9iHWiqd+ovsUmyn5sMnriZ1fZu4lTvem36V0vD/9c=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772584221; c=relaxed/simple;
	bh=gj5RrXvjF9gGzH/8mhVzBo2MAAP1PcFar51lLz5JUCo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=iMjf2e9oIJPHAKWXqpvdeU4S38tG/gv5mtVanUwA4jbUoTkEnBSKFq4AjN8zuSpyvPb4X7vM4wOXLl3KLBp7PKp3qhedBOtJmtRhBuRP6qOTugf0Ey/uSub1l6TK4oFbjvAV48A3iSBGEI5KzccQk3lJwROyAtCs53PuSO+tcoc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=OZLN+mrW; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="OZLN+mrW"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-35842aa350fso28481654a91.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 03 Mar 2026 16:30:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1772584216; x=1773189016;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=IjLyd2RWGNGV5RqBT9JABbG50LnPdxLHn8xgFqmPo6c=;
        b=OZLN+mrWvs3FfrKwMl0U7RTi4J445jkh8sHIvoclDKUNCg6Sre40xGfxAlhkaNGC0C
         PJ4ych7se+BlbTPwSWbi/HbLoJIyJoh+nngNi1DhQ+6fkx1beezlrm3Q7tX79wT3i2bD
         ScbcKyE6VqK4prFzRRBBjKyFbkzLwzEAVBS42Q/dX6RUcguCq2bUVFqf9bOxXAqLNN7E
         FZetMQQfHPXuOYUS6WoiN41VrTflLYcbOh9B/aGbR2/WrTqXIiTlqur4Rs6Vu7prblEY
         tiYt+s8dN0uji+1ZR+6R2D5KtnSUClLE7bIOZiNO0YlbPBuV6LNbRppferWp3A+Ez89m
         Rv6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772584216; x=1773189016;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IjLyd2RWGNGV5RqBT9JABbG50LnPdxLHn8xgFqmPo6c=;
        b=ugoWwOpcF+59H0nFIqoRb196kXac4QPubZQhTtLXo1E+JcQFbfYaxgfCcYHfmrg+aa
         pqvgPKSjNbb2PSkcg805WYBGTdSl48cpU3VziJSyQSZZNxHv5hwkpw6FVI4BL4sv+pII
         AKw1IJcPSX+VGaCFv26rMETwvK/6mW1R0y4Q/ezSpjvucCqFPUedRs6hC+GDQjXC47UZ
         gplTOGK0c9S0XSCugQVQ7w4SdH4H3LVbVGC6cIVZKMlOOog9OkJxzZrbZUZAWpWOo2Zo
         IVRxFgTe1BVqb4yW2saOUOQiSUA2L+ZEDhzk7uHc32P4Bi1DEivUrJEDRDhBMPdL6Ki2
         5b5A==
X-Forwarded-Encrypted: i=1;
 AJvYcCXhPnuFUd8KR6mATFHT8YoYdTFviMTqvmDQgDLT+M1p3/OCZmlQL1aCwsATcLuZn8sLVX+mrpKZ8WxdctY=@vger.kernel.org
X-Gm-Message-State: AOJu0YzLCMl00uRETwdoX5QXfvqZs2MrA/eQ9GVNnznAM+HcwkJZNmYb
	4zhMdFFzyQpTnUQDZyMBfLmTQ7bAbWrmopPjPBaRqKVBazSe51AmY7hf5ipJlD4RKduV9pWUtOz
	npsG+pA==
X-Received: from pjbrs4.prod.google.com ([2002:a17:90b:2b84:b0:359:9111:25a5])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1643:b0:356:24f0:af0c
 with SMTP id 98e67ed59e1d1-359a6a4d3famr310677a91.17.1772584215513; Tue, 03
 Mar 2026 16:30:15 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue,  3 Mar 2026 16:30:10 -0800
In-Reply-To: <20260304003010.1108257-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260304003010.1108257-1-seanjc@google.com>
X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog
Message-ID: <20260304003010.1108257-3-seanjc@google.com>
Subject: [PATCH v5 2/2] KVM: SVM: Recalc instructions intercepts when
 EFER.SVME is toggled
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Kevin Cheng <chengkev@google.com>

The AMD APM states that VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, and
INVLPGA instructions should generate a #UD when EFER.SVME is cleared.
Currently, when VMLOAD, VMSAVE, or CLGI are executed in L1 with
EFER.SVME cleared, no #UD is generated in certain cases. This is because
the intercepts for these instructions are cleared based on whether or
not vls or vgif is enabled. The #UD fails to be generated when the
intercepts are absent.

Fix the missing #UD generation by ensuring that all relevant
instructions have intercepts set when SVME.EFER is disabled.

VMMCALL is special because KVM's ABI is that VMCALL/VMMCALL are always
supported for L1 and never fault.

Signed-off-by: Kevin Cheng <chengkev@google.com>
[sean: isolate Intel CPU "compatibility" in EFER.SVME=3D1 path]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Yosry Ahmed <yosry@kernel.org>
---
 arch/x86/kvm/svm/svm.c | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5975a1e14ac9..07b595487caf 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -244,6 +244,8 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
 			if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
 				set_exception_intercept(svm, GP_VECTOR);
 		}
+
+		kvm_make_request(KVM_REQ_RECALC_INTERCEPTS, vcpu);
 	}
=20
 	svm->vmcb->save.efer =3D efer | EFER_SVME;
@@ -1042,27 +1044,31 @@ static void svm_recalc_instruction_intercepts(struc=
t kvm_vcpu *vcpu)
 	}
=20
 	/*
-	 * No need to toggle VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK here, it is
-	 * always set if vls is enabled. If the intercepts are set, the bit is
-	 * meaningless anyway.
+	 * Intercept instructions that #UD if EFER.SVME=3D0, as SVME must be set
+	 * even when running the guest, i.e. hardware will only ever see
+	 * EFER.SVME=3D1.
+	 *
+	 * No need to toggle any of the vgif/vls/etc. enable bits here, as they
+	 * are set when the VMCB is initialized and never cleared (if the
+	 * relevant intercepts are set, the enablements are meaningless anyway).
 	 */
-	if (guest_cpuid_is_intel_compatible(vcpu)) {
+	if (!(vcpu->arch.efer & EFER_SVME)) {
 		svm_set_intercept(svm, INTERCEPT_VMLOAD);
 		svm_set_intercept(svm, INTERCEPT_VMSAVE);
+		svm_set_intercept(svm, INTERCEPT_CLGI);
+		svm_set_intercept(svm, INTERCEPT_STGI);
 	} else {
 		/*
 		 * If hardware supports Virtual VMLOAD VMSAVE then enable it
 		 * in VMCB and clear intercepts to avoid #VMEXIT.
 		 */
-		if (vls) {
+		if (guest_cpuid_is_intel_compatible(vcpu)) {
+			svm_set_intercept(svm, INTERCEPT_VMLOAD);
+			svm_set_intercept(svm, INTERCEPT_VMSAVE);
+		} else if (vls) {
 			svm_clr_intercept(svm, INTERCEPT_VMLOAD);
 			svm_clr_intercept(svm, INTERCEPT_VMSAVE);
 		}
-	}
-
-	if (vgif) {
-		svm_clr_intercept(svm, INTERCEPT_STGI);
-		svm_clr_intercept(svm, INTERCEPT_CLGI);
=20
 		/*
 		 * Process pending events when clearing STGI/CLGI intercepts if
@@ -1070,8 +1076,13 @@ static void svm_recalc_instruction_intercepts(struct=
 kvm_vcpu *vcpu)
 		 * that KVM re-evaluates if the intercept needs to be set again
 		 * to track when GIF is re-enabled (e.g. for NMI injection).
 		 */
-		if (svm_has_pending_gif_event(svm))
-			kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
+		if (vgif) {
+			svm_clr_intercept(svm, INTERCEPT_CLGI);
+			svm_clr_intercept(svm, INTERCEPT_STGI);
+
+			if (svm_has_pending_gif_event(svm))
+				kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
+		}
 	}
=20
 	if (kvm_need_rdpmc_intercept(vcpu))
--=20
2.53.0.473.g4a7958ca14-goog