KVM: SVM: Separate recalc_intercepts() into nested vs. non-nested parts

Extract the non-nested aspects of recalc_intercepts() into a separate
helper, svm_mark_intercepts_dirty(), to make it clear that the call isn't
*just* recalculating (vmcb02's) intercepts, and to not bury non-nested
code in nested.c.

As suggested by Yosry, opportunistically prepend "nested_vmbc02_" to
recalc_intercepts() so that it's obvious the function specifically deals
with recomputing intercepts for L2.

No functional change intended.

Cc: Yosry Ahmed <yosry.ahmed@linux.dev>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Link: https://patch.msgid.link/20260218230958.2877682-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index fb86f09985e7b71f6acd9702647bbd2f9b6c6f15..21ee75d6cdffa389ed53681d80e05d4c2eb9ba22 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -122,17 +122,12 @@ static bool nested_vmcb_needs_vls_intercept(struct vcpu_svm *svm)
        return false;
 }
 
-void recalc_intercepts(struct vcpu_svm *svm)
+void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm)
 {
        struct vmcb_control_area *c, *h;
        struct vmcb_ctrl_area_cached *g;
        unsigned int i;
 
-       vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS);
-
-       if (!is_guest_mode(&svm->vcpu))
-               return;
-
        vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
 
        c = &svm->vmcb->control;
@@ -962,7 +957,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm)
         * Merge guest and host intercepts - must be called with vcpu in
         * guest-mode to take effect.
         */
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static void nested_svm_copy_common_state(struct vmcb *from_vmcb, struct vmcb *to_vmcb)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 3f9c1aa39a0af5d9f1366d2a81ffd186f7db2b99..fea4a65758ad803cf8c683311562716bc8cb4e8d 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4639,7 +4639,7 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm, bool init_event)
        if (!sev_vcpu_has_debug_swap(svm)) {
                vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
                vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
-               recalc_intercepts(svm);
+               svm_mark_intercepts_dirty(svm);
        } else {
                /*
                 * Disable #DB intercept iff DebugSwap is enabled.  KVM doesn't

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5fbd87450f4fbfb2c69b7b4448b7322681e87ee7..1901e9feff51a9e8f596de64d2af62f9f900c488 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -638,7 +638,7 @@ static void set_dr_intercepts(struct vcpu_svm *svm)
        vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
        vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static void clr_dr_intercepts(struct vcpu_svm *svm)
@@ -647,7 +647,7 @@ static void clr_dr_intercepts(struct vcpu_svm *svm)
 
        vmcb->control.intercepts[INTERCEPT_DR] = 0;
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)

diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 0a5d5a4453b7e8b69440da31b8e51633c38725c8..267ef8a3359b48e7b1bb608abe1bb23307c4c6b6 100644 (file)
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -358,8 +358,6 @@ struct svm_cpu_data {
 
 DECLARE_PER_CPU(struct svm_cpu_data, svm_data);
 
-void recalc_intercepts(struct vcpu_svm *svm);
-
 static __always_inline struct kvm_svm *to_kvm_svm(struct kvm *kvm)
 {
        return container_of(kvm, struct kvm_svm, kvm);
@@ -487,6 +485,22 @@ static inline bool vmcb12_is_intercept(struct vmcb_ctrl_area_cached *control, u3
        return __vmcb_is_intercept((unsigned long *)&control->intercepts, bit);
 }
 
+void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm);
+
+static inline void svm_mark_intercepts_dirty(struct vcpu_svm *svm)
+{
+       vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS);
+
+       /*
+        * If L2 is active, recalculate the intercepts for vmcb02 to account
+        * for the changes made to vmcb01.  All intercept configuration is done
+        * for vmcb01 and then propagated to vmcb02 to combine KVM's intercepts
+        * with L1's intercepts (from the vmcb12 snapshot).
+        */
+       if (is_guest_mode(&svm->vcpu))
+               nested_vmcb02_recalc_intercepts(svm);
+}
+
 static inline void set_exception_intercept(struct vcpu_svm *svm, u32 bit)
 {
        struct vmcb *vmcb = svm->vmcb01.ptr;
@@ -494,7 +508,7 @@ static inline void set_exception_intercept(struct vcpu_svm *svm, u32 bit)
        WARN_ON_ONCE(bit >= 32);
        vmcb_set_intercept(&vmcb->control, INTERCEPT_EXCEPTION_OFFSET + bit);
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static inline void clr_exception_intercept(struct vcpu_svm *svm, u32 bit)
@@ -504,7 +518,7 @@ static inline void clr_exception_intercept(struct vcpu_svm *svm, u32 bit)
        WARN_ON_ONCE(bit >= 32);
        vmcb_clr_intercept(&vmcb->control, INTERCEPT_EXCEPTION_OFFSET + bit);
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static inline void svm_set_intercept(struct vcpu_svm *svm, int bit)
@@ -513,7 +527,7 @@ static inline void svm_set_intercept(struct vcpu_svm *svm, int bit)
 
        vmcb_set_intercept(&vmcb->control, bit);
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static inline void svm_clr_intercept(struct vcpu_svm *svm, int bit)
@@ -522,7 +536,7 @@ static inline void svm_clr_intercept(struct vcpu_svm *svm, int bit)
 
        vmcb_clr_intercept(&vmcb->control, bit);
 
-       recalc_intercepts(svm);
+       svm_mark_intercepts_dirty(svm);
 }
 
 static inline bool svm_is_intercept(struct vcpu_svm *svm, int bit)