KVM: SVM: add wrappers to enable/disable IRET interception

SEV-ES guests don't use IRET interception for the detection of
an end of a NMI.

Therefore it makes sense to create a wrapper to avoid repeating
the check for the SEV-ES.

No functional change is intended.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Renamed iret intercept API of style svm_{clr,set}_iret_intercept()]
Signed-off-by: Santosh Shukla <Santosh.Shukla@amd.com>
Link: https://lore.kernel.org/r/20230227084016.3368-5-santosh.shukla@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index e347225..69ace08 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2490,16 +2490,29 @@ static int task_switch_interception(struct kvm_vcpu *vcpu)
                               has_error_code, error_code);
 }
 
+static void svm_clr_iret_intercept(struct vcpu_svm *svm)
+{
+       if (!sev_es_guest(svm->vcpu.kvm))
+               svm_clr_intercept(svm, INTERCEPT_IRET);
+}
+
+static void svm_set_iret_intercept(struct vcpu_svm *svm)
+{
+       if (!sev_es_guest(svm->vcpu.kvm))
+               svm_set_intercept(svm, INTERCEPT_IRET);
+}
+
 static int iret_interception(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
 
        ++vcpu->stat.nmi_window_exits;
        svm->awaiting_iret_completion = true;
-       if (!sev_es_guest(vcpu->kvm)) {
-               svm_clr_intercept(svm, INTERCEPT_IRET);
+
+       svm_clr_iret_intercept(svm);
+       if (!sev_es_guest(vcpu->kvm))
                svm->nmi_iret_rip = kvm_rip_read(vcpu);
-       }
+
        kvm_make_request(KVM_REQ_EVENT, vcpu);
        return 1;
 }
@@ -3508,8 +3521,7 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu)
                return;
 
        svm->nmi_masked = true;
-       if (!sev_es_guest(vcpu->kvm))
-               svm_set_intercept(svm, INTERCEPT_IRET);
+       svm_set_iret_intercept(svm);
        ++vcpu->stat.nmi_injections;
 }
 
@@ -3649,12 +3661,10 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
 
        if (masked) {
                svm->nmi_masked = true;
-               if (!sev_es_guest(vcpu->kvm))
-                       svm_set_intercept(svm, INTERCEPT_IRET);
+               svm_set_iret_intercept(svm);
        } else {
                svm->nmi_masked = false;
-               if (!sev_es_guest(vcpu->kvm))
-                       svm_clr_intercept(svm, INTERCEPT_IRET);
+               svm_clr_iret_intercept(svm);
        }
 }