KVM: VMX: require virtual NMI support

	int vpid;

	bool emulation_required;

	/* Support for vnmi-less CPUs */

	int soft_vnmi_blocked;

	ktime_t entry_time;

	s64 vnmi_blocked_time;

	u32 exit_reason;

	/* Posted interrupt descriptor */

		SECONDARY_EXEC_ENABLE_INVPCID;

}

static inline bool cpu_has_virtual_nmis(void)

{

	return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS;

}

static inline bool cpu_has_vmx_wbinvd_exit(void)

{

	return vmcs_config.cpu_based_2nd_exec_ctrl &

				&_vmexit_control) < 0)

		return -EIO;

	min = PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING;

	opt = PIN_BASED_VIRTUAL_NMIS | PIN_BASED_POSTED_INTR |

		 PIN_BASED_VMX_PREEMPTION_TIMER;

	min = PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING |

		PIN_BASED_VIRTUAL_NMIS;

	opt = PIN_BASED_POSTED_INTR | PIN_BASED_VMX_PREEMPTION_TIMER;

	if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PINBASED_CTLS,

				&_pin_based_exec_control) < 0)

		return -EIO;

	vmx->rmode.vm86_active = 0;

	vmx->soft_vnmi_blocked = 0;

	vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();

	kvm_set_cr8(vcpu, 0);

static void enable_nmi_window(struct kvm_vcpu *vcpu)

{

	if (!cpu_has_virtual_nmis() ||

	    vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {

	if (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {

		enable_irq_window(vcpu);

		return;

	}

	struct vcpu_vmx *vmx = to_vmx(vcpu);

	if (!is_guest_mode(vcpu)) {

		if (!cpu_has_virtual_nmis()) {

			/*

			 * Tracking the NMI-blocked state in software is built upon

			 * finding the next open IRQ window. This, in turn, depends on

			 * well-behaving guests: They have to keep IRQs disabled at

			 * least as long as the NMI handler runs. Otherwise we may

			 * cause NMI nesting, maybe breaking the guest. But as this is

			 * highly unlikely, we can live with the residual risk.

			 */

			vmx->soft_vnmi_blocked = 1;

			vmx->vnmi_blocked_time = 0;

		}

		++vcpu->stat.nmi_injections;

		vmx->nmi_known_unmasked = false;

	}

static bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)

{

	if (!cpu_has_virtual_nmis())

		return to_vmx(vcpu)->soft_vnmi_blocked;

	if (to_vmx(vcpu)->nmi_known_unmasked)

		return false;

	return vmcs_read32(GUEST_INTERRUPTIBILITY_INFO)	& GUEST_INTR_STATE_NMI;

{

	struct vcpu_vmx *vmx = to_vmx(vcpu);

	if (!cpu_has_virtual_nmis()) {

		if (vmx->soft_vnmi_blocked != masked) {

			vmx->soft_vnmi_blocked = masked;

			vmx->vnmi_blocked_time = 0;

		}

	} else {

	vmx->nmi_known_unmasked = !masked;

	if (masked)

		vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,

		vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,

				GUEST_INTR_STATE_NMI);

}

}

static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)

{

	if (to_vmx(vcpu)->nested.nested_run_pending)

		return 0;

	if (!cpu_has_virtual_nmis() && to_vmx(vcpu)->soft_vnmi_blocked)

		return 0;

	return	!(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &

		  (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI

		   | GUEST_INTR_STATE_NMI));

	 * AAK134, BY25.

	 */

	if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&

			cpu_has_virtual_nmis() &&

			(exit_qualification & INTR_INFO_UNBLOCK_NMI))

		vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);

	 * "blocked by NMI" bit has to be set before next VM entry.

	 */

	if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&

			cpu_has_virtual_nmis() &&

			(exit_qualification & INTR_INFO_UNBLOCK_NMI))

		vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,

				GUEST_INTR_STATE_NMI);

		return 0;

	}

	if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked &&

	    !(is_guest_mode(vcpu) && nested_cpu_has_virtual_nmis(

					get_vmcs12(vcpu))))) {

		if (vmx_interrupt_allowed(vcpu)) {

			vmx->soft_vnmi_blocked = 0;

		} else if (vmx->vnmi_blocked_time > 1000000000LL &&

			   vcpu->arch.nmi_pending) {

			/*

			 * This CPU don't support us in finding the end of an

			 * NMI-blocked window if the guest runs with IRQs

			 * disabled. So we pull the trigger after 1 s of

			 * futile waiting, but inform the user about this.

			 */

			printk(KERN_WARNING "%s: Breaking out of NMI-blocked "

			       "state on VCPU %d after 1 s timeout\n",

			       __func__, vcpu->vcpu_id);

			vmx->soft_vnmi_blocked = 0;

		}

	}

	if (exit_reason < kvm_vmx_max_exit_handlers

	    && kvm_vmx_exit_handlers[exit_reason])

		return kvm_vmx_exit_handlers[exit_reason](vcpu);

	idtv_info_valid = vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK;

	if (cpu_has_virtual_nmis()) {

	if (vmx->nmi_known_unmasked)

		return;

	/*

		vmx->nmi_known_unmasked =

			!(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO)

			  & GUEST_INTR_STATE_NMI);

	} else if (unlikely(vmx->soft_vnmi_blocked))

		vmx->vnmi_blocked_time +=

			ktime_to_ns(ktime_sub(ktime_get(), vmx->entry_time));

}

static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu,

	struct vcpu_vmx *vmx = to_vmx(vcpu);

	unsigned long debugctlmsr, cr4;

	/* Record the guest's net vcpu time for enforced NMI injections. */

	if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))

		vmx->entry_time = ktime_get();

	/* Don't enter VMX if guest state is invalid, let the exit handler

	   start emulation until we arrive back to a valid state */

	if (vmx->emulation_required)