1 files changed, 22 insertions, 0 deletions

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f910d33858d9..533a327372c8 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -12537,8 +12537,11 @@ static int enter_vmx_non_root_mode(struct kvm_vcpu *vcpu, u32 *exit_qual)
         struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
         bool from_vmentry = !!exit_qual;
         u32 dummy_exit_qual;
+        u32 vmcs01_cpu_exec_ctrl;
         int r = 0;
 
+        vmcs01_cpu_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
+
         enter_guest_mode(vcpu);
 
         if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
@@ -12575,6 +12578,25 @@ static int enter_vmx_non_root_mode(struct kvm_vcpu *vcpu, u32 *exit_qual)
         }
 
         /*
+         * If L1 had a pending IRQ/NMI until it executed
+         * VMLAUNCH/VMRESUME which wasn't delivered because it was
+         * disallowed (e.g. interrupts disabled), L0 needs to
+         * evaluate if this pending event should cause an exit from L2
+         * to L1 or delivered directly to L2 (e.g. In case L1 don't
+         * intercept EXTERNAL_INTERRUPT).
+         *
+         * Usually this would be handled by L0 requesting a
+         * IRQ/NMI window by setting VMCS accordingly. However,
+         * this setting was done on VMCS01 and now VMCS02 is active
+         * instead. Thus, we force L0 to perform pending event
+         * evaluation by requesting a KVM_REQ_EVENT.
+         */
+        if (vmcs01_cpu_exec_ctrl &
+                (CPU_BASED_VIRTUAL_INTR_PENDING | CPU_BASED_VIRTUAL_NMI_PENDING)) {
+                kvm_make_request(KVM_REQ_EVENT, vcpu);
+        }
+
+        /*
          * Note no nested_vmx_succeed or nested_vmx_fail here. At this point
          * we are no longer running L1, and VMLAUNCH/VMRESUME has not yet
          * returned as far as L1 is concerned. It will only return (and set