On Mon, Sep 04, 2023 at 03:40:46PM +0200, Jan Beulich wrote: > On 31.08.2023 12:57, Roger Pau Monné wrote: > > On Thu, Aug 31, 2023 at 12:42:58PM +0200, Roger Pau Monné wrote: > >> On Fri, Oct 12, 2018 at 09:58:46AM -0600, Jan Beulich wrote: > >>> First of all, hvm_intsrc_mce was not considered here at all, yet nothing > >>> blocks #MC (other than an already in-progress #MC, but dealing with this > >>> is not the purpose of this patch). > >>> > >>> Additionally STI-shadow only blocks maskable interrupts, but not NMI. > >> > >> I've found the Table 25-3 on Intel SDM vol3 quite helpful: > >> > >> "Execution of STI with RFLAGS.IF = 0 blocks maskable interrupts on the > >> instruction boundary following its execution.1 Setting this bit > >> indicates that this blocking is in effect." > >> > >> And: > >> > >> "Execution of a MOV to SS or a POP to SS blocks or suppresses certain > >> debug exceptions as well as interrupts (maskable and nonmaskable) on > >> the instruction boundary following its execution." > >> > >> Might be worth adding to the commit message IMO. > > > > So I've found a further footnote that contains: > > > > "Nonmaskable interrupts and system-management interrupts may also be > > inhibited on the instruction boundary following such an execution of > > STI." > > > > So we want to take the more restrictive implementation of STI-shadow, > > and block #NMI there also. > > Hmm, that text says "may", not will, and imo STI affecting NMI can at best > be viewed as a quirk (quite possibly intentional, for simplifying some > internal logic on the processor).
Possibly, but a guest expecting such behavior and Xen not emulating it would most likely lead to a crash, while forcing the other way around (Xen blocking NMIs on STI shadow unconditionally) is not likely to cause issues for OSes not relying on it. > Plus I'm not convinced AMD allows similar > leeway in SVM; at least I can't spot any similar statement in their PM. Hard to tell, in any case I would apply the same reasoning as above, as IMO implementing STI shadow blocking NMIs is the safer option, and is what Xen has been doing so far without reported issues that I know of. Thanks, Roger.
