2017-06-19 19:17+0200, Paolo Bonzini: > On 19/06/2017 18:17, Radim Krčmář wrote: > > Right, we only need the single step over IRET and interrupt shadow. > > > > Btw. instead of single-stepping over IRET/interrupt shadow, could we set > > INTERRUPT_SHADOW in VMCB, inject the NMI, and let it execute? > > This mechanism would explain why AMD didn't provide a trap for IRET ... > > You mean they didn't provide a trap-like VMEXIT for IRET, only fault-like? Yes. SVM has trap-like VM exit, so I didn't understand why it was not used for IRET. Forcing the hypervisor to have two VM exits and a clumsy single-step felt out of place when the rest was designed nicely ...
