On Wed, Jul 31, 2019 at 4:37 PM Sean Christopherson <sean.j.christopherson@xxxxxxxxx> wrote: > At a glance, the full emulator models behavior correctly, e.g. see > toggle_interruptibility() and setters of ctxt->interruptibility. > > I'm pretty sure that leaves the EPT misconfig MMIO and APIC access EOI > fast paths as the only (VMX) path that would incorrectly handle a > MOV/POP SS. Reading the guest's instruction stream to detect MOV/POP SS > would defeat the whole "fast path" thing, not to mention both paths aren't > exactly architecturally compliant in the first place. The proposed patch clears the interrupt shadow in the VMCB on all paths through svm's skip_emulated_instruction. If this happens at the tail end of emulation, it doesn't matter if the full emulator does the right thing.
