On Thu, Jul 21, 2022, Maxim Levitsky wrote: > On Thu, 2022-07-21 at 16:08 +0000, Sean Christopherson wrote: > > So we have a poor man's NMI-window exiting. > > Yep, we also intercept IRET for the same purpose, and RSM interception > is also a place the NMI are evaluated. > > We only single step over the IRET, because NMIs are unmasked _after_ the IRET > retires. Heh, check out this blurb from Intel's SDM: An execution of the IRET instruction unblocks NMIs even if the instruction causes a fault. For example, if the IRET instruction executes with EFLAGS.VM = 1 and IOPL of less than 3, a general-protection exception is generated (see Section 20.2.7, “Sensitive Instructions”). In such a case, NMIs are unmasked before the exception handler is invoked. Not that I want to try and handle that in KVM if AMD follows suit, I simply find it amusing how messy this all is. A true NMI-window exit would have been nice...
