On Thu, Aug 31, 2023 at 12:42:58PM +0200, Roger Pau Monné wrote: > On Fri, Oct 12, 2018 at 09:58:46AM -0600, Jan Beulich wrote: > > First of all, hvm_intsrc_mce was not considered here at all, yet nothing > > blocks #MC (other than an already in-progress #MC, but dealing with this > > is not the purpose of this patch). > > > > Additionally STI-shadow only blocks maskable interrupts, but not NMI. > > I've found the Table 25-3 on Intel SDM vol3 quite helpful: > > "Execution of STI with RFLAGS.IF = 0 blocks maskable interrupts on the > instruction boundary following its execution.1 Setting this bit > indicates that this blocking is in effect." > > And: > > "Execution of a MOV to SS or a POP to SS blocks or suppresses certain > debug exceptions as well as interrupts (maskable and nonmaskable) on > the instruction boundary following its execution." > > Might be worth adding to the commit message IMO.
So I've found a further footnote that contains: "Nonmaskable interrupts and system-management interrupts may also be inhibited on the instruction boundary following such an execution of STI." So we want to take the more restrictive implementation of STI-shadow, and block #NMI there also. Thanks, Roger.
