>>> On 12.10.18 at 18:37, <[email protected]> wrote: > Furthermore, I believe even #MC is blocked by the MOVSS shadow, because > the purpose of the shadow is to indicate "my stack is not safe to take > an exception".
Having thought about this some more over lunch, I'm afraid I now think that both variants are equally likely due to being equally risky (as to resulting in shutdown): If the #MC was in any way fetch/execution related, honoring mov-ss-shadow would mean a second #MC (on the following instruction) would be deadly. >> Additionally STI-shadow only blocks maskable interrupts, but not NMI. > > This has been discussed on LKML in the past, but `STI; HLT` will > deadlock if NMIs don't respect the STI shadow. > > An NMI which hits that instruction boundary will IRET with IF clear, at > which point the core will halt and never wake up. No. STI-shadow, aiui, does not delay the setting of EFLAGS.IF, but only the recognition of interrupts. Hence in your scenario the NMI handler would see IF set in the saved image on the stack. As a result I don't currently think the change is in contradiction to documented or expectable behavior, and hence for now I don't see reasons to adjust it. Jan _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
