Re: [PATCH] KVM/VMX: Invoke NMI non-IST entry instead of IST entry

[Andy Lutomirski]

> On May 4, 2021, at 6:08 PM, Lai Jiangshan <jiangshanlai@xxxxxxxxx> wrote:
> 
> On Wed, May 5, 2021 at 5:23 AM Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>> 
>> 
>>>> On May 4, 2021, at 2:21 PM, Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>>> 
>>> On Tue, May 04, 2021, Paolo Bonzini wrote:
>>>>> On 04/05/21 23:05, Maxim Levitsky wrote:
>>>>> Does this mean that we still rely on hardware NMI masking to be activated?
>>>> 
>>>> No, the NMI code already handles reentrancy at both the assembly and C
>>>> levels.
>>>> 
>>>>> Or in other words, that is we still can't have an IRET between VM exit and
>>>>> the entry to the NMI handler?
>>>> 
>>>> No, because NMIs are not masked on VM exit.  This in fact makes things
>>>> potentially messy; unlike with AMD's CLGI/STGI, only MSRs and other things
>>>> that Intel thought can be restored atomically with the VM exit.
>>> 
>>> FWIW, NMIs are masked if the VM-Exit was due to an NMI.
>> 
>> Then this whole change is busted, since nothing will unmask NMIs. Revert it?
> 
> There is some instructable code between VMEXIT and
> handle_exception_nmi_irqoff().
> 
> The possible #DB #BP can happen in this gap and the IRET
> of the handler of #DB #BP will unmask NMI.
> 
> Another way to fix is to change the VMX code to call the NMI handler
> immediately after VMEXIT before leaving "nostr" section.
> 
> Reverting it can't fix the problem.

I was indeed wrong, and the helper properly unmasks NMIs. So all should be well.

I will contemplate how this all interacts with FRED.