On Tue, Feb 11, 2020 at 7:43 AM Joerg Roedel [off-list ref] wrote:

On Tue, Feb 11, 2020 at 03:50:08PM +0100, Peter Zijlstra wrote:

quoted

Oh gawd; so instead of improving the whole NMI situation, AMD went and
made it worse still ?!?

Well, depends on how you want to see it. Under SEV-ES an IRET will not
re-open the NMI window, but the guest has to tell the hypervisor
explicitly when it is ready to receive new NMIs via the NMI_COMPLETE
message.  NMIs stay blocked even when an exception happens in the
handler, so this could also be seen as a (slight) improvement.

I don't get it.  VT-x has a VMCS bit "Interruptibility
state"."Blocking by NMI" that tracks the NMI masking state.  Would it
have killed AMD to solve the problem they same way to retain
architectural behavior inside a SEV-ES VM?

--Andy