On Tue, Aug 04, 2015 at 05:54:51AM +0200, Borislav Petkov wrote: > On Mon, Aug 03, 2015 at 11:45:24AM -0700, Andy Lutomirski wrote: > > P.P.P.S. Who thought that IRET faults unmasking NMIs made any sense > > whatsoever when NMIs run on an IST stack? Seriously, people? > > What happened with asking Intel for a sane IRET-NG? > > Should be relatively easy - take the current IRET microcode, get rid > of the nasty crap, allocate a new opcode and done. Validation should > actually have *less* to do and can reuse all current test cases.
Even easier, just add a few flags (probably 2 or 3 only) that IRET can check to adjust its behaviour. Basically "don't re-enable NMIs yet", maybe something to adjust the behaviour on bad CS/SS/SP/IP and a few such things could possibly help. Maybe all of this could be summarized as a single flag "I'm in a fault handler". Willy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
