On Mon, Apr 29, 2019 at 12:02 PM Linus Torvalds torvalds@linux-foundation.org wrote:
If nmi were to break it, it would be a cpu bug. I'm pretty sure I've seen the "shadow stops even nmi" documented for some uarch, but as mentioned it's not necessarily the only way to guarantee the shadow.
In fact, the documentation is simply the official Intel instruction docs for "STI":
The IF flag and the STI and CLI instructions do not prohibit the generation of exceptions and NMI interrupts. NMI interrupts (and SMIs) may be blocked for one macroinstruction following an STI.
note the "may be blocked". As mentioned, that's just one option for not having NMI break the STI shadow guarantee, but it's clearly one that Intel has done at times, and clearly even documents as having done so.
There is absolutely no question that the sti shadow is real, and that people have depended on it for _decades_. It would be a horrible errata if the shadow can just be made to go away by randomly getting an NMI or SMI.
Linus