I don't think this is a super-serious problem. Many RISC CPUs store their interrupt state in registers, not on a stack. For example, MIPS, PowerPC, and IIRC m88k CPUs all had software stacks. Thus, it was the responsibility of the interrupt handler to (1) save the critical state to a software stack, and then (2) re-enable relevant interrupts.
In other words, there is no such thing as an NMI anymore. If an interrupt source is to be non-maskable, it's because of OS-enforced policy.
Therefore, I propose the glue logic also mask the NMI (in fact, it has to do this temporarily anyway for the delayed demotion mechanism discussed above). This would give the host OS time to save relevant data before deciding whether or not it wants to re-enable NMI or not.
The performance impact, while not zero, should be small enough to not matter for all but the most pathologically speed-sensitive applications. But, then, in such applications, you're not likely going to need an MMU either.
|