!9810 KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked

	struct vcpu_svm *svm = to_svm(vcpu);

	/*

	 * KVM should never request an NMI window when vNMI is enabled, as KVM

	 * allows at most one to-be-injected NMI and one pending NMI, i.e. if

	 * two NMIs arrive simultaneously, KVM will inject one and set

	 * V_NMI_PENDING for the other.  WARN, but continue with the standard

	 * single-step approach to try and salvage the pending NMI.

	 * If NMIs are outright masked, i.e. the vCPU is already handling an

	 * NMI, and KVM has not yet intercepted an IRET, then there is nothing

	 * more to do at this time as KVM has already enabled IRET intercepts.

	 * If KVM has already intercepted IRET, then single-step over the IRET,

	 * as NMIs aren't architecturally unmasked until the IRET completes.

	 *

	 * If vNMI is enabled, KVM should never request an NMI window if NMIs

	 * are masked, as KVM allows at most one to-be-injected NMI and one

	 * pending NMI.  If two NMIs arrive simultaneously, KVM will inject one

	 * NMI and set V_NMI_PENDING for the other, but if and only if NMIs are

	 * unmasked.  KVM _will_ request an NMI window in some situations, e.g.

	 * if the vCPU is in an STI shadow or if GIF=0, KVM can't immediately

	 * inject the NMI.  In those situations, KVM needs to single-step over

	 * the STI shadow or intercept STGI.

	 */

	if (svm_get_nmi_mask(vcpu)) {

		WARN_ON_ONCE(is_vnmi_enabled(svm));

	if (svm_get_nmi_mask(vcpu) && !svm->awaiting_iret_completion)

		if (!svm->awaiting_iret_completion)

			return; /* IRET will cause a vm exit */

	}

	/*

	 * SEV-ES guests are responsible for signaling when a vCPU is ready to