From: Austin S Hemmelgarn <ahferroin7@gmail.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: digitaleric@google.com
Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests
Date: Wed, 11 Nov 2015 08:12:23 -0500 [thread overview]
Message-ID: <56433EB7.2070507@gmail.com> (raw)
In-Reply-To: <56433D93.8070702@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1113 bytes --]
On 2015-11-11 08:07, Paolo Bonzini wrote:
>
>
> On 11/11/2015 13:47, Austin S Hemmelgarn wrote:
>>>
>> I just finished running a couple of tests in a KVM instance running
>> nested on a Xen HVM instance, and found no issues, so for the set as a
>> whole:
>>
>> Tested-by: Austin S. Hemmelgarn <ahferroin7@gmail.com>
>>
>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories
>> soon, as the issue propagates down through nested virtualization and
>> ties up the CPU regardless (and in turn triggers the watchdog).
>
> Note that nested guests should _not_ lock up the outer (L0) hypervisor
> if the outer hypervisor has the fix. At least this is the case for KVM:
> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from
> malicious nested guests. A vulnerable outer KVM is also protected if
> the nested hypervisor has the workaround.
>
I already knew this, I just hadn't remembered that I hadn't updated Xen
since before the XSA and patch for this had been posted (and it took me
a while to remember this when I accidentally panicked Xen :))
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 3019 bytes --]
next prev parent reply other threads:[~2015-11-11 13:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-10 12:22 [PATCH 0/3] Infinite loops in microcode while running guests Paolo Bonzini
2015-11-10 12:22 ` [PATCH 1/3] KVM: x86: work around infinite loop in microcode when #AC is delivered Paolo Bonzini
2015-11-11 0:39 ` Venkatesh Srinivas
2015-11-10 12:22 ` [PATCH 2/3] KVM: svm: unconditionally intercept #DB Paolo Bonzini
2015-11-10 12:22 ` [PATCH 3/3] KVM: x86: rename update_db_bp_intercept to update_bp_intercept Paolo Bonzini
2015-11-10 15:38 ` [PATCH 0/3] Infinite loops in microcode while running guests Jan Kiszka
2015-11-10 16:09 ` Paolo Bonzini
2015-11-11 12:47 ` Austin S Hemmelgarn
2015-11-11 13:07 ` Paolo Bonzini
2015-11-11 13:12 ` Austin S Hemmelgarn [this message]
2015-11-12 14:08 ` Jan Kiszka
2015-11-12 14:37 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56433EB7.2070507@gmail.com \
--to=ahferroin7@gmail.com \
--cc=digitaleric@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.