From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752641AbbKKNMr (ORCPT ); Wed, 11 Nov 2015 08:12:47 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:36024 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752391AbbKKNMq (ORCPT ); Wed, 11 Nov 2015 08:12:46 -0500 Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests To: Paolo Bonzini , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1447158174-10484-1-git-send-email-pbonzini@redhat.com> <564338F6.3070207@gmail.com> <56433D93.8070702@redhat.com> Cc: digitaleric@google.com From: Austin S Hemmelgarn Message-ID: <56433EB7.2070507@gmail.com> Date: Wed, 11 Nov 2015 08:12:23 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <56433D93.8070702@redhat.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms000706030003020004080509" X-Antivirus: avast! (VPS 151110-1, 2015-11-10), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms000706030003020004080509 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-11-11 08:07, Paolo Bonzini wrote: > > > On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>> >> I just finished running a couple of tests in a KVM instance running >> nested on a Xen HVM instance, and found no issues, so for the set as a= >> whole: >> >> Tested-by: Austin S. Hemmelgarn >> >> Now to hope the equivalent fix for Xen gets into the Gentoo repositori= es >> soon, as the issue propagates down through nested virtualization and >> ties up the CPU regardless (and in turn triggers the watchdog). > > Note that nested guests should _not_ lock up the outer (L0) hypervisor > if the outer hypervisor has the fix. At least this is the case for KVM= : > a fixed outer KVM can protect any vulnerable nested (L1) hypervisor fro= m > malicious nested guests. A vulnerable outer KVM is also protected if > the nested hypervisor has the workaround. > I already knew this, I just hadn't remembered that I hadn't updated Xen=20 since before the XSA and patch for this had been posted (and it took me=20 a while to remember this when I accidentally panicked Xen :)) --------------ms000706030003020004080509 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMRLfgwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwOTIxMTEzNTEzWhcNMTYwMzE5MTEzNTEzWjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBADMnxtSLiIunh/TQcjnRdf63yf2D8jMtYUm4yDoCF++J jCXbPQBGrpCEHztlNSGIkF3PH7ohKZvlqF4XePWxpY9dkr/pNyCF1PRkwxUURqvuHXbu8Lwn 8D3U2HeOEU3KmrfEo65DcbanJCMTTW7+mU9lZICPP7ZA9/zB+L0Gm1UNFZ6AU50N/86vjQfY WgkCd6dZD4rQ5y8L+d/lRbJW7ZGEQw1bSFVTRpkxxDTOwXH4/GpQfnfqTAtQuJ1CsKT12e+H NSD/RUWGTr289dA3P4nunBlz7qfvKamxPymHeBEUcuICKkL9/OZrnuYnGROFwcdvfjGE5iLB kjp/ttrY4aaVW5EsLASNgiRmA6mbgEAMlw3RwVx0sVelbiIAJg9Twzk4Ct6U9uBKiJ8S0sS2 8RCSyTmCRhJs0vvva5W9QUFGmp5kyFQEoSfBRJlbZfGX2ehI2Hi3U2/PMUm2ONuQG1E+a0AP u7I0NJc/Xil7rqR0gdbfkbWp0a+8dAvaM6J00aIcNo+HkcQkUgtfrw+C2Oyl3q8IjivGXZqT 5UdGUb2KujLjqjG91Dun3/RJ/qgQlotH7WkVBs7YJVTCxfkdN36rToPcnMYOI30FWa0Q06gn F6gUv9/mo6riv3A5bem/BdbgaJoPnWQD9D8wSyci9G4LKC+HQAMdLmGoeZfpJzKHMYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMTExMTMxMjIzWjBPBgkq hkiG9w0BCQQxQgRA/UlMHc4OFd5/lOKStJASbKLZLT24nqCUH4+20vNFO0CmIqy3PWlbi2Oa znbd+eaPtJrCsO8JI0egTGg87lg/kDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxEt+DCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DAN BgkqhkiG9w0BAQEFAASCAgAnJjTNNBtrUko1LI0BbrQK1UAjWOHHrLzq4w2xL+KaYiOtv9RO jtzhfQHtfDTDwwTzbmP091p3D97wG8jDAvIXIQNETHjRxEk3oKTMDaGOrAFR1W8xVanIQ3gk U1xhoYzrlzVRX/JKvxZz5xOKieT0Bhk8AbKaAiU7cQpZLEocOJydeWvBfEGVGEbzSJZkP+X8 Pp6LEMtdQSOkwFCLN4vp/VXiZHkzoRI8aDdyPN2/NS8ZssPQ1eeQrs/ZBaY22Du4u+jbkQgN TkAGK6e8P1oVbmGuKVZi7oXwdDJJ7LjGsHGSpCS9pXjx14pJQD5oKuBRv5PTynmDudXjtc/U hpCSSdtCxrvVkW2kTlMhlvJs+qHgY4opH/V1dDafkA8B4vNBYkAH/0oWrOC7JyqjppqWivhN mEVlD+32OKX7Fqdn7D/uAGb5jAHRtebcD3Lj104wzD54YL1dCJY3Whf6/Ot3GM0OoIpo7oeE LlVDBYVfn3NwGRLBiuGiAZ6tR9kNb0FPoXfF08J320m4HP1wapHw2kM4m1xOvh4U1rAPZFvE 5yDM26cG6Unew//NC1IrLuGO1yeqdSkOnJXMSw0QymjLb60jrP7aBa0AkHTXatXEjXi7PTGc ekYh8euDXBVGlcoPmZ3T9pghfZNDAy3pnxG+/faopPtoAP+m01JmFt6kugAAAAAAAA== --------------ms000706030003020004080509--