From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754512AbbKLOI1 (ORCPT ); Thu, 12 Nov 2015 09:08:27 -0500 Received: from david.siemens.de ([192.35.17.14]:33313 "EHLO david.siemens.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753966AbbKLOIX (ORCPT ); Thu, 12 Nov 2015 09:08:23 -0500 Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests To: Austin S Hemmelgarn , Paolo Bonzini , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1447158174-10484-1-git-send-email-pbonzini@redhat.com> <564338F6.3070207@gmail.com> <56433D93.8070702@redhat.com> <56433EB7.2070507@gmail.com> Cc: digitaleric@google.com From: Jan Kiszka Message-ID: <56449D4B.8050500@siemens.com> Date: Thu, 12 Nov 2015 15:08:11 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <56433EB7.2070507@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2015-11-11 14:12, Austin S Hemmelgarn wrote: > On 2015-11-11 08:07, Paolo Bonzini wrote: >> >> >> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>>> >>> I just finished running a couple of tests in a KVM instance running >>> nested on a Xen HVM instance, and found no issues, so for the set as a >>> whole: >>> >>> Tested-by: Austin S. Hemmelgarn >>> >>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>> soon, as the issue propagates down through nested virtualization and >>> ties up the CPU regardless (and in turn triggers the watchdog). >> >> Note that nested guests should _not_ lock up the outer (L0) hypervisor >> if the outer hypervisor has the fix. At least this is the case for KVM: >> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >> malicious nested guests. A vulnerable outer KVM is also protected if >> the nested hypervisor has the workaround. >> > I already knew this, I just hadn't remembered that I hadn't updated Xen > since before the XSA and patch for this had been posted (and it took me > a while to remember this when I accidentally panicked Xen :)) > As I'm lazy, both to search and to write something myself: is there already a test case for the issue(s) circling around? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux