From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754701AbbKLOhc (ORCPT ); Thu, 12 Nov 2015 09:37:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36260 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752437AbbKLOh3 (ORCPT ); Thu, 12 Nov 2015 09:37:29 -0500 Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests To: Jan Kiszka , Austin S Hemmelgarn , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1447158174-10484-1-git-send-email-pbonzini@redhat.com> <564338F6.3070207@gmail.com> <56433D93.8070702@redhat.com> <56433EB7.2070507@gmail.com> <56449D4B.8050500@siemens.com> Cc: digitaleric@google.com From: Paolo Bonzini Message-ID: <5644A425.3050302@redhat.com> Date: Thu, 12 Nov 2015 15:37:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <56449D4B.8050500@siemens.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/11/2015 15:08, Jan Kiszka wrote: > On 2015-11-11 14:12, Austin S Hemmelgarn wrote: >> On 2015-11-11 08:07, Paolo Bonzini wrote: >>> >>> >>> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>>>> >>>> I just finished running a couple of tests in a KVM instance running >>>> nested on a Xen HVM instance, and found no issues, so for the set as a >>>> whole: >>>> >>>> Tested-by: Austin S. Hemmelgarn >>>> >>>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>>> soon, as the issue propagates down through nested virtualization and >>>> ties up the CPU regardless (and in turn triggers the watchdog). >>> >>> Note that nested guests should _not_ lock up the outer (L0) hypervisor >>> if the outer hypervisor has the fix. At least this is the case for KVM: >>> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >>> malicious nested guests. A vulnerable outer KVM is also protected if >>> the nested hypervisor has the workaround. >>> >> I already knew this, I just hadn't remembered that I hadn't updated Xen >> since before the XSA and patch for this had been posted (and it took me >> a while to remember this when I accidentally panicked Xen :)) > > As I'm lazy, both to search and to write something myself: is there > already a test case for the issue(s) circling around? To everybody: keep reproducers offlist, please. Paolo