On 2015-11-11 14:12, Austin S Hemmelgarn wrote: > On 2015-11-11 08:07, Paolo Bonzini wrote: >> >> >> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>>> >>> I just finished running a couple of tests in a KVM instance running >>> nested on a Xen HVM instance, and found no issues, so for the set as a >>> whole: >>> >>> Tested-by: Austin S. Hemmelgarn <ahferroin7@xxxxxxxxx> >>> >>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>> soon, as the issue propagates down through nested virtualization and >>> ties up the CPU regardless (and in turn triggers the watchdog). >> >> Note that nested guests should _not_ lock up the outer (L0) hypervisor >> if the outer hypervisor has the fix. At least this is the case for KVM: >> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >> malicious nested guests. A vulnerable outer KVM is also protected if >> the nested hypervisor has the workaround. >> > I already knew this, I just hadn't remembered that I hadn't updated Xen > since before the XSA and patch for this had been posted (and it took me > a while to remember this when I accidentally panicked Xen :)) > As I'm lazy, both to search and to write something myself: is there already a test case for the issue(s) circling around? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
