On 12/11/2015 15:08, Jan Kiszka wrote: > On 2015-11-11 14:12, Austin S Hemmelgarn wrote: >> On 2015-11-11 08:07, Paolo Bonzini wrote: >>> >>> >>> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>>>> >>>> I just finished running a couple of tests in a KVM instance running >>>> nested on a Xen HVM instance, and found no issues, so for the set as a >>>> whole: >>>> >>>> Tested-by: Austin S. Hemmelgarn <ahferroin7@xxxxxxxxx> >>>> >>>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>>> soon, as the issue propagates down through nested virtualization and >>>> ties up the CPU regardless (and in turn triggers the watchdog). >>> >>> Note that nested guests should _not_ lock up the outer (L0) hypervisor >>> if the outer hypervisor has the fix. At least this is the case for KVM: >>> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >>> malicious nested guests. A vulnerable outer KVM is also protected if >>> the nested hypervisor has the workaround. >>> >> I already knew this, I just hadn't remembered that I hadn't updated Xen >> since before the XSA and patch for this had been posted (and it took me >> a while to remember this when I accidentally panicked Xen :)) > > As I'm lazy, both to search and to write something myself: is there > already a test case for the issue(s) circling around? To everybody: keep reproducers offlist, please. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
