On 2013-03-11 19:51, Gleb Natapov wrote: >>> On Intel: >>> CPU 1 CPU 2 in a guest mode >>> send INIT >>> send SIPI >>> INIT vmexit >>> vmxoff >>> reset and start from SIPI vector >> >> Is SIPI sticky as well, even if the CPU is not in the wait-for-SIPI >> state (but runnable and in vmxon) while receiving it? >> > That what they seams to be saying: > However, an INIT and SIPI interrupts sent to a CPU during time when > it is in a VMX mode are remembered and delivered, perhaps hours later, > when the CPU exits the VMX mode > > Otherwise their exploit will not work. Very weird, specifically as SIPI is not just a binary event but carries payload. Will another SIPI event overwrite the previously "saved" vector? We are deep into an underspecified area... Jan -- Siemens AG, Corporate Technology, CT RTC ITP SDP-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
