On 2013-03-11 20:30, Gleb Natapov wrote: > On Mon, Mar 11, 2013 at 08:01:30PM +0100, Jan Kiszka wrote: >> On 2013-03-11 19:51, Gleb Natapov wrote: >>>>> On Intel: >>>>> CPU 1 CPU 2 in a guest mode >>>>> send INIT >>>>> send SIPI >>>>> INIT vmexit >>>>> vmxoff >>>>> reset and start from SIPI vector >>>> >>>> Is SIPI sticky as well, even if the CPU is not in the wait-for-SIPI >>>> state (but runnable and in vmxon) while receiving it? >>>> >>> That what they seams to be saying: >>> However, an INIT and SIPI interrupts sent to a CPU during time when >>> it is in a VMX mode are remembered and delivered, perhaps hours later, >>> when the CPU exits the VMX mode >>> >>> Otherwise their exploit will not work. >> >> Very weird, specifically as SIPI is not just a binary event but carries >> payload. Will another SIPI event overwrite the previously "saved" >> vector? We are deep into an underspecified area... > My guess is that VMX INIT blocking is done by the same mechanism as > INIT blocking during SMM. Obviously after exit from SMM pending > INIT/SIPI have to be processed. I think this should be further examined via a test case that can run on real HW. Is kvm-unit-test ready for this? Then we "just" need to implement what you were already asking for: minimalistic nVMX tests... Jan -- Siemens AG, Corporate Technology, CT RTC ITP SDP-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
