Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 12/11/2015 15:08, Jan Kiszka wrote: > On 2015-11-11 14:12, Austin S Hemmelgarn wrote: >> On 2015-11-11 08:07, Paolo Bonzini wrote: >>> >>> >>> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: > I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. Hemmelgarn Now to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). >>> >>> Note that nested guests should _not_ lock up the outer (L0) hypervisor >>> if the outer hypervisor has the fix. At least this is the case for KVM: >>> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >>> malicious nested guests. A vulnerable outer KVM is also protected if >>> the nested hypervisor has the workaround. >>> >> I already knew this, I just hadn't remembered that I hadn't updated Xen >> since before the XSA and patch for this had been posted (and it took me >> a while to remember this when I accidentally panicked Xen :)) > > As I'm lazy, both to search and to write something myself: is there > already a test case for the issue(s) circling around? To everybody: keep reproducers offlist, please. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-11 14:12, Austin S Hemmelgarn wrote: > On 2015-11-11 08:07, Paolo Bonzini wrote: >> >> >> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>> I just finished running a couple of tests in a KVM instance running >>> nested on a Xen HVM instance, and found no issues, so for the set as a >>> whole: >>> >>> Tested-by: Austin S. Hemmelgarn >>> >>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>> soon, as the issue propagates down through nested virtualization and >>> ties up the CPU regardless (and in turn triggers the watchdog). >> >> Note that nested guests should _not_ lock up the outer (L0) hypervisor >> if the outer hypervisor has the fix. At least this is the case for KVM: >> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >> malicious nested guests. A vulnerable outer KVM is also protected if >> the nested hypervisor has the workaround. >> > I already knew this, I just hadn't remembered that I hadn't updated Xen > since before the XSA and patch for this had been posted (and it took me > a while to remember this when I accidentally panicked Xen :)) > As I'm lazy, both to search and to write something myself: is there already a test case for the issue(s) circling around? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-11 14:12, Austin S Hemmelgarn wrote: > On 2015-11-11 08:07, Paolo Bonzini wrote: >> >> >> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >>> I just finished running a couple of tests in a KVM instance running >>> nested on a Xen HVM instance, and found no issues, so for the set as a >>> whole: >>> >>> Tested-by: Austin S. Hemmelgarn>>> >>> Now to hope the equivalent fix for Xen gets into the Gentoo repositories >>> soon, as the issue propagates down through nested virtualization and >>> ties up the CPU regardless (and in turn triggers the watchdog). >> >> Note that nested guests should _not_ lock up the outer (L0) hypervisor >> if the outer hypervisor has the fix. At least this is the case for KVM: >> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >> malicious nested guests. A vulnerable outer KVM is also protected if >> the nested hypervisor has the workaround. >> > I already knew this, I just hadn't remembered that I hadn't updated Xen > since before the XSA and patch for this had been posted (and it took me > a while to remember this when I accidentally panicked Xen :)) > As I'm lazy, both to search and to write something myself: is there already a test case for the issue(s) circling around? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 12/11/2015 15:08, Jan Kiszka wrote: > On 2015-11-11 14:12, Austin S Hemmelgarn wrote: >> On 2015-11-11 08:07, Paolo Bonzini wrote: >>> >>> >>> On 11/11/2015 13:47, Austin S Hemmelgarn wrote: > I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. HemmelgarnNow to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). >>> >>> Note that nested guests should _not_ lock up the outer (L0) hypervisor >>> if the outer hypervisor has the fix. At least this is the case for KVM: >>> a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from >>> malicious nested guests. A vulnerable outer KVM is also protected if >>> the nested hypervisor has the workaround. >>> >> I already knew this, I just hadn't remembered that I hadn't updated Xen >> since before the XSA and patch for this had been posted (and it took me >> a while to remember this when I accidentally panicked Xen :)) > > As I'm lazy, both to search and to write something myself: is there > already a test case for the issue(s) circling around? To everybody: keep reproducers offlist, please. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-11 08:07, Paolo Bonzini wrote: On 11/11/2015 13:47, Austin S Hemmelgarn wrote: I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. Hemmelgarn Now to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). Note that nested guests should _not_ lock up the outer (L0) hypervisor if the outer hypervisor has the fix. At least this is the case for KVM: a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from malicious nested guests. A vulnerable outer KVM is also protected if the nested hypervisor has the workaround. I already knew this, I just hadn't remembered that I hadn't updated Xen since before the XSA and patch for this had been posted (and it took me a while to remember this when I accidentally panicked Xen :)) smime.p7s Description: S/MIME Cryptographic Signature
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >> > I just finished running a couple of tests in a KVM instance running > nested on a Xen HVM instance, and found no issues, so for the set as a > whole: > > Tested-by: Austin S. Hemmelgarn > > Now to hope the equivalent fix for Xen gets into the Gentoo repositories > soon, as the issue propagates down through nested virtualization and > ties up the CPU regardless (and in turn triggers the watchdog). Note that nested guests should _not_ lock up the outer (L0) hypervisor if the outer hypervisor has the fix. At least this is the case for KVM: a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from malicious nested guests. A vulnerable outer KVM is also protected if the nested hypervisor has the workaround. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-10 07:22, Paolo Bonzini wrote: Yes, these can happen. The issue is that benign exceptions are delivered serially, but two of them (#DB and #AC) can also happen during exception delivery itself. The subsequent infinite stream of exceptions causes the processor to never exit guest mode. Paolo Eric Northup (1): KVM: x86: work around infinite loop in microcode when #AC is delivered Paolo Bonzini (2): KVM: svm: unconditionally intercept #DB KVM: x86: rename update_db_bp_intercept to update_bp_intercept arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm.c | 22 +++--- arch/x86/kvm/vmx.c | 7 +-- arch/x86/kvm/x86.c | 2 +- 5 files changed, 19 insertions(+), 15 deletions(-) I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. Hemmelgarn Now to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). smime.p7s Description: S/MIME Cryptographic Signature
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-10 07:22, Paolo Bonzini wrote: Yes, these can happen. The issue is that benign exceptions are delivered serially, but two of them (#DB and #AC) can also happen during exception delivery itself. The subsequent infinite stream of exceptions causes the processor to never exit guest mode. Paolo Eric Northup (1): KVM: x86: work around infinite loop in microcode when #AC is delivered Paolo Bonzini (2): KVM: svm: unconditionally intercept #DB KVM: x86: rename update_db_bp_intercept to update_bp_intercept arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm.c | 22 +++--- arch/x86/kvm/vmx.c | 7 +-- arch/x86/kvm/x86.c | 2 +- 5 files changed, 19 insertions(+), 15 deletions(-) I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. HemmelgarnNow to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). smime.p7s Description: S/MIME Cryptographic Signature
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 11/11/2015 13:47, Austin S Hemmelgarn wrote: >> > I just finished running a couple of tests in a KVM instance running > nested on a Xen HVM instance, and found no issues, so for the set as a > whole: > > Tested-by: Austin S. Hemmelgarn> > Now to hope the equivalent fix for Xen gets into the Gentoo repositories > soon, as the issue propagates down through nested virtualization and > ties up the CPU regardless (and in turn triggers the watchdog). Note that nested guests should _not_ lock up the outer (L0) hypervisor if the outer hypervisor has the fix. At least this is the case for KVM: a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from malicious nested guests. A vulnerable outer KVM is also protected if the nested hypervisor has the workaround. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-11 08:07, Paolo Bonzini wrote: On 11/11/2015 13:47, Austin S Hemmelgarn wrote: I just finished running a couple of tests in a KVM instance running nested on a Xen HVM instance, and found no issues, so for the set as a whole: Tested-by: Austin S. HemmelgarnNow to hope the equivalent fix for Xen gets into the Gentoo repositories soon, as the issue propagates down through nested virtualization and ties up the CPU regardless (and in turn triggers the watchdog). Note that nested guests should _not_ lock up the outer (L0) hypervisor if the outer hypervisor has the fix. At least this is the case for KVM: a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from malicious nested guests. A vulnerable outer KVM is also protected if the nested hypervisor has the workaround. I already knew this, I just hadn't remembered that I hadn't updated Xen since before the XSA and patch for this had been posted (and it took me a while to remember this when I accidentally panicked Xen :)) smime.p7s Description: S/MIME Cryptographic Signature
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 10/11/2015 16:38, Jan Kiszka wrote: > On 2015-11-10 13:22, Paolo Bonzini wrote: >> Yes, these can happen. The issue is that benign exceptions are >> delivered serially, but two of them (#DB and #AC) can also happen >> during exception delivery itself. The subsequent infinite stream >> of exceptions causes the processor to never exit guest mode. >> >> Paolo >> >> Eric Northup (1): >> KVM: x86: work around infinite loop in microcode when #AC is delivered >> >> Paolo Bonzini (2): >> KVM: svm: unconditionally intercept #DB >> KVM: x86: rename update_db_bp_intercept to update_bp_intercept >> >> arch/x86/include/asm/kvm_host.h | 2 +- >> arch/x86/include/uapi/asm/svm.h | 1 + >> arch/x86/kvm/svm.c | 22 +++--- >> arch/x86/kvm/vmx.c | 7 +-- >> arch/x86/kvm/x86.c | 2 +- >> 5 files changed, 19 insertions(+), 15 deletions(-) >> > > So this affects both Intel and AMD CPUs equally? Nice cross-vendor > "compatibility". Yes, it's for both. > And it can only be triggered via #AC and #DB, or also other exceptions > (that KVM already happens to intercept)? Yes, these are the sole benign exceptions that can occur during exception delivery. All other benign exceptions only occur as the result of executing instructions. > You may guess why I'm asking... > Is any of the issues already documented in a vendor errata? No idea. As far as I understood, processor engineers consider this to be intended behavior (!) though they admit that the outcome for virtualization is bad. I don't have a reproducer for this yet (I have only tested the patches by ensuring that they do not regress on the legal cases), but from what I heard at least on Intel the #AC injection actually causes a failed VM-entry... Yet, nothing in the manual suggests _why_. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-10 13:22, Paolo Bonzini wrote: > Yes, these can happen. The issue is that benign exceptions are > delivered serially, but two of them (#DB and #AC) can also happen > during exception delivery itself. The subsequent infinite stream > of exceptions causes the processor to never exit guest mode. > > Paolo > > Eric Northup (1): > KVM: x86: work around infinite loop in microcode when #AC is delivered > > Paolo Bonzini (2): > KVM: svm: unconditionally intercept #DB > KVM: x86: rename update_db_bp_intercept to update_bp_intercept > > arch/x86/include/asm/kvm_host.h | 2 +- > arch/x86/include/uapi/asm/svm.h | 1 + > arch/x86/kvm/svm.c | 22 +++--- > arch/x86/kvm/vmx.c | 7 +-- > arch/x86/kvm/x86.c | 2 +- > 5 files changed, 19 insertions(+), 15 deletions(-) > So this affects both Intel and AMD CPUs equally? Nice cross-vendor "compatibility". And it can only be triggered via #AC and #DB, or also other exceptions (that KVM already happens to intercept)? You may guess why I'm asking... Is any of the issues already documented in a vendor errata? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/3] Infinite loops in microcode while running guests
Yes, these can happen. The issue is that benign exceptions are delivered serially, but two of them (#DB and #AC) can also happen during exception delivery itself. The subsequent infinite stream of exceptions causes the processor to never exit guest mode. Paolo Eric Northup (1): KVM: x86: work around infinite loop in microcode when #AC is delivered Paolo Bonzini (2): KVM: svm: unconditionally intercept #DB KVM: x86: rename update_db_bp_intercept to update_bp_intercept arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm.c | 22 +++--- arch/x86/kvm/vmx.c | 7 +-- arch/x86/kvm/x86.c | 2 +- 5 files changed, 19 insertions(+), 15 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 2015-11-10 13:22, Paolo Bonzini wrote: > Yes, these can happen. The issue is that benign exceptions are > delivered serially, but two of them (#DB and #AC) can also happen > during exception delivery itself. The subsequent infinite stream > of exceptions causes the processor to never exit guest mode. > > Paolo > > Eric Northup (1): > KVM: x86: work around infinite loop in microcode when #AC is delivered > > Paolo Bonzini (2): > KVM: svm: unconditionally intercept #DB > KVM: x86: rename update_db_bp_intercept to update_bp_intercept > > arch/x86/include/asm/kvm_host.h | 2 +- > arch/x86/include/uapi/asm/svm.h | 1 + > arch/x86/kvm/svm.c | 22 +++--- > arch/x86/kvm/vmx.c | 7 +-- > arch/x86/kvm/x86.c | 2 +- > 5 files changed, 19 insertions(+), 15 deletions(-) > So this affects both Intel and AMD CPUs equally? Nice cross-vendor "compatibility". And it can only be triggered via #AC and #DB, or also other exceptions (that KVM already happens to intercept)? You may guess why I'm asking... Is any of the issues already documented in a vendor errata? Thanks, Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/3] Infinite loops in microcode while running guests
On 10/11/2015 16:38, Jan Kiszka wrote: > On 2015-11-10 13:22, Paolo Bonzini wrote: >> Yes, these can happen. The issue is that benign exceptions are >> delivered serially, but two of them (#DB and #AC) can also happen >> during exception delivery itself. The subsequent infinite stream >> of exceptions causes the processor to never exit guest mode. >> >> Paolo >> >> Eric Northup (1): >> KVM: x86: work around infinite loop in microcode when #AC is delivered >> >> Paolo Bonzini (2): >> KVM: svm: unconditionally intercept #DB >> KVM: x86: rename update_db_bp_intercept to update_bp_intercept >> >> arch/x86/include/asm/kvm_host.h | 2 +- >> arch/x86/include/uapi/asm/svm.h | 1 + >> arch/x86/kvm/svm.c | 22 +++--- >> arch/x86/kvm/vmx.c | 7 +-- >> arch/x86/kvm/x86.c | 2 +- >> 5 files changed, 19 insertions(+), 15 deletions(-) >> > > So this affects both Intel and AMD CPUs equally? Nice cross-vendor > "compatibility". Yes, it's for both. > And it can only be triggered via #AC and #DB, or also other exceptions > (that KVM already happens to intercept)? Yes, these are the sole benign exceptions that can occur during exception delivery. All other benign exceptions only occur as the result of executing instructions. > You may guess why I'm asking... > Is any of the issues already documented in a vendor errata? No idea. As far as I understood, processor engineers consider this to be intended behavior (!) though they admit that the outcome for virtualization is bad. I don't have a reproducer for this yet (I have only tested the patches by ensuring that they do not regress on the legal cases), but from what I heard at least on Intel the #AC injection actually causes a failed VM-entry... Yet, nothing in the manual suggests _why_. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/3] Infinite loops in microcode while running guests
Yes, these can happen. The issue is that benign exceptions are delivered serially, but two of them (#DB and #AC) can also happen during exception delivery itself. The subsequent infinite stream of exceptions causes the processor to never exit guest mode. Paolo Eric Northup (1): KVM: x86: work around infinite loop in microcode when #AC is delivered Paolo Bonzini (2): KVM: svm: unconditionally intercept #DB KVM: x86: rename update_db_bp_intercept to update_bp_intercept arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm.c | 22 +++--- arch/x86/kvm/vmx.c | 7 +-- arch/x86/kvm/x86.c | 2 +- 5 files changed, 19 insertions(+), 15 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/