Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757880AbcCRR6c (ORCPT <rfc822;w@1wt.eu>);
	Fri, 18 Mar 2016 13:58:32 -0400
Received: from mx1.redhat.com ([209.132.183.28]:37615 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753450AbcCRR63 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 18 Mar 2016 13:58:29 -0400
Subject: Re: [PATCH 0/3] KVM: VMX: fix handling inv{ept,vpid} and nested RHEL6
 KVM
To: David Matlack <dmatlack@google.com>
References: <1458317379-8363-1-git-send-email-pbonzini@redhat.com>
 <CALzav=dw6OuRA=a6nk_2mMb6NEGRmfD7-+M4zw3eFfOvHYuFEA@mail.gmail.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>, jmontleo@redhat.com, bdas@redhat.com
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56EC41C0.8010706@redhat.com>
Date: Fri, 18 Mar 2016 18:58:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CALzav=dw6OuRA=a6nk_2mMb6NEGRmfD7-+M4zw3eFfOvHYuFEA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1366
Lines: 43



On 18/03/2016 18:42, David Matlack wrote:
> On Fri, Mar 18, 2016 at 9:09 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> Patches 1 and 2 fix two cases where a guest could hang at 100% CPU
>> due to mis-emulation of a failing invept or invvpid.
> 
> Will you be sending out kvm-unit-test test cases for these?

Yes, of course, especially for patches 1 and 2.  However I first want to
add a --enable-unsafe option for stuff that breaks particularly badly
when the test fails.  We don't do nested virt CVEs (yet), but all of
these would be treated as vulnerabilities if we did---the tests would
effectively DoS the host.

The infamous #AC failure could also be under a flag like that, and I
remember a similar topic popping up with a LAPIC fix from Google.

Paolo

>>
>> Patch 3 works around a bug in RHEL6 KVM, which is exposed by nested
>> VPID support; RHEL6 KVM uses single-context invvpid unconditionally,
>> but until now KVM did not provide it.
>>
>> Paolo
>>
> 
> For the series,
> 
> Reviewed-by: David Matlack <dmatlack@google.com>
> 
>> Paolo Bonzini (3):
>>   KVM: VMX: avoid guest hang on invalid invept instruction
>>   KVM: VMX: avoid guest hang on invalid invvpid instruction
>>   KVM: VMX: fix nested vpid for old KVM guests
>>
>>  arch/x86/kvm/vmx.c | 16 +++++++++++++++-
>>  1 file changed, 15 insertions(+), 1 deletion(-)
>>
>> --
>> 1.8.3.1
>>