From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH] x86: kvm: reset the bootstrap processor when it gets an INIT Date: Mon, 11 Mar 2013 20:01:30 +0100 Message-ID: <513E2A0A.3080008@siemens.com> References: <513DE8C5.3090209@redhat.com> <513DFA01.1040500@siemens.com> <20130311172342.GS31619@redhat.com> <513E158B.80506@siemens.com> <20130311174155.GU31619@redhat.com> <513E1CFC.6010201@siemens.com> <20130311181306.GW31619@redhat.com> <513E2220.2090501@siemens.com> <20130311183915.GA14689@redhat.com> <513E26A7.4020405@siemens.com> <20130311185132.GB14689@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Paolo Bonzini , "linux-kernel@vger.kernel.org" , "kvm@vger.kernel.org" , "mtosatti@redhat.com" To: Gleb Natapov Return-path: In-Reply-To: <20130311185132.GB14689@redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 2013-03-11 19:51, Gleb Natapov wrote: >>> On Intel: >>> CPU 1 CPU 2 in a guest mode >>> send INIT >>> send SIPI >>> INIT vmexit >>> vmxoff >>> reset and start from SIPI vector >> >> Is SIPI sticky as well, even if the CPU is not in the wait-for-SIPI >> state (but runnable and in vmxon) while receiving it? >> > That what they seams to be saying: > However, an INIT and SIPI interrupts sent to a CPU during time when > it is in a VMX mode are remembered and delivered, perhaps hours later, > when the CPU exits the VMX mode > > Otherwise their exploit will not work. Very weird, specifically as SIPI is not just a binary event but carries payload. Will another SIPI event overwrite the previously "saved" vector? We are deep into an underspecified area... Jan -- Siemens AG, Corporate Technology, CT RTC ITP SDP-DE Corporate Competence Center Embedded Linux