[SRU Bionic/Focal 0/2] LP: #1940134/CVE-2021-3653 - L2 guest on AMD SVM
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Aug 16 19:57:38 UTC 2021
This patchset reverts the original fix for CVE-2021-3653, which showed the
regression, and applied the fixed version that ended up upstream. The
regression only showed on backports for kernels older than 5.8. And as the
backport was necessary, I picked up the upstream stable v5.4.y version, which
applied cleanly on both focal and bionic trees.
The end result has been built and tested on an AMD system, where I was able to
launch an L2 Linux guest inside an L1 Linux guest. Both versions were tested.
[Impact]
Users won't be able to run a Linux inside a Linux guest.
[Test case]
Launch an L1 guest with libvirt, then launch an L2 guest using qemu inside that
first/L1 guest.
[Potential regression]
There might be reduced performance due to vmexits for interrupt handling.
Maxim Levitsky (1):
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(CVE-2021-3653)
Thadeu Lima de Souza Cascardo (1):
UBUNTU: SAUCE: Revert "UBUNTU: SAUCE: KVM: nSVM: avoid picking up
unsupported bits from L2 in int_ctl"
arch/x86/kvm/svm.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list