ACK: [SRU Bionic/Focal 0/2] LP: #1940134/CVE-2021-3653 - L2 guest on AMD SVM
Kamal Mostafa
kamal at canonical.com
Mon Aug 16 21:29:40 UTC 2021
Ack for both the Bionic and Focal versions of this...
Acked-by: Kamal Mostafa <kamal at canonical.com>
-Kamal
On Mon, Aug 16, 2021 at 04:57:38PM -0300, Thadeu Lima de Souza Cascardo wrote:
> This patchset reverts the original fix for CVE-2021-3653, which showed the
> regression, and applied the fixed version that ended up upstream. The
> regression only showed on backports for kernels older than 5.8. And as the
> backport was necessary, I picked up the upstream stable v5.4.y version, which
> applied cleanly on both focal and bionic trees.
>
> The end result has been built and tested on an AMD system, where I was able to
> launch an L2 Linux guest inside an L1 Linux guest. Both versions were tested.
>
> [Impact]
> Users won't be able to run a Linux inside a Linux guest.
>
> [Test case]
> Launch an L1 guest with libvirt, then launch an L2 guest using qemu inside that
> first/L1 guest.
>
> [Potential regression]
> There might be reduced performance due to vmexits for interrupt handling.
>
> Maxim Levitsky (1):
> KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
> (CVE-2021-3653)
>
> Thadeu Lima de Souza Cascardo (1):
> UBUNTU: SAUCE: Revert "UBUNTU: SAUCE: KVM: nSVM: avoid picking up
> unsupported bits from L2 in int_ctl"
>
> arch/x86/kvm/svm.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> --
> 2.30.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list