I already knew this, I just hadn't remembered that I hadn't updated Xen since before the XSA and patch for this had been posted (and it took me a while to remember this when I accidentally panicked Xen :))
On 11/11/2015 13:47, Austin S Hemmelgarn wrote:
I just finished running a couple of tests in a KVM instance running
nested on a Xen HVM instance, and found no issues, so for the set as a
whole:
Tested-by: Austin S. Hemmelgarn <ahferroin7@xxxxxxxxx>
Now to hope the equivalent fix for Xen gets into the Gentoo repositories
soon, as the issue propagates down through nested virtualization and
ties up the CPU regardless (and in turn triggers the watchdog).
Note that nested guests should _not_ lock up the outer (L0) hypervisor
if the outer hypervisor has the fix. At least this is the case for KVM:
a fixed outer KVM can protect any vulnerable nested (L1) hypervisor from
malicious nested guests. A vulnerable outer KVM is also protected if
the nested hypervisor has the workaround.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature