From: Jan Beulich <jbeulich@suse.com>
To: boris.ostrovsky@oracle.com
Cc: xen-devel@lists.xenproject.org,
Cheyenne Wills <cheyenne.wills@gmail.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: XSA-351 causing Solaris-11 systems to panic during boot.
Date: Mon, 21 Dec 2020 17:55:52 +0100 [thread overview]
Message-ID: <c869736a-afbf-a52b-e7ce-d7f4bb3d7faf@suse.com> (raw)
In-Reply-To: <0dbfa20a-5c3d-77c5-1ef0-4baf74e60195@oracle.com>
On 21.12.2020 17:21, boris.ostrovsky@oracle.com wrote:
>
> On 12/21/20 3:21 AM, Jan Beulich wrote:
>> On 18.12.2020 21:43, boris.ostrovsky@oracle.com wrote:
>>> Can we do something like KVM's ignore_msrs (but probably return 0 on reads to avoid leaks from the system)? It would allow to deal with cases when a guest is suddenly unable to boot after hypervisor update (especially from pre-4.14). It won't help in all cases since some MSRs may be expected to be non-zero but I think it will cover large number of them. (and it will certainly do what Jan is asking above but will not be specific to this particular breakage)
>> This would re-introduce the problem with detection (by guests) of certain
>> features lacking suitable CPUID bits. Guests would no longer observe the
>> expected #GP(0), and hence be at risk of misbehaving. Hence at the very
>> least such an option would need to be per-domain rather than (like for
>> KVM) global,
>
>
> Yes, of course.
>
>
>> and use of it should then imo be explicitly unsupported.
>
>
> Unsupported or not recommended? There are options that are not recommended from security perspective but they are still supported. For example, `spec-ctrl=no` (although it's a global setting)
"Security unsupported", i.e. use of it causing what might look like
a security issue would not get an XSA.
Jan
next prev parent reply other threads:[~2020-12-21 16:56 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 21:57 XSA-351 causing Solaris-11 systems to panic during boot Cheyenne Wills
2020-11-17 8:12 ` Jan Beulich
2020-11-17 14:43 ` Cheyenne Wills
2020-11-17 14:46 ` Andrew Cooper
2020-12-17 1:51 ` boris.ostrovsky
2020-12-17 7:40 ` Jan Beulich
2020-12-17 16:25 ` boris.ostrovsky
2020-12-17 16:46 ` Andrew Cooper
2020-12-17 17:49 ` boris.ostrovsky
2020-12-18 20:43 ` boris.ostrovsky
2020-12-21 8:21 ` Jan Beulich
2020-12-21 16:21 ` boris.ostrovsky
2020-12-21 16:55 ` Jan Beulich [this message]
2020-11-17 10:50 ` Roger Pau Monné
2020-11-17 12:54 ` Roger Pau Monné
2020-11-17 13:59 ` Cheyenne Wills
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c869736a-afbf-a52b-e7ce-d7f4bb3d7faf@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=cheyenne.wills@gmail.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.