[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSA-351 causing Solaris-11 systems to panic during boot.


  • To: <boris.ostrovsky@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 17 Dec 2020 16:46:42 +0000
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Cheyenne Wills <cheyenne.wills@xxxxxxxxx>
  • Delivery-date: Thu, 17 Dec 2020 16:46:50 +0000
  • Ironport-sdr: vr7Z/XLe1qXhQv2uYamwn4Rw6yA8Lq94tfk/lmidme9JOy3vTSwX2hJxEuVF8lCN7VBwDPJumq oq9PgnHG7Ry2gsl50/pp7bLgeslboS96WhLCEpffA+0QlnAcsBHYsb6ZoFKW6STyIOJe+mUqaq SIJxDVI9b8iR4qnSLWXkYZWpBjI5nMmm+d6XxZKeMEO9VUFqaZa3Lf1S7MvjU+1HCBzNZFcLn5 WJzjJ/ZCmber8RXSwsH5vzHTuVVYeEDup7jjTnjdnoJosWAPAFSy+TIYpPXlU0m3YLJPM7pJB1 qmY=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17/12/2020 16:25, boris.ostrovsky@xxxxxxxxxx wrote:
> On 12/17/20 2:40 AM, Jan Beulich wrote:
>> On 17.12.2020 02:51, boris.ostrovsky@xxxxxxxxxx wrote:
>> I think this is acceptable as a workaround, albeit we may want to
>> consider further restricting this (at least on staging), like e.g.
>> requiring a guest config setting to enable the workaround. 
>
> Maybe, but then someone migrating from a stable release to 4.15 will have to 
> modify guest configuration.
>
>
>> But
>> maybe this will need to be part of the MSR policy for the domain
>> instead, down the road. We'll definitely want Andrew's view here.
>>
>> Speaking of staging - before applying anything to the stable
>> branches, I think we want to have this addressed on the main
>> branch. I can't see how Solaris would work there.
>
> Indeed it won't. I'll need to do that as well (I misinterpreted the statement 
> in the XSA about only 4.14- being vulnerable)

It's hopefully obvious now why we suddenly finished the "lets turn all
unknown MSRs to #GP" work at the point that we did (after dithering on
the point for several years).

To put it bluntly, default MSR readability was not a clever decision at all.

There is a large risk that there is a similar vulnerability elsewhere,
given how poorly documented the MSRs are (and one contemporary CPU I've
got the manual open for has more than 6000 *documented* MSRs).  We did
debate for a while whether the readability of the PPIN MSRs was a
vulnerability or not, before eventually deciding not.

Irrespective of what we do to fix this in Xen, has anyone fixed Solaris yet?

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.