Re: XSA-351 causing Solaris-11 systems to panic during boot.

[Jan Beulich <jbeulich@xxxxxxxx>]

On 21.12.2020 17:21, boris.ostrovsky@xxxxxxxxxx wrote:
> 
> On 12/21/20 3:21 AM, Jan Beulich wrote:
>> On 18.12.2020 21:43, boris.ostrovsky@xxxxxxxxxx wrote:
>>> Can we do something like KVM's ignore_msrs (but probably return 0 on reads 
>>> to avoid leaks from the system)? It would allow to deal with cases when a 
>>> guest is suddenly unable to boot after hypervisor update (especially from 
>>> pre-4.14). It won't help in all cases since some MSRs may be expected to be 
>>> non-zero but I think it will cover large number of them. (and it will 
>>> certainly do what Jan is asking above but will not be specific to this 
>>> particular breakage)
>> This would re-introduce the problem with detection (by guests) of certain
>> features lacking suitable CPUID bits. Guests would no longer observe the
>> expected #GP(0), and hence be at risk of misbehaving. Hence at the very
>> least such an option would need to be per-domain rather than (like for
>> KVM) global,
> 
> 
> Yes, of course.
> 
> 
>>  and use of it should then imo be explicitly unsupported.
> 
> 
> Unsupported or not recommended? There are options that are not recommended 
> from security perspective but they are still supported. For example, 
> `spec-ctrl=no` (although it's a global setting)

"Security unsupported", i.e. use of it causing what might look like
a security issue would not get an XSA.

Jan