Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp411804rwp; Wed, 12 Jul 2023 15:41:40 -0700 (PDT) X-Google-Smtp-Source: APBJJlES1cQaNKzTngPxla4D3NpQdkg/Dc30iSTOkO1MohmIiug0PgpYQwdzw5NJp50ew6HOrDZ4 X-Received: by 2002:a17:906:eceb:b0:988:d6ca:ea72 with SMTP id qt11-20020a170906eceb00b00988d6caea72mr20506274ejb.71.1689201700683; Wed, 12 Jul 2023 15:41:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689201700; cv=none; d=google.com; s=arc-20160816; b=wRddHUnQEbNLVNITYj+4tXwHJ0Og6F6AoovD+K3SCcIaQgda+hfyA6fls6kIChmsSo v+zdm1iHe9sshjDsBK+eD+QvTSsmdWmlkHH0HKtN9y56OJKGMnCIcSyedqrgz/nA6PwY Uu/3fFXVFVXwrZrOSlN6/iTEs+oIi+vmoZNVh73DCKqOFVzMIcmJLa5F5wLd4XqcJ49O hxBgsUcyZni3m1nBG+kIIl3H3GsMDAocKCyZ0+HsJdsHOUQYAPqI9eRtchWHOT6nD8Gz kpPmUSwN09Uqb6jAxfZviji67N/sunQlc01QK/S6BsVuLKmnnBYElgxo/kaoYJ/xfuIY l/Ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=nG5+aY8jlAPonLRUtX2xMc8Co0JLp4HTeLUDHmOfRRk=; fh=3gzP1eZ5yDOrzRLYR6lCJCTaeGADl97zVkcca2SUSSU=; b=XyCiRObwNtG5SkSFvrcUZFdzoyYJ1G+0AFVYoi4Z21JTWWCInw4IJsGm9wi2lnESD1 8HaKLzYLgtu5lWTUhYV2mDtvjj5jyzSqbxQD2caco3zvqxeRzWUNYS/BJbwtsL2pLASw TW6EoSOTPEfWfAKXRsNABhSMUbYEHkxdRHhDEm6hfvS9HHCVs9YC2otaNIlIfaDDzgXz 1m1cD7G1xQtA/BM2MlU4OZm17YZ5cDrhrJP6CT/5nx0YrVSfSlv/hn6WFBXsgUPbqtxo fIOiF35J9LsrRoRm2Jv93cA3GsHL5SIx9xGaD2dwlWTGfhrZSEDUvhpsH5k03C5o4ukM MZAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r15-20020a17090638cf00b0099331b3e790si5541395ejd.654.2023.07.12.15.41.16; Wed, 12 Jul 2023 15:41:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232116AbjGLVXN (ORCPT + 99 others); Wed, 12 Jul 2023 17:23:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229572AbjGLVXL (ORCPT ); Wed, 12 Jul 2023 17:23:11 -0400 Received: from 1wt.eu (ded1.1wt.eu [163.172.96.212]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 379531BF3 for ; Wed, 12 Jul 2023 14:23:09 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 36CLCxga009006; Wed, 12 Jul 2023 23:12:59 +0200 Date: Wed, 12 Jul 2023 23:12:59 +0200 From: Willy Tarreau To: Luca Boccassi Cc: Greg KH , Daniel =?iso-8859-1?Q?P=2E_Berrang=E9?= , Borislav Petkov , Emanuele Giuseppe Esposito , "H. Peter Anvin" , x86@kernel.org, Thomas Gleixner , lennart@poettering.net, Ingo Molnar , Dave Hansen , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage Message-ID: <20230712211259.GA8942@1wt.eu> References: <20230712132840.GKZK6qiK70m1O90jFL@fat_crate.local> <2023071200-unopposed-unbuckled-cde8@gregkh> <2023071239-progress-molasses-3b3d@gregkh> <2023071229-dusk-repacking-da3a@gregkh> <2023071226-crafty-deviator-12e2@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Wed, Jul 12, 2023 at 09:41:23PM +0100, Luca Boccassi wrote: > > Also note that "single identifiers for individual issues" do NOT work > > for kernel fixes (and arguably do not work for any other software > > project either) as they fail to properly describe things. > > > > Think about Meltdown, one "identifier" of a CVE, and hundreds of > > patches. What if you happened to not backport one of them? > > > > Same goes for the issue reported last week or so, tens of fixes, over > > multiple stable kernel releases, for one "identifier", how would you > > have classified that? > > > > Anyway, I've been over this loads before, giving whole talks about this, > > there's a reason the kernel developers don't mess with CVEs (i.e. > > individual identifiers), they fail to work. > > There is no 'single identifier for individual issues' nor CVE involved > here. The purpose of the generation id (which is per EFI component, > not per bug) is to let the boot process know whether an EFI component > should be accepted or rejected, in a way that doesn't exhaust nvram. > Issues are not individually singled out, and there is no direct > correlation with CVEs. It doesn't matter how many fixes there are, or > how many bugs, if a generation of a component is vulnerable in any way > that matters, then it gets denied. I refrained from chiming in but I'm really reading shocking stuff here, so please let me make a few comments based on some old experience. Several times in this thread you seemed to imply that there is "someone" or "something" that knows whether or not a kernel is absolutely vulnerable or absolutely trustable regarding a certain bug, when developers themselves only have an estimate about it, whose probability quickly fades away with the depth of backports. When I was in charge of extended 2.6.32 many years ago, the Debian kernel team helped me by occasionally sending me series of backports of fixes for issues I had missed, and fixes for backports I had failed. That's the principle of maintenance: adding incremental fixes that make the whole code better. With your process (OK you said it's not yours, but then why adopt it when it doesn't match the workflow of the software it tries to adapt to), how would we proceed ? "Let's bump this ID now that the new 2.6.32.233 has everything fixed". Or rather "let's *not* bump it because nobody knows how to backport this other stuff that's blocking the ID increment". Then once finally bumped, one month later we figure that the fixes were still incorrect due to important differences in the older branches, and have to be fixed again, so according to what I understand, we must then immediately revoke the current ID, that is also shared by upstream and all correctly fixed maintenance branches, and have to emit a new one for all branches at once even if the code didn't change, just because myself incompetent stable maintainer of the week-end failed to fix something non-obvious at once ? If so, I'm sorry but this is non-sense. There must be another approach to this or it was designed by someone having never met a bug in person! What I'm also wondering is, if in the end it turns out that only the distro has the skills to decide which kernel version is fixed and which one isn't (after all, it's the distro who chooses the config and the compiler, both are as much involved in bugs as the code itself), then why not make sort of a wrapper or an envelope around an existing kernel image, which provides this ID that the distro can freely choose, then transfer the control to the embedded kernel image ? This might give the distro the freedom to proceed as it wants with no cross-dependency on kernel branches. > > Pointing to an external document that is thousands of lines long, > > talking about bootloaders, is NOT a good way to get people to want to > > accept a kernel patch :) > > Then how about just asking for that? "Hello submitter, please send a > v2 with a detailed summary of the problem being solved for those of us > who are not familiar with it, thank you" Probably that there was a problem with process in the first place by which someone asks some maintainers to accept to merge, maintain and become responsible for breaking changes they disagree with, without having even being presented to them before being developed ? Regards, Willy