Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1791582rbb;
        Tue, 27 Feb 2024 00:51:55 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCWEFuG624NL24ZC2wgsrTz8vTvptsqjIcYYK6d+LHfncwVJVDGNimT7NefLlL/zhQ+j0OM5ZMwpzScz3gJpkBq7YQCjuP5ZBCD28N0y+w==
X-Google-Smtp-Source: AGHT+IHE6dgtV+xogD/gBqxwctmK+FEuxrosPZBbu8sZ2WQ+pcqlyUWhf1QHQZSwed1IDn5DFQC6
X-Received: by 2002:a0c:dd06:0:b0:68f:e87e:6be5 with SMTP id u6-20020a0cdd06000000b0068fe87e6be5mr1626903qvk.39.1709023915121;
        Tue, 27 Feb 2024 00:51:55 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709023915; cv=pass;
        d=google.com; s=arc-20160816;
        b=iEqt8TaHJlw7InSLZnzXwFfSA5aL/WUho7WeSsPqXGC29eZWyM4OZSZ0nANW1OMAgR
         ob5kNEyYbAAY3Xkp4HhdD+e0FwvDwc6tkprR4AYwC4BhOHesxxVxbminJO/EbIxUUVbi
         N0gpXXPAyp/83ES5CYZx1bWVvNXZsUg6tK2/FypBSoumrd3peMDNiwBq2Tsz4Z1LDPEB
         nz4dDXH4mB6SirY6FLyfnOlDgcxOje8M3uMgJn5zU4BfmsKxxa9nbi7tUdSLyN+DW/j4
         oicCTrGYuz++uRaqF1uTCbfAGdZYAlGyrZMP/DxMe9t+ynBG4knxWcj1Z5sK9kS39ltI
         5p/A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature:dkim-signature;
        bh=evwipRZQ70ZzKL4/OITcrRUSm3xAO+gUHyRjxqANGug=;
        fh=IttrF9+fpapMwLRth9UKTw3/L5OSV4gVOfG12EJ91Gs=;
        b=gRGUfwVzgVol+KPY3qNpxLNtVfLQAO+R9VDKWCujngshu9sYNU/egKVGn3grUX0rrA
         K2wRLjvSi/ljBvU9M/5cvU1JvcBmOlXOLnd0EWya14yex7RxI0kCsBmliyynkBhwwpJy
         XphaawNzuHLJfpHNKuuKsk4lX19KZHmmgYKtJx5yXT4itYrH/94MybgECk3199qDFvFJ
         kI+48aXXRmkMeuigoNEzTn+TWA/MM9anaPj6q+FJYDgfHaTcnSvamYUuQAjp/SIxhrlj
         SlOfkPT9CaaAuP5kc0LYZ97NoqESQOZX06Pe2i0FJRVfOme4F1pVRBMcZegpYMvLLhq1
         Z4ug==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kFfHqR3u;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kFfHqR3u;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id 1-20020a0562140d4100b0069019d520fdsi2164652qvr.252.2024.02.27.00.51.54
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 27 Feb 2024 00:51:55 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kFfHqR3u;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kFfHqR3u;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82889-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id DAD121C22139
	for <linux.lists.archive@gmail.com>; Tue, 27 Feb 2024 08:51:54 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 43399130AFA;
	Tue, 27 Feb 2024 08:51:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="kFfHqR3u";
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="kFfHqR3u"
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 760E612FF61
	for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2024 08:51:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709023906; cv=none; b=ctxxzoUBGZKkzkudgkReA3j0GQpKUZTl06eT4f8JwwaxIaQw15JjCPhNjUa5zeWmocjLdsC4FTKEcV7x/Z+IMy4MNjebmz0jlHqstaVLypeOoAkTotnA8J6DYfpofAF5/xNEzPXSTGXBSQ4cwZzO+UrbbzlHTnhiP89t5Ztw8HI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709023906; c=relaxed/simple;
	bh=CSDI6mafTkU7ve9xzNnR+5Tgow2PQP5GkHltM0IvTkA=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=etjDQHfy798TWGMQHQmozTx5pPIDlRgF10wucClr4P2MgYE3w/3yKoEDY7paokwV+RYnC7H9KwIuWO8Na+uJUYic53myBWk06D0BUbigmYnfdBGT3uXpaPixwBMDipvpDJYqmQKNrAGXomGrQ/SJCllvVv4aCK0s9f7EjOtxVko=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=kFfHqR3u; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=kFfHqR3u; arc=none smtp.client-ip=195.135.223.131
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 9218A1F449;
	Tue, 27 Feb 2024 08:51:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1709023902; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=evwipRZQ70ZzKL4/OITcrRUSm3xAO+gUHyRjxqANGug=;
	b=kFfHqR3u/ANrbNjSeX8LDy6/m2Pj/Ad2fLhGb3lII2MM7NVvZUB2sDBmzSseR1KzkJFpkl
	d2bSywR2hMVvi2VyNpeakmxU8NHqpme9aZgq+QQArfP+7yfnGJ05heJSsstAa2PQ0EI7Go
	gh0tDDE0jUTrLPqAKBsJvZaiPTyj8Ow=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1709023902; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=evwipRZQ70ZzKL4/OITcrRUSm3xAO+gUHyRjxqANGug=;
	b=kFfHqR3u/ANrbNjSeX8LDy6/m2Pj/Ad2fLhGb3lII2MM7NVvZUB2sDBmzSseR1KzkJFpkl
	d2bSywR2hMVvi2VyNpeakmxU8NHqpme9aZgq+QQArfP+7yfnGJ05heJSsstAa2PQ0EI7Go
	gh0tDDE0jUTrLPqAKBsJvZaiPTyj8Ow=
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 8600513A58;
	Tue, 27 Feb 2024 08:51:42 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id dp5uIJ6i3WVGaQAAD6G6ig
	(envelope-from <mhocko@suse.com>); Tue, 27 Feb 2024 08:51:42 +0000
Date: Tue, 27 Feb 2024 09:51:38 +0100
From: Michal Hocko <mhocko@suse.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Michael Ellerman <mpe@ellerman.id.au>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of
 drmem array
Message-ID: <Zd2imtvvKrHY9LAA@tiehlicka>
References: <2024022257-CVE-2023-52451-7bdb@gregkh>
 <Zdylmz28rZ-mCeiN@tiehlicka>
 <2024022639-wronged-grafted-6777@gregkh>
 <ZdytVTOgfvKBBvtn@tiehlicka>
 <2024022652-defective-fretful-3d13@gregkh>
 <Zdy-KbmSt0egNV3c@tiehlicka>
 <2024022750-treble-wish-b009@gregkh>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2024022750-treble-wish-b009@gregkh>
Authentication-Results: smtp-out2.suse.de;
	none
X-Spam-Level: 
X-Spam-Score: -0.69
X-Spamd-Result: default: False [-0.69 / 50.00];
	 ARC_NA(0.00)[];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[4];
	 TO_DN_SOME(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 MIME_GOOD(-0.10)[text/plain];
	 NEURAL_SPAM_SHORT(2.91)[0.972];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 RCVD_COUNT_THREE(0.00)[3];
	 DKIM_SIGNED(0.00)[suse.com:s=susede1];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 MID_RHS_NOT_FQDN(0.50)[];
	 RCVD_TLS_ALL(0.00)[];
	 BAYES_HAM(-3.00)[100.00%]
X-Spam-Flag: NO

[Let me add Michael as PPC maintainer - the thread starts with
http://lkml.kernel.org/r/2024022257-CVE-2023-52451-7bdb@gregkh]

On Tue 27-02-24 06:14:45, Greg KH wrote:
> On Mon, Feb 26, 2024 at 05:36:57PM +0100, Michal Hocko wrote:
[...]
> > All that being said I dispute the issue fixed here has any more security
> > relevance than allowing untrusted user to control memory hotplug which
> > could easily result in DoS of the system.
> 
> Ok, I traced this call back, and here is the callpath, starting with a
> write to the the 'dlpar' sysfs file (conviently NOT documented in
> Documentation/ABI, and it looks like it violates the "one value per
> file" rule...)
> 	dlpar_store()
> 	handle_dlpar_errorlog()
> 	dlpar_memory()
> 	dlpar_memory_remove_by_index()
> 
> Yes, the kernel by default sets 'dlpar' to 0644, BUT that means that
> root in a container can cause this use-after-free to happen, or if the
> permissions are changed by userspace, or if you are in "lockdown mode",
> or if you want to attempt the crazy "confidential computing" model, or
> if you have a system which root is possible for some things by normal
> users (there are lots of different security models out there...)

This is all nice but please do realize that if you allow access to to
memory hotremove to any untrusted entity (be it a root in container or
by changing access permissions) then the machine is in a serious
resource management control trouble already and that is a security
threat already.

> Yes, I will argue that making the sysfs file writable by userspace is
> out of our control, but what is in our control is the fact that there is
> a out-of-bounds write that is fixed here, and we don't want those to be
> able to be triggered by anyone as that is a weakness in our codebase.

Yes, and that is why the fix is good and nobody disputes that. What I am
actually trying to drill down to is whether this is an actual security
threat worth assigning a CVE or it is just yet-anothing-pointless-CVE we
were so used to with the old process.

> That is what has caused the CVE to be created here, not the fact that
> root can remove memory as that's the normal expected operation to have
> happen here.
>
> However if the maintainer of the code here disputes this, we are more
> than willing to mark this invalid and reject the CVE.

Michael, do you see any real security risk being addressed by
bd68ffce69f6 ("powerpc/pseries/memhp: Fix access beyond end of drmem
array").

Thanks!
-- 
Michal Hocko
SUSE Labs