Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp339045rbe;
        Thu, 29 Feb 2024 00:38:52 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCVh1zjUqJKUS6vSxZfuFzU+E7TFKuKKC88ZspUAMQaR5QydZ4PV68IqcItpVj/GbkwXsQI8fQMSN+Li0L2ACR60V+/eAc8NMVFC4b+bIA==
X-Google-Smtp-Source: AGHT+IHGks+r1zCGkNiSupb+IRRK6YHvjte3Uwp4zVhzoFyKd+YEAx/XXFEDqPMwOdoulzidEgWV
X-Received: by 2002:a05:6a00:198d:b0:6e4:e0e8:31ef with SMTP id d13-20020a056a00198d00b006e4e0e831efmr1917752pfl.2.1709195931998;
        Thu, 29 Feb 2024 00:38:51 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709195931; cv=pass;
        d=google.com; s=arc-20160816;
        b=UZ8mBZZbOgmfhZgZpK1HGiRHBrK8g6gcNHbkGam68y0GW6ZydGig2cdVPRmLEy8kdI
         1AzUkzGEcjGsj9FHhSxpo4SgEBZq+l/MfN9znYAbQGcCUZKqQuOFzbCHdJZKa3mlISlw
         mPKrru+2VjjijAbmV+bTTylvopmNMfh8Wl1gZTc+MmejACBUYF+2Mfs6HVrAhFfSYkir
         TO5hZMQyYHznVOMQPpoDHSRR1USDaIZWN2No9iz6/o0RPgu+6xqvgFULoEH9PDc3D5PR
         Mf4WUi2oSWXVeFhJ7FQcynCewjSHw+tkDtVO+SCWoiThQ4WbMGRdntqEmL0NG9zamtmf
         WYSA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=xJ1TNFtq8JpONsE323+tMmpxC+N0gJTvSK0hI2dojdM=;
        fh=iSYOzTYvNhlMz6vo8mAI3ebwcLv1axz7hByvioLKdM8=;
        b=p7qNsAF+slT7C/l9oC/GgJsQOrJhDrUSQO5t18w4zWghz/0UBMK4gB8Bu8KSPovkj8
         QFCCSOT7oybAp3U3wVVHw9XHG3Z88yDEtV7SE7Ci8uqzZMX/CzuCGoZLzKYxjUZrkDMw
         ko/F/KeEMHzjuXRlIHKsSBZlb7tUzS0dWEAMFwlDVNdTaTAAMJipMXSHpUIH9xDdJtgZ
         uvhdiTjWeibx/9B3R3r2Z4UHB8jf5BVSX/S1GY+5y7/lbupfRiemmXgaznSklvEfOxAo
         0o5F3VgbDOqJWCvrHCA2StAVGQpq9oI2/+0XDs3vu1AAAIcj3ft/+2XJV5AFkSNQnmxK
         53zw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fhH+vCXz;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id g4-20020a056a000b8400b006e50c117d77si909317pfj.363.2024.02.29.00.38.51
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Feb 2024 00:38:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fhH+vCXz;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86310-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id AF56E282965
	for <linux.lists.archive@gmail.com>; Thu, 29 Feb 2024 08:38:51 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B6AA150271;
	Thu, 29 Feb 2024 08:35:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="fhH+vCXz"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDEC950243
	for <linux-kernel@vger.kernel.org>; Thu, 29 Feb 2024 08:35:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709195731; cv=none; b=FtQ/w5iH/mjk3e2bcd5MWXPl6Rj5ILsnucvaF+H2VUfZG0PHwl3U8Mmrh9zH54HMzF5b3lP2S+QoRyKmq4HPZgYHsM1z6Xp+Q54ZS9Ppuxq/MXuNuzqoWqUIJ9Y9cZdwFujI/qtuvsP9msH64a76TEgeLSUb32QuKAHguoZdt6Q=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709195731; c=relaxed/simple;
	bh=fA1mNcf8ZmdJIOze7Z8GLbKIyNJJo7AAfgYikEFLClQ=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=kcXN8VTsYe+H587mIrEkw895OoHWWzpoEmgNb0HB3skDWjT4wgyZFs8LlXsaVGJRADhw6pANQWb2Sl5f0M+aBslG1m8l8u0oA/lf9WtNwS8+hcIIJ5VfFIm8Q9J1BpF+11L6w0P/3QDubEE/M07HN9kwLK/GNLXWRFJ0RatvmhY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=fhH+vCXz; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E63A9C43390;
	Thu, 29 Feb 2024 08:35:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1709195731;
	bh=fA1mNcf8ZmdJIOze7Z8GLbKIyNJJo7AAfgYikEFLClQ=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=fhH+vCXzbecbs+j3oZM1ubuJfKRIeZMX/7Xo8YwHFfGd8u/b/19JUiroRkWHP3TMO
	 StSxvanXRGK8WCUs2u/a9qyE1p9s+U3fDpYEyxj1HcLUJFsyNEA65k4NN08beO8YSn
	 bwNO9tqeSklYgAnlnPCgWm4RPWrn5epItXiAb+2g=
Date: Thu, 29 Feb 2024 09:35:28 +0100
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Michal Hocko <mhocko@suse.com>
Cc: Kees Cook <keescook@chromium.org>, cve@kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of
 drmem array
Message-ID: <2024022915-dissuade-grandson-ebd4@gregkh>
References: <2024022257-CVE-2023-52451-7bdb@gregkh>
 <Zdylmz28rZ-mCeiN@tiehlicka>
 <2024022639-wronged-grafted-6777@gregkh>
 <ZdytVTOgfvKBBvtn@tiehlicka>
 <202402271029.FD67395@keescook>
 <Zd8hPpP_6q_o8uQW@tiehlicka>
 <202402280906.D6D5590DB@keescook>
 <ZeA-281OudkWBhd_@tiehlicka>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZeA-281OudkWBhd_@tiehlicka>

On Thu, Feb 29, 2024 at 09:22:51AM +0100, Michal Hocko wrote:
> On Wed 28-02-24 09:12:15, Kees Cook wrote:
> > On Wed, Feb 28, 2024 at 01:04:14PM +0100, Michal Hocko wrote:
> > > On Tue 27-02-24 10:35:40, Kees Cook wrote:
> > > > On Mon, Feb 26, 2024 at 04:25:09PM +0100, Michal Hocko wrote:
> > > [...]
> > > > > Does that mean that any potentially incorrect input provided by an admin is
> > > > > considered CVE now?
> > > > 
> > > > Yes. Have you seen what USER_NS does? There isn't a way to know how
> > > > deployments are using Linux, and this is clearly a "weakness" as defined
> > > > by CVE. It is better to be over zealous than miss things.
> > > 
> > > If we are over zealous to the point when almost any fix is marked CVE
> > > then the special marking simply stops making any sense IMHO.
> > 
> > Perhaps, but the volume of fixes is high, and I think it's better to
> > over estimate than under estimate -- the work needed to actually
> > evaluate all these changes is huge: it's better to take everything from
> > -stable.
> 
> This is simply not feasible for many downstream kernels and reasons have
> been discussed many times.

How does taking 10 patches differ from taking 200 patches?  Your
testing/infrastructure issues should be the same, right?

And really, if you have the crazy requirement of "All CVEs must be
applied" then perhaps that needs to be revisited?  You are dictating
your business's processes to an external entity, is that wise?  And if
it is wise, why are you not able to handle it today?  Making it simpler
for you to consume these entries seems to be a better decision.  With
the changes we have made, you should be able to automatically determine
if you are affected or not, which is something that you did NOT have
before, so this might just be able to be automated, right?

> > This has been a long standing problem with communicating this
> > to engineering management in many organizations. They have pointed to
> > the relatively small number of CVEs and said, "just backport those
> > fixes", and trying to explain that it's is totally insufficient falls on
> > deaf ears.
> 
> I think it is fair to say/expect that every downstream is responsibile
> for the kernel they are distributing and that applies to vulnerabilities
> affecting those kernels. Forcing fixes by slapping CVE over them sounds
> just very dubious to me.

Not having CVEs assigned for things that can cause issues is dubious,
which is why we are doing this.  We can not determine use cases of our
code base, that is up to you as a distro to figure out, all we can do is
our best to call out "This might be something you want to take!" which
is what we are doing here.

Remember, we KNOW that people have been scraping our commit logs for
these types of things and using them in attacks for years.  At least
this way we are giving you a machine-parsable feed that gives you the
opportunity to make your kernels more secure than they previously were.

Why is that not a good thing?

thanks,

greg k-h