Received: by 2002:ab2:3b09:0:b0:1ed:14ea:9113 with SMTP id b9csp80464lqc; Thu, 29 Feb 2024 10:51:33 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUsBOu7fpAmYAvz6x76ptbuwcWoTwuQ5/5BIjXwfQYHm7aKeLVfoH7ACWyBc6/ztisdbmsnp8UD90eqf2jLfbzE195ax1crrBpReLQ2rw== X-Google-Smtp-Source: AGHT+IFjUnU1TgMozhUhsq14NqTx97nxLIHkwHoSnVoq17ffeEgQBWB1zuqCENektCkDTYK9+FPn X-Received: by 2002:a05:6a00:2d17:b0:6e5:419d:52be with SMTP id fa23-20020a056a002d1700b006e5419d52bemr4053159pfb.18.1709232693640; Thu, 29 Feb 2024 10:51:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709232693; cv=pass; d=google.com; s=arc-20160816; b=RthhoI0fdAXQcUnrafJoet8QYLGPfTcEQxChK9PwX4513A+2sNfm2SxNhEXYG06cg5 qH5BOLU5oXfAfyoVS7eTOY/ImpXt6efaY1SIdNmQgnfOnSCdT+OYOS3Il2PsDKY4i9J8 8aZLFhSkTBXpXyuFpItf1egzNpUnWFi0TlvGKe8Kl/5mX5Kq0qigPa+EzPpNXGXTqP3r 5cNJHCNM/cL/h8TIIuX3z/FfBWwjvzK+3/IGSpNzMZJqxoGx/P/C8B+PFgKGKw5s8OH3 BF2biovekk8Q775MvPgRNlEVLTxmlXdQ5KzKGFL8wquObpmmju3t9sTeAYoGo3/vkdda WGLA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=30tQFhlNouaqpaqO7Nz7svVM2SC3PdEhR/a1/OntGnY=; fh=reOEs3E6T04Rar+ZY3qUtpFEYKeVWBJ9wyXXLU8jSFA=; b=OldqbGUYmszbQFcbXejfiA1SMc2uLOCtvORyR7pXfKwNU2aw4Y6V/jgnqEB4p/AHam iQSb6rCH50CCiVD58keJyythZBvVWFKelpSCsDNNvtB7jdS5KfN38Lb6F7etsWDWBadJ gzz0cBDyek4x8UvGHuONKN1nC9WiA+I/mkDE1oZqx4jmxOe0B9OEIxFrSSLvVHwEqnly hBuixZER4/aysqiqmQ6w+xN3hsEjCF9oCy0kMG5/2wTc+aTlDkwIRIp3oEoj4xeKhaMM 7+XUHXYVsZ3csafvzy5K6BijqcFkk0ebFjy2buMgLzdTVnHmLtolzb9hngJiTHV+loDa oYcA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="AWAYiH/P"; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-87297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-87297-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id o25-20020a637319000000b005d7a13d0be6si1889615pgc.232.2024.02.29.10.51.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 10:51:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-87297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="AWAYiH/P"; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-87297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-87297-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 0C087B24480 for ; Thu, 29 Feb 2024 18:32:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 55E5953362; Thu, 29 Feb 2024 18:32:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="AWAYiH/P" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F370A5F for ; Thu, 29 Feb 2024 18:32:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709231546; cv=none; b=PITQ/K7YvbmBVc5T/FOTQsWBgUVHBWQO/NFQDg6RmrkRxbhP7nyUG7XbGd4CsLGqA+fRd5+ONidV5AlPqSGBMphgQnvzvzt2QWiP2z6Ni1Y/0EOkOeRJzeDYDvy+m6oTOh6h6sPoERW+kHUM1FPMY85Rsh2s4sXMkGD2dB16ML4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709231546; c=relaxed/simple; bh=I7vjq8D0UgYUMe8/HQRvVmc5kyQ5OOYyCXZ9U4I/8D8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=LhhwZHEtKWg0mnsiC1OYL8M0xRtQTVcKgwYp6DB/NuOqr0H8mp2/wEPfkhdvywgrApBM7sARibpNj9GcyB/4m045vAXnGp1Jfxc7GjFg64y0cu1pKIxI+vcmI47weWVjv/H981dCrtBpv2ZBqDOTMkxYIMUMqD/O/ALt34dy9+w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=AWAYiH/P; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A12F4C433C7; Thu, 29 Feb 2024 18:32:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1709231546; bh=I7vjq8D0UgYUMe8/HQRvVmc5kyQ5OOYyCXZ9U4I/8D8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AWAYiH/PQut2skLZ8XCRAr0I8uT5bjx3jRmddyxIHLc/PFwHBB6X6wau+NBzxcBFq 8HJuxggmFKxG/bKP/oIvY5EA0IMAjtgjdpcodJvqxHtD8LkBxcpV5GrzdK7UA6OVvD bdG8EZIEZCieJIF+7bJt9PXFPeuHAgFwhdZ8owZE= Date: Thu, 29 Feb 2024 19:32:21 +0100 From: Greg Kroah-Hartman To: Jiri Kosina Cc: Sasha Levin , Michal Hocko , Kees Cook , cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array Message-ID: <2024022905-pester-emphatic-9ff0@gregkh> References: <202402280906.D6D5590DB@keescook> <2024022915-dissuade-grandson-ebd4@gregkh> <2024022913-borrower-resource-ecc9@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Feb 29, 2024 at 06:36:08PM +0100, Jiri Kosina wrote: > On Thu, 29 Feb 2024, Jiri Kosina wrote: > > > - you pointed to a fix for UAF in BPF, which definitely is a good fix to > > have, I don't even dispute that CVE is justified in this particular > > case. What I haven't yet seen though how this connects to in my view > > rather serious 'trivial to get root' statement > > To elaborate on this a little bit more -- I completely agree that this fix > is completely in-line with what Kees is, in my view, quite nicely > describing at [1]. You pointed to a weakness (for which a fix *is* in our > queue), sure. > > But I see a HUGE leap from "fixes a weakness" to bold, aggressive and in > my view exaggerating statements a-la "I am able to trivially pwn any > kernel which is not -stable". {sigh} I do not mean _any_ enterprise kernel, I said "most", some I did not find any problems with at all that I could tell. This was true the last time I did this exercise about 9 or so months ago for a presentation, and hey, it might have changed since then, I sure hope so for everyone's sake. Sorry, I will NOT say what distros I did, or did not, find vunerable. That's not my place to say here in public for obvious reasons, but I'm more than willing to discuss it over drinks in-person anytime. thanks, greg k-h