Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1866131lqa;
        Tue, 30 Apr 2024 01:13:27 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCV+NFr7MOsL2DeMwOT/naLOxbNy3m0FvN6PY6FyXRnqVOZOOnetPmK/IjJA1N1Wxrshm46dJSW6qBKKV1E9uqDY1yiBrX2aBcfPMPIOOA==
X-Google-Smtp-Source: AGHT+IGv2FyiiqY4elzt/6SsC/t+jeotFvq35Z05MdAGuwyA3w1UJTMsGTTHo8A7oLNsUL+RluiO
X-Received: by 2002:a05:6a20:d489:b0:1ae:4264:a324 with SMTP id im9-20020a056a20d48900b001ae4264a324mr11669371pzb.11.1714464807325;
        Tue, 30 Apr 2024 01:13:27 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714464807; cv=pass;
        d=google.com; s=arc-20160816;
        b=baAiXoMh5CPsrEdhHB/9xo1PpuNHMtu1OrgmkTxzvLLb45aHBmbIOFzZMLmRkqiPoK
         KjZ0hr5iGDm5o+8dxJgknNvffHQyECbKuHrNSDa9DCyFXUTRkviSrLVcYDQduXhAy8qk
         8vUoRhIcUCABLcxnRT67gfCwo0LfTYML5iRN7LJLONGuBdnBoz2G7sYaet4z21WaoRnZ
         2JuPSOk1boHx9KAlYTiyiZ4Jy0FDYFxO5PVAyymXxz3YWoF9hcrAsLpNzbNv5sF7Gtgi
         5ULWIqSzrXHC/mGx+6mhV6+GKAPDOutWtm2n/988Kt2y1OUQi9bkk3p0cyeA2UjBwLM8
         /m0w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=TeHeA7q61fsRFWD7ptI7gU2MlGA3iy5hN2r4tEUKabE=;
        fh=AzIOTsnt2aAHw9CjIWsLFZ6V5eZ4rqgjfQ3b8cEzmg0=;
        b=rwH5PhccaAE0OntFb0Vcvc0cAwK6VGBnib942Cc9FZqbXv9/vpGWpWjvv9sX7O+J48
         INIRieb2lRZQi0JUDWxFhptUwPta9BoJh6aB9u7Oy+2Ujg7LnzLtQjGUzxhUTj18tBbu
         a2XuavsJITzI33hBkq160LAmv/F/HEnpdRmpTcgeEHgd0hosmE+EcyDVok6m/deAFd3F
         etmRnc75cBXpURmErYuBNBr8O3adsiMSR+srM+L8PJr1pHzBroNLhKhO0vwjxFI6Nsq+
         z7Ct9lw+EZA+FTZ69kj7h96QFCKsD4ApBQf414Wfvrmsk3Z5TmnmzAXZc5l4s/rjqRTX
         XPbA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZdFNT24o;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id fc19-20020a056a002e1300b006ecfc9da8c3si17315508pfb.49.2024.04.30.01.13.26
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 30 Apr 2024 01:13:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZdFNT24o;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163524-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id B8698B218AD
	for <linux.lists.archive@gmail.com>; Tue, 30 Apr 2024 08:13:19 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 23BAB51C21;
	Tue, 30 Apr 2024 08:13:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ZdFNT24o"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 480294596D;
	Tue, 30 Apr 2024 08:13:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714464793; cv=none; b=k8oj6b3391MsyjrBqivm4AeEJRI4XUN9nmIix/8p8vwAVcHtQ70v25TiUmAuHR3LjE0XKJM72BxmGo19Oe71OF7gRBxk2Fk8TFF0Yt9xoNGGH9XwVnixnHwuKIhmBnh6ptVaUsKG4tZLBI5dIwU84UGCMxaWPtbzoJL4frGHo+8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714464793; c=relaxed/simple;
	bh=RG0T0GpJn5SyORYbgKj2g8xDw+yLsyU+TPPL+oj+/BA=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=OA958Paq6VvG65t7hQC0EvmFGInxEsjjjZT/lwesva/uaBkHVRBIy15Z1RtKbNjLGRxjSX27AIxbEFopGjjVduKxX9Q6p9bZdrPmsWgXWA8EaVLrTVRHLIIoFbsijpfjK8Bf5Iq577Ckf7HT4P13tGaqwDcnRNup9qC078If6Lk=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ZdFNT24o; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7AE05C2BBFC;
	Tue, 30 Apr 2024 08:13:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1714464792;
	bh=RG0T0GpJn5SyORYbgKj2g8xDw+yLsyU+TPPL+oj+/BA=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=ZdFNT24o+/buP6b6XxEHP1L/lh4DtFUpAxUlcu9mSQmMFi8Bz3koxffh2/upbLvfl
	 IvVYxA6aKUeCGLHgEPeTcX3aakMh90BIcrX48DKYWFEeT9dsJbC1Gwr7V7xpNIbGEU
	 gueAgL7+xPR0oquk4J4DifBYHF7mRkqrHf7qmjto=
Date: Tue, 30 Apr 2024 10:13:10 +0200
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Michal =?iso-8859-1?Q?Koutn=FD?= <mkoutny@suse.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
	linux-cve-announce@vger.kernel.org,
	Breno =?iso-8859-1?Q?Leit=E3o?= <leitao@debian.org>,
	Tejun Heo <tj@kernel.org>
Subject: Re: CVE-2023-52630: blk-iocost: Fix an UBSAN shift-out-of-bounds
 warning
Message-ID: <2024043053-campsite-refining-1c3c@gregkh>
References: <2024040219-CVE-2023-52630-a529@gregkh>
 <7x4ufwbvk4wmhag66rstdpbm4f2iplyc2l66cl7i2wl5nfh2tm@uxc425y2kfno>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <7x4ufwbvk4wmhag66rstdpbm4f2iplyc2l66cl7i2wl5nfh2tm@uxc425y2kfno>

On Fri, Apr 26, 2024 at 07:34:45PM +0200, Michal Koutn? wrote:
> On Tue, Apr 02, 2024 at 08:22:20AM +0200, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> > Description
> > ===========
> > 
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > blk-iocost: Fix an UBSAN shift-out-of-bounds warning
> > 
> > When iocg_kick_delay() is called from a CPU different than the one which set
> > the delay, @now may be in the past of @iocg->delay_at leading to the
> > following warning:
> > 
> >   UBSAN: shift-out-of-bounds in block/blk-iocost.c:1359:23
> >   shift exponent 18446744073709 is too large for 64-bit type 'u64' (aka 'unsigned long long')
> >   ...
> >   Call Trace:
> >    <TASK>
> >    dump_stack_lvl+0x79/0xc0
> >    __ubsan_handle_shift_out_of_bounds+0x2ab/0x300
> >    iocg_kick_delay+0x222/0x230
> >    ioc_rqos_merge+0x1d7/0x2c0
> >    __rq_qos_merge+0x2c/0x80
> >    bio_attempt_back_merge+0x83/0x190
> >    blk_attempt_plug_merge+0x101/0x150
> >    blk_mq_submit_bio+0x2b1/0x720
> >    submit_bio_noacct_nocheck+0x320/0x3e0
> >    __swap_writepage+0x2ab/0x9d0
> > 
> > The underflow itself doesn't really affect the behavior in any meaningful
> > way; however, the past timestamp may exaggerate the delay amount calculated
> > later in the code, which shouldn't be a material problem given the nature of
> > the delay mechanism.
> 
> The worst implication is unfair or slowed IO but that can't be
> quantified given empirical implementation of the delay mechanism.
> 
> > If @now is in the past, this CPU is racing another CPU which recently set up
> > the delay and there's nothing this CPU can contribute w.r.t. the delay.
> 
> This means the user has limited control (with noise) over such
> placements.
> 
> > Let's bail early from iocg_kick_delay() in such cases.
> > 
> > The Linux kernel CVE team has assigned CVE-2023-52630 to this issue.
> 
> Based on the above I don't think this fix deserves CVE tracking. Shall
> it be rejected?

Makes sense, thanks for looking into this, and sorry for the delay.  Now
rejected.

greg k-h