Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp953892lqp; Thu, 23 May 2024 05:17:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWZfraCTVR6GXjo6Qdg/bna95QQkZa1xS951j0d7DMSnYllP5uo1/r8MU8gPa8q+qhRrOe+7atIkE0etTQ+FOXjYmVZN5NaZ75FqrAR2g== X-Google-Smtp-Source: AGHT+IEGW0rZlJZxhwguy3hEQqWLL3/lJPCnB5sxW1mEHU/hr4bOnFJ0R4Z1Sl6c1ja5RUgyBiTs X-Received: by 2002:a17:90b:110d:b0:2bd:5deb:9d50 with SMTP id 98e67ed59e1d1-2bd9f5a26a0mr4977183a91.39.1716466670597; Thu, 23 May 2024 05:17:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716466670; cv=pass; d=google.com; s=arc-20160816; b=AkxT8osLAVnyhWPSnOnVebgSwwiKlCo4p3ib8uE+l9t9fC6PDlaalOLt1HODt6rqU4 6q9ejJYOtsGlEZ8iySKaq+b0aJjlfJeTw483UxWOPwRcvSU5EYpJ3JznMTTL3QhvctJi lWCU3PvMdM4YUn07tVHDYr+1+hm8KoBdwsBZo57CRIOqBmL+MrjUlOwVCTnE0qRdo4HZ 5h7kBUSs9aX/ZmmupC2ANd0+ptLzk19N73OsPtkkAOKVgwLTo0GOTbiEN2hta9CK+pmb 6zcw1CFB1d61L6p6aGM9Ro52kgKWRH4wTcgfAUBR7Oks8hoPp5MeD7ujOOvg0dfGEFhd 9waQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gcARjGF0JFCRc5pEREMY/U5C50UzRbX7x4su/Icsdi4=; fh=OehtMlhpj9CtSQ3vEVVtz2toBTYYCpBh7Qf3kduPaeM=; b=fiuYjYjFKKZIepoZf8XK3PMYq9N9xGiXfPS3o/mOpC+XVjS3PQDoQQUqCFpBhgyteh FtYAmbpM5g+5EvYqJwv6BULGU+pemo5YOY8eEKdGavx3bGnPwtbRn1+IVFAbxL0zbhiT 23/n/a9UOMfKkBiX/+TaCFqu6ACU1W/oetqQhFDtsv2WukDoxbybzlTEuGp9jGx0cncy 78DlwbZimoVPHB7v7I2PaSKFr4ZpMl+TiKHkeC4deOe+9hDQizvIUm6IoXIMMf1wVVeE 1eI5l2FdVfmFj7jSlVLkY/6oocxbOO7vIEwdhkZXCp4wftDegVSVyQ+f/CDRvH1wWkC5 Hnhw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AgdBCXcD; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-187458-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187458-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2be0088b2f9si93321a91.163.2024.05.23.05.17.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 05:17:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-187458-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AgdBCXcD; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-187458-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187458-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2A162283DE8 for ; Thu, 23 May 2024 12:17:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1D18713BC02; Thu, 23 May 2024 12:17:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="AgdBCXcD" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4223C1E481 for ; Thu, 23 May 2024 12:17:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716466657; cv=none; b=U8X578eHn7IgVIBlrtRJCM/wWS/pCtAYUuUx0JWucWoQAWCnU0fK1JxV+ddT4NOmiAGo+av+w4C/dQpHbgxa2RAk3oVc2wpGWA+dmoNVeBphJ1Z95yqcojc03YJoerEwrmkqFsjhR/zDkBT4Wjy63hbEvlyhueZKPxlgBYvyIB0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716466657; c=relaxed/simple; bh=kShS9kQyOqyj0DwymZCMdDwTAoPZdXCOAqKVdAJhs7s=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=M/FkAfoMet6LhwbTuBnbHLKE29VJmubcF+JhohIB8Xf+HJSvKXzHIYEtUEGSjGzm/d6K4bSCWCUmzezUJJmyNtz9srNkn5oyQFOnjONGYHtvmA5SIBHKTkgKOwY+0dI2/rJyfnvyFUoHhnaBLkVRXH6p3rICDHrjW+zUMJ7HMG4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=AgdBCXcD; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49B40C2BD10; Thu, 23 May 2024 12:17:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1716466656; bh=kShS9kQyOqyj0DwymZCMdDwTAoPZdXCOAqKVdAJhs7s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AgdBCXcD0rL5hM44PRnaWIAKiTB/01ku8nPMGsVjdAf9DooW9QgEREPI0cQzJ9WmF uR1oFOjJmUbpnPcrgFD0645cjomv+s2w0oHGu2tVk5gv+sJusRv+ZHdVn16ukVpM/T /3G2F5OhW3QuHJwDQTy5olTQ/kdP4Uw2xxcoFfFM= Date: Thu, 23 May 2024 14:17:34 +0200 From: Greg Kroah-Hartman To: Nikolay Borisov Cc: cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code Message-ID: <2024052310-undermost-cramp-5d81@gregkh> References: <2024051738-CVE-2024-35802-959d@gregkh> <2024052334-cable-serotonin-fa2b@gregkh> <5ea91ae6-091d-4378-950b-833561eef48c@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5ea91ae6-091d-4378-950b-833561eef48c@suse.com> On Thu, May 23, 2024 at 03:01:56PM +0300, Nikolay Borisov wrote: > > > On 23.05.24 г. 14:21 ч., Greg Kroah-Hartman wrote: > > Isn't crashing SEV guests a problem with "availability"? That term > > comes from the CVE definition of what we need to mark as a CVE, which is > > why this one was picked. > > But availability has never been one of the tenets of CoCo, in fact in > sev-snp/tdx the VMM is explicitly considered outside of the TCB so > availability cannot be guaranteed. This has nothing to do with CoCo (but really, ability of the host to crash the guest seems like it should be as I would assume that CoCo guests would want to be able to be run...) Official CVE definition of vulnerability from cve.org: An instance of one or more weaknesses in a Product that can be exploited, causing a negative impact to confidentiality, integrity, or availability; a set of conditions or behaviors that allows the violation of an explicit or implicit security policy. I think "able to crash SEV guests" is a direct weakness that has to do with availability here which is why I marked it as such (as did other reviewers.) Now if CoCo wants to claim it as part of their security implicit or explicit security policy, all the better :) thanks, greg k-h