Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp965557lqp; Thu, 23 May 2024 05:38:54 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXzkYoJv/3CXx/lIHle7XANpQoPr7+0Mq+oKOe+hp2ThowACJXT2oACAMUnttAqr9TGS1VXCGD5GN6ExPDK033hdzi2grCGrQrRBLvy3Q== X-Google-Smtp-Source: AGHT+IHm2+wd4FqxpQ9KLhJlqhzOuQQHIOwcSlr8pN0fnbLy0lDKCPYXW5A1XqOee3RE8AMJCl1b X-Received: by 2002:a17:906:cc12:b0:a59:dba0:1544 with SMTP id a640c23a62f3a-a623e96ac6emr172481666b.31.1716467934134; Thu, 23 May 2024 05:38:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716467934; cv=pass; d=google.com; s=arc-20160816; b=b4YR5G54RzhDNClByR8am03FTgsY2zHixBuSpqLkIkkUOVYyd20j6rPyiCxxRyfiKY tBRiiNJuLQrTs2RSNteEhqKw0hCrdbjfMudjQDQUT+UHV5dKOxXQ6Uqe0Yz3NXiPgL32 fn3y0XPR6nYFLJP8XCdON0os9s68mRrJ836klnsBcF9eHHEEjCT2J1eUXzculaEoqknM ulSn4+t1mWGkjMBJw6BIiHDbM+Gz+kXlQD+BJL0yOZIb5a55IAlReS0gzn0hycayVDgY Xhjxpg4ToN0urXFtBkJa4gstXAD91hglzILigduINbPgjqi5Jx7dqxnrm+808aMRZt1W wxzg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Eu25B8vVZ8JrBVU67sg6qwUiSgtC+++iSHmUSrnjNt4=; fh=OehtMlhpj9CtSQ3vEVVtz2toBTYYCpBh7Qf3kduPaeM=; b=bvwshdbe9qH4Ba7aJuo7vqkMm+xcu6cDk63+IBequawoVTnfxT7tm/35NfN0GE1R1e +3Mk9Y/qT1QFRDwz1pfI/TCr2X0JpPAnUQJjMC2VcidNJiR2JpYSAtStvNK69qwqWPdG dvoULiR3I0NlN2gBi33RwT2QWpb9dAvYHJqVzlbxehxnhiBzM9mmg2IBOcTzCkNVZLU0 wtbpYe0TNu5mto+2I1TWVG6RGu/kxlG3vYkJF/KETMn9x9CJEYg4OhZnmtvj5QRIUkvS Abi17z8GMlcVUAE7pwyJ+KvPKA2eUSXEywa2j3t7H4QCvUqNWiYSJ9BkbFykx0RKqajs a1Tw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yvy4Ocf6; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-187481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a17c2c388si1680100166b.1035.2024.05.23.05.38.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 05:38:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-187481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yvy4Ocf6; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-187481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D8A721F21952 for ; Thu, 23 May 2024 12:38:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E6EF71487E0; Thu, 23 May 2024 12:38:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="yvy4Ocf6" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 203FD13B7AB for ; Thu, 23 May 2024 12:38:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716467927; cv=none; b=Cx8ZxFlYkS36lNe0v7TqnlOIgZtp0iQ8AEPX/k2gk8lAz72D9+ygVheP+rGgifu5n1iM6ZX7ac+9fle5lld4OOZMUtMhrZ0yBmLwdC9x31EGQVMZN+UybVkJVn2YR9wC/HUpYtAA6CEQvLHnU0XRYM/aU5qwHEF2wSjLNmevc7o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716467927; c=relaxed/simple; bh=m00Q3ogbphRbhlXUK4PkU1xACqq/hZrQhWigS4xsD7A=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=t6dkJmse71yYoyeifQ3ccGvEDooZjK22EzzJJYC1jH78LAnD+mGEavXnjm8raD89TaMnU4rwNpobM/T4GZCZBSJ3ECqB5rlM0ZRHR+zddV8VycOctGam6pL8fDSa5Vs0nwPvdDoDtJaR6zkLoBdh6r0qwS8nNznzumcEEu5Wcn4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=yvy4Ocf6; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53ECEC2BD10; Thu, 23 May 2024 12:38:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1716467926; bh=m00Q3ogbphRbhlXUK4PkU1xACqq/hZrQhWigS4xsD7A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yvy4Ocf6rkI7K5TOcE8CiQ99FdXJqCnLKq3ijRr7nMDPtbT2LMkffHL6Emc0w6T3Y h9ZHet2yJlfPLdazLAI5NIT5hcwa4eNt0/wX6NIBqWOdK986cYIUP79aCJu21lzRAV Dz/omRVcYG18yk+nI5ezmNwUQzk2bNo3t+kJN2x8= Date: Thu, 23 May 2024 14:38:44 +0200 From: Greg Kroah-Hartman To: Nikolay Borisov Cc: cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code Message-ID: <2024052327-cider-finance-d040@gregkh> References: <2024051738-CVE-2024-35802-959d@gregkh> <2024052334-cable-serotonin-fa2b@gregkh> <5ea91ae6-091d-4378-950b-833561eef48c@suse.com> <2024052310-undermost-cramp-5d81@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, May 23, 2024 at 03:21:05PM +0300, Nikolay Borisov wrote: > > > On 23.05.24 г. 15:17 ч., Greg Kroah-Hartman wrote: > > On Thu, May 23, 2024 at 03:01:56PM +0300, Nikolay Borisov wrote: > > > > > > > > > On 23.05.24 г. 14:21 ч., Greg Kroah-Hartman wrote: > > > > Isn't crashing SEV guests a problem with "availability"? That term > > > > comes from the CVE definition of what we need to mark as a CVE, which is > > > > why this one was picked. > > > > > > But availability has never been one of the tenets of CoCo, in fact in > > > sev-snp/tdx the VMM is explicitly considered outside of the TCB so > > > availability cannot be guaranteed. > > > > This has nothing to do with CoCo (but really, ability of the host to > > crash the guest seems like it should be as I would assume that CoCo > > guests would want to be able to be run...) > > > > Official CVE definition of vulnerability from cve.org: > > An instance of one or more weaknesses in a Product that can be > > exploited, causing a negative impact to confidentiality, integrity, or > > I don't see how this is exactly "explotaible" i.e if a guest is run and it > crashes during bootup it simply won't run. Can this be considered active > exploitation of an issue? Isn't preventing a guest from running something that causes a lack of avaiability? Again, that's why we picked this commit, it keeps the system from working properly as expected. thanks, greg k-h