Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp183402lqb;
        Tue, 28 May 2024 12:17:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWJKJKSEBtNiRuSRxV+SV9oQqpXeRjLSPvxmnIOknQU8O23FKQHYLP7j0Byfa5ROT2m9ua9DvIKK8PzS0Mjkcl0gVWrzAhvrV9iHZpHCg==
X-Google-Smtp-Source: AGHT+IENstj/YRU4GeDf2sXVlOBnG3LO/3/lY5+9V454TO9DKGzDiGRVp1mtDkQXpDjM7uY3X1ma
X-Received: by 2002:ae9:ea08:0:b0:794:85c5:fcf5 with SMTP id af79cd13be357-794ab1242d9mr1270835985a.73.1716923875456;
        Tue, 28 May 2024 12:17:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716923875; cv=pass;
        d=google.com; s=arc-20160816;
        b=s7qoHMjjpwXuUUbHBFtdZ5NeLEcY1OqQD3SMpRmsRW42vAiPBvHfuPfMHGMxjnlIb2
         AevEFVtkbM7aVZwAj2iuLS0bIVL5Z+s+Mtc80Y4oEdIAP4bODP8jtWnatK++LIISkDVu
         XdgAnWEM/n9KyybYasQ2wys7oBDMxanwgiYpcsyxrL9h8EYR9IiqLR2qQ4Lly/JutcjK
         29wyes+SPbcPRQ8eRt8OrFU0X1gAzU2Ye22CQ35YKsBB0jBbGqeTVf2mLlhh8ndP2svh
         0dN0N9n6BZXO9Im0cYL7FBMZTRYBidHqcXQStIIEB9TmJnZk7lTTEGQzEsnK2mE49RsE
         1ZRw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=v85Iws7B4p3i+MvhYLPRQdMNSDQ6mZBmBosccOlew9M=;
        fh=QB02eDcez0s2K/unBlITfdBhy3b6mS8vxSqOJoJqyyo=;
        b=WGJ1IzkABNAJkj9420o9D0KP3EV57wXTo0BrFms4ZC1lVSTLS/gP/+AXT0eujuNDpv
         Y4F4r/jHZHUg2GicA1eV9nbP7RmXn+lHlDYfik/lvdVb4ABeNTsNpGfs0ieewSFr+mRY
         KAT65oBPIm3LpGn8zmDZPkyGlA1BtVAio/IRIqOMailREB/ZrPgbdERTrSxomuO+JKen
         7eSAslwgMVQZke6KlbJtqsZE+Nzkf1GWjNctBBKYvhvq6MdI4FK8KM07slHLtf4Tmpic
         6bqROAHjGwcw9nCNuvg3wXCj5TVLl08/spQK/35Gm3z54yewq2TkFQlx1losl7mXhk3O
         PImw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="J/LCwUPy";
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id af79cd13be357-794abcab9d1si1199021385a.53.2024.05.28.12.17.55
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 28 May 2024 12:17:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="J/LCwUPy";
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192921-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id BCD2F1C26BFC
	for <linux.lists.archive@gmail.com>; Tue, 28 May 2024 19:16:04 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 58722176FAE;
	Tue, 28 May 2024 19:08:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="J/LCwUPy"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B6CA174EE5;
	Tue, 28 May 2024 19:08:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716923298; cv=none; b=JIP6r1wDhi3hhJGkSxFAacAl0oykmJU1MRzhXtw1CYJ8ouOvPUAPrCKT2KM4nrXTJquQWOrDGj1ujVJNUqxxkuRs3IkitxtjQwh5iUmpc/baTNTYQ+FbR1SQEtNizrQOWeTxZLr1ILPt7Dops9hGjTmDMGTJJTH88nw39kny064=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716923298; c=relaxed/simple;
	bh=rBmJsC3tlJj0b/3feGRs8G87U9Ytom71szWqyOUqoDw=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=o29S48j+nTcc9ubdVFtbmAvhGpQ18xBgDgYR2cdgttW3ntWG6k3RPh9TuWcwARPKXI2QoOjp9N462riW7pKpTweje9LK7h9sA5VjI37VJNHChQn/Xt6QjjTEhJyM8G09dwVCYd97yykJuGSeIFcnqH7O/HNrlDjAPeGeZB+of5E=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=J/LCwUPy; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 018F6C3277B;
	Tue, 28 May 2024 19:08:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1716923298;
	bh=rBmJsC3tlJj0b/3feGRs8G87U9Ytom71szWqyOUqoDw=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=J/LCwUPyL2WBoKc70nb7fKrFT0/9KhAXJFpvafiAa0H+E2GCgZ84xKwLEhWgSqxEv
	 tuTIghJqks6QQdQzVqUVTUXojhPrWDCLPrCh5hoWFI/JuqQLowiGmgLMHOS3P/f8fs
	 IwtclGTfAhh47nUABPE1mTN65wo03yW6E6IB6Jwo=
Date: Tue, 28 May 2024 21:08:22 +0200
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Michal Hocko <mhocko@suse.com>
Cc: Nikolay Borisov <nik.borisov@suse.com>, cve@kernel.org,
	linux-kernel@vger.kernel.org, linux-cve-announce@vger.kernel.org
Subject: Re: CVE-2024-35802: x86/sev: Fix position dependent variable
 references in startup code
Message-ID: <2024052814-bubbly-ramp-2d8e@gregkh>
References: <2024051738-CVE-2024-35802-959d@gregkh>
 <b3a6ea47-8628-4edc-aee5-e5051955124a@suse.com>
 <ZlWbKDZh18KHTsgX@tiehlicka>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZlWbKDZh18KHTsgX@tiehlicka>

On Tue, May 28, 2024 at 10:51:52AM +0200, Michal Hocko wrote:
> On Thu 23-05-24 14:14:57, Nikolay Borisov wrote:
> [...]
> > I'd like to dispute this CVE since it doesn't constitute a security related
> > bug. Sure, it might crash a SEV guest during boot but it doesn't constitute
> > a security issue per-se.
> 
> Let me add analysis by Joerg here:
> : This is not a security issue. The patch works around clangs compiler behavior
> : where it inserts absolute references to kernel addresses. This breaks kernel
> : boot because at the time this code runs the kernel still runs direct-mapped and
> : needs to rely on RIP-relative addressing only.
> : 
> : Any breakage there would be detected at early boot of the kernel by a fatal
> : crash, which can not be exploited. Also, our kernels are not compiled with
> : clang, so from that perspective this is also not an issue for us either.
> 
> So this is a functional fix for clang builds.

Thanks for the review, now rejected.

greg k-h