[SRU][Jammy/Lunar/Mantic/OEM-6.5][PATCH 0/3] CVE-2023-46813

Stefan Bader stefan.bader at canonical.com
Fri Dec 1 13:58:18 UTC 2023 

On 01.12.23 14:15, Magali Lemes wrote:
> [Impact]
> An issue was discovered in the Linux kernel before 6.5.9, exploitable by local
> users with userspace access to MMIO registers. Incorrect access checking in the
> #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses
> could lead to arbitrary write access to kernel memory (and thus privilege
> escalation). This depends on a race condition through which userspace can
> replace an instruction before the #VC handler reads it.
> 
> [Backport]
> Clean cherry-picks.
> 
> [Test]
> Compile and boot tested.
> 
> [Regression potential]
> Limited to the users of AMD's SEV-ES feature.
> 
> Borislav Petkov (AMD) (1):
>    x86/sev: Disable MMIO emulation from user mode
> 
> Joerg Roedel (2):
>    x86/sev: Check IOBM for IOIO exceptions from user-space
>    x86/sev: Check for user-space IOIO pointing to kernel space
> 
>   arch/x86/boot/compressed/sev.c | 10 +++++++
>   arch/x86/kernel/sev-shared.c   | 53 ++++++++++++++++++++++++++++------
>   arch/x86/kernel/sev.c          | 30 +++++++++++++++++++
>   3 files changed, 84 insertions(+), 9 deletions(-)
> 

I know you meant well but the result (submission) now is giving me 
headaches. The claim here is that all are cherry picks. I assume the 
number of patches sent mean that only git can but when using patch / git 
am it does not work that easily.
Instead of now sending a wild mix of patches with permutations of series 
for which to apply to (which are hard to review and likely also give 
some pain when applying because each has to be carefully checked) I 
would suggest for the future two options:

1. prepare sets of series to apply but next to each other. So 1-3 are 
mantic/oem-6.5, 4-6 are lunar, and 7-9 are jammy. You could state in the 
cover email that they are near identical (for the reviewer) and just 
repeated for application.

2. Or you note in the cover email that all are cherry picks which will 
need a little wiggle when applying to older series. And send only the 
1-3 for the most recent series where
cherry pick is most likely really clean.

For this time lets try to go ahead as is and see how hard it gets.
-- 
- Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20231201/24f4fc8d/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20231201/24f4fc8d/attachment-0001.sig>

More information about the kernel-team mailing list