NACK/Cmnt: [SRU][J][PATCH 0/2] sev-guest vulnerability fix + follow-up
Stefan Bader
stefan.bader at canonical.com
Thu Mar 30 07:52:23 UTC 2023
On 30.03.23 06:56, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/2013198
>
> "virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from upstream 5.19 and it fixes a vulnerability in SEV-SNP but it also introduced its own problem which was fixed in "virt/coco/sev-guest: Add throttling awareness" which is being currently merged upstream in 6.3
>
> Separate patch(es) will be sent for Kinetic and possibly Lunar if needed.
>
>
> Testing: Boot tested the patches in a SEV environment.
>
>
> Dionna Glaze (1):
> virt/coco/sev-guest: Add throttling awareness
>
> Peter Gonda (1):
> virt/sev-guest: Prevent IV reuse in the SNP guest driver
>
> arch/x86/include/asm/sev-common.h | 3 +-
> arch/x86/kernel/sev.c | 4 +-
> drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----
> 3 files changed, 83 insertions(+), 19 deletions(-)
>
Rejected for the following reasons:
- the bug report is against linux-oracle, the submission for linux
- from my reading this is NOT optional for Kinetic and Lunar
- also from my understanding of the issue I don't think a "simplified"
approach without understanding where this comes from is acceptable
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230330/cca16172/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230330/cca16172/attachment-0001.sig>
More information about the kernel-team
mailing list