NACK/Cmnt: [SRU][J][PATCH 0/2] sev-guest vulnerability fix + follow-up

[Stefan Bader]

On 30.03.23 06:56, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/2013198
> 
> "virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from upstream 5.19 and it fixes a vulnerability in SEV-SNP but it also introduced its own problem which was fixed in "virt/coco/sev-guest: Add throttling awareness" which is being currently merged upstream in 6.3
> 
> Separate patch(es) will be sent for Kinetic and possibly Lunar if needed.
> 
> 
> Testing: Boot tested the patches in a SEV environment.
> 
> 
> Dionna Glaze (1):
>    virt/coco/sev-guest: Add throttling awareness
> 
> Peter Gonda (1):
>    virt/sev-guest: Prevent IV reuse in the SNP guest driver
> 
>   arch/x86/include/asm/sev-common.h     |  3 +-
>   arch/x86/kernel/sev.c                 |  4 +-
>   drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----
>   3 files changed, 83 insertions(+), 19 deletions(-)
> 

Rejected for the following reasons:

- the bug report is against linux-oracle, the submission for linux
- from my reading this is NOT optional for Kinetic and Lunar
- also from my understanding of the issue I don't think a "simplified"
   approach without understanding where this comes from is acceptable

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230330/cca16172/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230330/cca16172/attachment-0001.sig>