DROPPED[K]: APPLIED: [SRU][v2][PATCH 0/2][j/gcp][k] sev-guest vulnerability fix + follow-up

Stefan Bader stefan.bader at canonical.com
Fri May 12 08:17:02 UTC 2023 

On 12.05.23 09:54, Stefan Bader wrote:
> On 12.05.23 07:53, Khaled Elmously wrote:
>> Thanks for the reviews!
>>
>> On 2023-05-11 03:23:54 , Khalid Elmously wrote:
>>>
>>> BugLink: https://bugs.launchpad.net/bugs/2013198
>>>
>>> "virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from 
>>> upstream 5.19 and
>>> it fixes a vulnerability in SEV-SNP but it also introduced its own 
>>> problem which was
>>> fixed in "virt/coco/sev-guest: Add throttling awareness" which was 
>>> merged upstream in 6.3
>>>
>>> Neither patch is present in the Jammmy (5.15) kernels - however, out 
>>> of the 5.15 kernels they are only needed in j/gcp as this is the only 
>>> 5.15 kernel that has SEV-SNP support.
>>>
>>> The first patch ("virt/sev-guest: Prevent IV reuse in the SNP guest 
>>> driver") is already present in the Kinetic (5.19) kernel - so only 
>>> the follow-up fix is needed there
>>>
>>> Lunar (6.2) kernels already contain both patches (the first is from 
>>> 5.19, the second came from linux-stable)
>>>
>>>
>>> Testing: Boot tested the patches in a SEV-SNP environment.
>>>
>>>
>>> v2:
>>>   - Include fixes for Kinetic (5.19) kernels
>>>   - Update 'backport' section with more detail
>>>
>>>
>>> Dionna Glaze (1):
>>>    virt/coco/sev-guest: Add throttling awareness
>>>
>>> Peter Gonda (1):
>>>    virt/sev-guest: Prevent IV reuse in the SNP guest driver
>>>
>>>   arch/x86/include/asm/sev-common.h     |  3 +-
>>>   arch/x86/kernel/sev.c                 |  4 +-
>>>   drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----
>>>   3 files changed, 83 insertions(+), 19 deletions(-)
>>>
>>> -- 
>>> 2.34.1
>>>
>>
> 
> I purged this from kinetic:linux. First, it was submitted after the 
> deadline and there was no communication why this should be treated with 
> priority. Second, it is the owner of the kernel (or the owners team) 
> that applies patches. Third, I am not convinced this is critical for 
> kinetic:linux. If it is then why not the same in jammy? For the upcoming 
> cycle this can be picked into kinetic:linux-gcp if it matters. For main 
> we should do it consistently, with reasoning and not sneaked in behind 
> our backs.
> 
OK, I missed some explanation in the original cover email. Which 
explains why not generic jammy. But still not quite sure how support and 
usage is in Kinetic. That should be clarified and then maybe can be 
picked up before actually preparing next cycle.
-- 
- Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230512/c4f3b28c/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230512/c4f3b28c/attachment-0001.sig>

More information about the kernel-team mailing list