Re: [PATCH 0/9] KVM backports to 5.10

[Lee Jones <lee@kernel.org>]

On Thu, 04 May 2023, Bhatnagar, Rishabh wrote:

> 
> On 5/3/23 6:10 PM, gregkh@linuxfoundation.org wrote:
> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> > 
> > 
> > 
> > On Wed, May 03, 2023 at 08:34:33AM +0100, Lee Jones wrote:
> > > On Tue, 02 May 2023, Sean Christopherson wrote:
> > > 
> > > > On Wed, Apr 19, 2023, Lee Jones wrote:
> > > > > On Wed, 21 Sep 2022, gregkh@linuxfoundation.org wrote:
> > > > > 
> > > > > > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@linuxfoundation.org wrote:
> > > > > > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote:
> > > > > > > > Gentle reminder to review this patch series.
> > > > > > > Gentle reminder to never top-post :)
> > > > > > > 
> > > > > > > Also, it's up to the KVM maintainers if they wish to review this or not.
> > > > > > > I can't make them care about old and obsolete kernels like 5.10.y.  Why
> > > > > > > not just use 5.15.y or newer?
> > > > > > Given the lack of responses here from the KVM developers, I'll drop this
> > > > > > from my mbox and wait for them to be properly reviewed and resend before
> > > > > > considering them for a stable release.
> > > > > KVM maintainers,
> > > > > 
> > > > > Would someone be kind enough to take a look at this for Greg please?
> > > > > 
> > > > > Note that at least one of the patches in this set has been identified as
> > > > > a fix for a serious security issue regarding the compromise of guest
> > > > > kernels due to the mishandling of flush operations.
> > > > A minor note, the security issue is serious _if_ the bug can be exploited, which
> > > > as is often the case for KVM, is a fairly big "if".  Jann's PoC relied on collusion
> > > > between host userspace and the guest kernel, and as Jann called out, triggering
> > > > the bug on a !PREEMPT host kernel would be quite difficult in practice.
> > > > 
> > > > I don't want to downplay the seriousness of compromising guest security, but CVSS
> > > > scores for KVM CVEs almost always fail to account for the multitude of factors in
> > > > play.  E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling
> > > > EPT, which pretty much no one does when running untrusted guest code.
> > > > 
> > > > In other words, take the purported severity with a grain of salt.
> > > > 
> > > > > Please could someone confirm or otherwise that this is relevant for
> > > > > v5.10.y and older?
> > > > Acked-by: Sean Christopherson <seanjc@google.com>
> > > Thanks for taking the time to provide some background information and
> > > for the Ack Sean, much appreciated.
> > > 
> > > For anyone taking notice, I expect a little lag on this still whilst
> > > Greg is AFK.  I'll follow-up in a few days.
> > What am I supposed to do here?  The thread is long-gone from my stable
> > review queue, is there some patch I'm supposed to apply?  If so, can I
> > get a resend with the proper acks added?
> > 
> > thanks,
> > 
> > greg k-h
> 
> Yeah its been half a year since i sent this series and i had mostly
> forgotten about this.
> Sure i can resend a new version with acks/tested-by added.

Thank you Rishabh.

Please can you ensure that you Cc me on it please. 

-- 
Lee Jones [李琼斯]