Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
       [not found] <2024051725-CVE-2023-52665-1d6f@gregkh>
@ 2024-05-20  7:04 ` Michael Ellerman
  2024-05-20  8:35   ` Geoff Levand
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Ellerman @ 2024-05-20  7:04 UTC (permalink / raw)
  To: cve, linux-kernel, linux-cve-announce
  Cc: Geoff Levand, Greg Kroah-Hartman, linuxppc-dev

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>
> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> that is incompatible with the current code for the PS3's LV1 hypervisor
> calls.
>
> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>
> Fixes run time errors like these:
>
>   BUG: Kernel NULL pointer dereference at 0x00000000
>   Faulting instruction address: 0xc000000000047cf0
>   Oops: Kernel access of bad area, sig: 11 [#1]
>   Call Trace:
>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>
> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.

IMHO this doesn't warrant a CVE. The crash mentioned above happens at
boot, so the system is not vulnerable it's just broken :)

cheers

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
  2024-05-20  7:04 ` CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Michael Ellerman
@ 2024-05-20  8:35   ` Geoff Levand
  2024-05-20  8:52     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Geoff Levand @ 2024-05-20  8:35 UTC (permalink / raw)
  To: Michael Ellerman, cve, linux-kernel, linux-cve-announce
  Cc: Greg Kroah-Hartman, linuxppc-dev

On 5/20/24 16:04, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
>> Description
>> ===========
>>
>> In the Linux kernel, the following vulnerability has been resolved:
>>
>> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>>
>> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
>> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
>> that is incompatible with the current code for the PS3's LV1 hypervisor
>> calls.
>>
>> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
>> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>>
>> Fixes run time errors like these:
>>
>>   BUG: Kernel NULL pointer dereference at 0x00000000
>>   Faulting instruction address: 0xc000000000047cf0
>>   Oops: Kernel access of bad area, sig: 11 [#1]
>>   Call Trace:
>>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>>
>> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> 
> IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> boot, so the system is not vulnerable it's just broken :)

As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
boot, so there is no chance of a vulnerability.

-Geoff


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
  2024-05-20  8:35   ` Geoff Levand
@ 2024-05-20  8:52     ` Greg Kroah-Hartman
  2024-05-20 23:47       ` Michael Ellerman
  0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2024-05-20  8:52 UTC (permalink / raw)
  To: Geoff Levand, Michael Ellerman, cve, linux-kernel,
	linux-cve-announce, linuxppc-dev

On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> On 5/20/24 16:04, Michael Ellerman wrote:
> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> Description
> >> ===========
> >>
> >> In the Linux kernel, the following vulnerability has been resolved:
> >>
> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >>
> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> calls.
> >>
> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >>
> >> Fixes run time errors like these:
> >>
> >>   BUG: Kernel NULL pointer dereference at 0x00000000
> >>   Faulting instruction address: 0xc000000000047cf0
> >>   Oops: Kernel access of bad area, sig: 11 [#1]
> >>   Call Trace:
> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >>
> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> > 
> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> > boot, so the system is not vulnerable it's just broken :)
> 
> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> boot, so there is no chance of a vulnerability.

The definition of "vulnerability" from CVE.org is:
	An instance of one or more weaknesses in a Product that can be
	exploited, causing a negative impact to confidentiality, integrity, or
	availability; a set of conditions or behaviors that allows the
	violation of an explicit or implicit security policy.

Having a system that does not boot is a "negative impact to
availability", which is why this was selected for a CVE.  I.e. if a new
kernel update has this problem in it, it would not allow the system to
boot correctly.

But, if the maintainer of the subsystem thinks this should not be
assigned a CVE because of this fix, we'll be glad to revoke it.

Michael, still want this revoked?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
  2024-05-20  8:52     ` Greg Kroah-Hartman
@ 2024-05-20 23:47       ` Michael Ellerman
  2024-05-21  7:04         ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Ellerman @ 2024-05-20 23:47 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Geoff Levand, cve, linux-kernel,
	linux-cve-announce, linuxppc-dev

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
>> On 5/20/24 16:04, Michael Ellerman wrote:
>> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
>> >> Description
>> >> ===========
>> >>
>> >> In the Linux kernel, the following vulnerability has been resolved:
>> >>
>> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
>> >>
>> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
>> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
>> >> that is incompatible with the current code for the PS3's LV1 hypervisor
>> >> calls.
>> >>
>> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
>> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
>> >>
>> >> Fixes run time errors like these:
>> >>
>> >>   BUG: Kernel NULL pointer dereference at 0x00000000
>> >>   Faulting instruction address: 0xc000000000047cf0
>> >>   Oops: Kernel access of bad area, sig: 11 [#1]
>> >>   Call Trace:
>> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
>> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
>> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
>> >>
>> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
>> > 
>> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
>> > boot, so the system is not vulnerable it's just broken :)
>> 
>> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
>> boot, so there is no chance of a vulnerability.
>
> The definition of "vulnerability" from CVE.org is:
> 	An instance of one or more weaknesses in a Product that can be
> 	exploited, causing a negative impact to confidentiality, integrity, or
> 	availability; a set of conditions or behaviors that allows the
> 	violation of an explicit or implicit security policy.
>
> Having a system that does not boot is a "negative impact to
> availability", which is why this was selected for a CVE.  I.e. if a new
> kernel update has this problem in it, it would not allow the system to
> boot correctly.

I think the key word above is "exploited", implying some sort of
unauthorised action.

This bug can cause the system to not boot, but only by someone who
builds a new kernel and installs it - and if they have permission to do
that they can just replace the kernel with anything, they don't need a
bug.

> But, if the maintainer of the subsystem thinks this should not be
> assigned a CVE because of this fix, we'll be glad to revoke it.
>
> Michael, still want this revoked?

Yes please.

cheers

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
  2024-05-20 23:47       ` Michael Ellerman
@ 2024-05-21  7:04         ` Greg Kroah-Hartman
  0 siblings, 0 replies; 5+ messages in thread
From: Greg Kroah-Hartman @ 2024-05-21  7:04 UTC (permalink / raw)
  To: Michael Ellerman
  Cc: Geoff Levand, cve, linuxppc-dev, linux-kernel, linux-cve-announce

On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote:
> >> On 5/20/24 16:04, Michael Ellerman wrote:
> >> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> >> >> Description
> >> >> ===========
> >> >>
> >> >> In the Linux kernel, the following vulnerability has been resolved:
> >> >>
> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
> >> >>
> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
> >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
> >> >> that is incompatible with the current code for the PS3's LV1 hypervisor
> >> >> calls.
> >> >>
> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
> >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.
> >> >>
> >> >> Fixes run time errors like these:
> >> >>
> >> >>   BUG: Kernel NULL pointer dereference at 0x00000000
> >> >>   Faulting instruction address: 0xc000000000047cf0
> >> >>   Oops: Kernel access of bad area, sig: 11 [#1]
> >> >>   Call Trace:
> >> >>   [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
> >> >>   [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
> >> >>   [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8
> >> >>
> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue.
> >> > 
> >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at
> >> > boot, so the system is not vulnerable it's just broken :)
> >> 
> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't
> >> boot, so there is no chance of a vulnerability.
> >
> > The definition of "vulnerability" from CVE.org is:
> > 	An instance of one or more weaknesses in a Product that can be
> > 	exploited, causing a negative impact to confidentiality, integrity, or
> > 	availability; a set of conditions or behaviors that allows the
> > 	violation of an explicit or implicit security policy.
> >
> > Having a system that does not boot is a "negative impact to
> > availability", which is why this was selected for a CVE.  I.e. if a new
> > kernel update has this problem in it, it would not allow the system to
> > boot correctly.
> 
> I think the key word above is "exploited", implying some sort of
> unauthorised action.
> 
> This bug can cause the system to not boot, but only by someone who
> builds a new kernel and installs it - and if they have permission to do
> that they can just replace the kernel with anything, they don't need a
> bug.
> 
> > But, if the maintainer of the subsystem thinks this should not be
> > assigned a CVE because of this fix, we'll be glad to revoke it.
> >
> > Michael, still want this revoked?
> 
> Yes please.

Now rejected, thanks all for the review!

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-05-21  7:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <2024051725-CVE-2023-52665-1d6f@gregkh>
2024-05-20  7:04 ` CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Michael Ellerman
2024-05-20  8:35   ` Geoff Levand
2024-05-20  8:52     ` Greg Kroah-Hartman
2024-05-20 23:47       ` Michael Ellerman
2024-05-21  7:04         ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).