From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C8E8C43334 for ; Fri, 17 Jun 2022 16:28:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383274AbiFQQ2t (ORCPT ); Fri, 17 Jun 2022 12:28:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230144AbiFQQ2q (ORCPT ); Fri, 17 Jun 2022 12:28:46 -0400 Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6DBE441F9F for ; Fri, 17 Jun 2022 09:28:44 -0700 (PDT) Received: by mail-pl1-x630.google.com with SMTP id y6so4328475plg.0 for ; Fri, 17 Jun 2022 09:28:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=ikdZWQajtcXHyKH9cwfe1WfBf7z5hZlJ5ctRUGfamlg=; b=bKOqTm4VHtoh+tNs1+zszHl4qT0YMrNAovePO+NULfamQiOqwVXuW1ln4Bh/4sKdg0 cXGRAf02ro+LfrtUjyEvIJ8kgm0ihYvyksME03mbgpmFBvPrCeOwvSFy27O14i6EDfBb qmJmtctX4Dp/Djfs7qZDcEaw85XVtdDf1wPxsF8ddJ1UXcuevlDnld5OMTw6qOhWdEXe wB+0CoejzSloI3rmuMW/4ZmyOhQWfWc05l9xlSBjQXdGTHA7scPn/f8qaaIzkclLsSaT xhZjNKq1t7QNzRvCIgNsNn55ViSkKG+k50D+hlZrYOUIdBeds9EMX0EceU6RLhnp6FmE 842A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=ikdZWQajtcXHyKH9cwfe1WfBf7z5hZlJ5ctRUGfamlg=; b=TVuw4bDib4Ln5oBnb1zEJpKe/6B/Xvpo86/lmwVSSmjBycZ0NZamrzw1/xNH0Zms/2 SZkbRaLkprfy20gs2/cn3KvgyhkAyXj3b4mV6nw8US7PzmWnm/+Y/mYA2X4pn4exckkM P+gtRcWUySLYTQjuOAdYMcovw5He9ODUl+n5zq+NDManEcWH5uXOxADEl/HSW+CsaZFA cn3WXBu1oT47Vvq4EKe4LXzA+SSVbCGFYVRi8RYIBQsuVVh2lWO20VjOHEoR2vWPp9vG gZYpzvOBUkF0a4fSWX/wKPhEvO7n06+Uh2rhogesfH39lkirI8qAtxpHZQ9PzZ9azHXo +I+g== X-Gm-Message-State: AJIora9kRrXxmlpHuKcHk91yK8+0EjWE0x/tgjYuu5SZF6BwA+KdP2WS OiMHORhnGaZZwqdIzxns/I0OrQ== X-Google-Smtp-Source: AGRyM1uxx3rxCTzmjYp2x2InU4H6kqXPbe9/j3UBIM4H5kEze44ULSzDQhVLhvnKHdaDYluwfj0+MQ== X-Received: by 2002:a17:902:efc6:b0:167:8177:60a7 with SMTP id ja6-20020a170902efc600b00167817760a7mr10319625plb.110.1655483323741; Fri, 17 Jun 2022 09:28:43 -0700 (PDT) Received: from google.com (123.65.230.35.bc.googleusercontent.com. [35.230.65.123]) by smtp.gmail.com with ESMTPSA id a11-20020a056a001d0b00b00518895f0dabsm3877205pfx.59.2022.06.17.09.28.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Jun 2022 09:28:43 -0700 (PDT) Date: Fri, 17 Jun 2022 16:28:39 +0000 From: Sean Christopherson To: Red Hat Product Security Cc: mingo@redhat.com, bp@alien8.de, pgn@zju.edu.cn, pbonzini@redhat.com, wanpengli@tencent.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, kangel@zju.edu.cn, syzkaller@googlegroups.com, jmattson@google.com, vkuznets@redhat.com, dave.hansen@linux.intel.com, linux-sgx@vger.kernel.org, jarkko@kernel.org, joro@8bytes.org, hpa@zytor.com Subject: Re: 'WARNING in vcpu_enter_guest' bug in arch/x86/kvm/x86.c:9877 Message-ID: References: <25270242.531.1655475119097@app133160.ycg3.service-now.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <25270242.531.1655475119097@app133160.ycg3.service-now.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 17, 2022, Red Hat Product Security wrote: > Hello! > > INC2131147 ('WARNING in vcpu_enter_guest' bug in arch/x86/kvm/x86.c:9877) is pending your review. > > Opened for: pgn@zju.edu.cn > Followers: Paolo Bonzini, seanjc@google.com, Vitaly Kuznetsov, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, Ingo Molnar, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, jarkko@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sgx@vger.kernel.org, kangel@zju.edu.cn, syzkaller@googlegroups.com > > Mauro Matteo Cascella updated your request with the following comments: > > Hi Sean, >  Thanks for the fix: https://github.com/torvalds/linux/commit/423ecfea77dda83823c71b0fad1c2ddb2af1e5fc [https://github.com/torvalds/linux/commit/423ecfea77dda83823c71b0fad1c2ddb2af1e5fc]. > Is this CVE worthy? As /dev/kvm is world accessible and unprivileged users could trigger the bug IIUC. We (Red Hat) can assign one if needed. IMO, it's not CVE worthy. Unprivileged users can trigger the bug, but the bug itself is not harmful to the system at large, only to that user's VM/workload. The splat is a WARN_ON_ONCE() so it won't spam the kernel log. panic_on_warn would be problematic, but assigning a CVE for every WARN seems excessive.