On Wed, May 03, 2023 at 08:34:33AM +0100, Lee Jones wrote: > On Tue, 02 May 2023, Sean Christopherson wrote: > > > On Wed, Apr 19, 2023, Lee Jones wrote: > > > On Wed, 21 Sep 2022, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > > > > > On Tue, Sep 20, 2022 at 06:19:26PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > > > On Tue, Sep 20, 2022 at 03:34:04PM +0000, Bhatnagar, Rishabh wrote: > > > > > > Gentle reminder to review this patch series. > > > > > > > > > > Gentle reminder to never top-post :) > > > > > > > > > > Also, it's up to the KVM maintainers if they wish to review this or not. > > > > > I can't make them care about old and obsolete kernels like 5.10.y. Why > > > > > not just use 5.15.y or newer? > > > > > > > > Given the lack of responses here from the KVM developers, I'll drop this > > > > from my mbox and wait for them to be properly reviewed and resend before > > > > considering them for a stable release. > > > > > > KVM maintainers, > > > > > > Would someone be kind enough to take a look at this for Greg please? > > > > > > Note that at least one of the patches in this set has been identified as > > > a fix for a serious security issue regarding the compromise of guest > > > kernels due to the mishandling of flush operations. > > > > A minor note, the security issue is serious _if_ the bug can be exploited, which > > as is often the case for KVM, is a fairly big "if". Jann's PoC relied on collusion > > between host userspace and the guest kernel, and as Jann called out, triggering > > the bug on a !PREEMPT host kernel would be quite difficult in practice. > > > > I don't want to downplay the seriousness of compromising guest security, but CVSS > > scores for KVM CVEs almost always fail to account for the multitude of factors in > > play. E.g. CVE-2023-30456 also had a score of 7.8, and that bug required disabling > > EPT, which pretty much no one does when running untrusted guest code. > > > > In other words, take the purported severity with a grain of salt. > > > > > Please could someone confirm or otherwise that this is relevant for > > > v5.10.y and older? > > > > Acked-by: Sean Christopherson <seanjc@xxxxxxxxxx> > > Thanks for taking the time to provide some background information and > for the Ack Sean, much appreciated. > > For anyone taking notice, I expect a little lag on this still whilst > Greg is AFK. I'll follow-up in a few days. What am I supposed to do here? The thread is long-gone from my stable review queue, is there some patch I'm supposed to apply? If so, can I get a resend with the proper acks added? thanks, greg k-h
