Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
On Tue, May 21, 2024 at 09:47:33AM +1000, Michael Ellerman wrote: > Greg Kroah-Hartman writes: > > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote: > >> On 5/20/24 16:04, Michael Ellerman wrote: > >> > Greg Kroah-Hartman writes: > >> >> Description > >> >> === > >> >> > >> >> In the Linux kernel, the following vulnerability has been resolved: > >> >> > >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 > >> >> > >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian > >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way > >> >> that is incompatible with the current code for the PS3's LV1 hypervisor > >> >> calls. > >> >> > >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is > >> >> not set' > >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. > >> >> > >> >> Fixes run time errors like these: > >> >> > >> >> BUG: Kernel NULL pointer dereference at 0x > >> >> Faulting instruction address: 0xc0047cf0 > >> >> Oops: Kernel access of bad area, sig: 11 [#1] > >> >> Call Trace: > >> >> [c23039e0] [c100ebfc] ps3_create_spu+0xc4/0x2b0 > >> >> (unreliable) > >> >> [c2303ab0] [c100d4c4] create_spu+0xcc/0x3c4 > >> >> [c2303b40] [c100eae4] ps3_enumerate_spus+0xa4/0xf8 > >> >> > >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. > >> > > >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at > >> > boot, so the system is not vulnerable it's just broken :) > >> > >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't > >> boot, so there is no chance of a vulnerability. > > > > The definition of "vulnerability" from CVE.org is: > > An instance of one or more weaknesses in a Product that can be > > exploited, causing a negative impact to confidentiality, integrity, or > > availability; a set of conditions or behaviors that allows the > > violation of an explicit or implicit security policy. > > > > Having a system that does not boot is a "negative impact to > > availability", which is why this was selected for a CVE. I.e. if a new > > kernel update has this problem in it, it would not allow the system to > > boot correctly. > > I think the key word above is "exploited", implying some sort of > unauthorised action. > > This bug can cause the system to not boot, but only by someone who > builds a new kernel and installs it - and if they have permission to do > that they can just replace the kernel with anything, they don't need a > bug. > > > But, if the maintainer of the subsystem thinks this should not be > > assigned a CVE because of this fix, we'll be glad to revoke it. > > > > Michael, still want this revoked? > > Yes please. Now rejected, thanks all for the review! greg k-h
Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
Greg Kroah-Hartman writes: > On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote: >> On 5/20/24 16:04, Michael Ellerman wrote: >> > Greg Kroah-Hartman writes: >> >> Description >> >> === >> >> >> >> In the Linux kernel, the following vulnerability has been resolved: >> >> >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 >> >> >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian >> >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way >> >> that is incompatible with the current code for the PS3's LV1 hypervisor >> >> calls. >> >> >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is >> >> not set' >> >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. >> >> >> >> Fixes run time errors like these: >> >> >> >> BUG: Kernel NULL pointer dereference at 0x >> >> Faulting instruction address: 0xc0047cf0 >> >> Oops: Kernel access of bad area, sig: 11 [#1] >> >> Call Trace: >> >> [c23039e0] [c100ebfc] ps3_create_spu+0xc4/0x2b0 >> >> (unreliable) >> >> [c2303ab0] [c100d4c4] create_spu+0xcc/0x3c4 >> >> [c2303b40] [c100eae4] ps3_enumerate_spus+0xa4/0xf8 >> >> >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. >> > >> > IMHO this doesn't warrant a CVE. The crash mentioned above happens at >> > boot, so the system is not vulnerable it's just broken :) >> >> As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't >> boot, so there is no chance of a vulnerability. > > The definition of "vulnerability" from CVE.org is: > An instance of one or more weaknesses in a Product that can be > exploited, causing a negative impact to confidentiality, integrity, or > availability; a set of conditions or behaviors that allows the > violation of an explicit or implicit security policy. > > Having a system that does not boot is a "negative impact to > availability", which is why this was selected for a CVE. I.e. if a new > kernel update has this problem in it, it would not allow the system to > boot correctly. I think the key word above is "exploited", implying some sort of unauthorised action. This bug can cause the system to not boot, but only by someone who builds a new kernel and installs it - and if they have permission to do that they can just replace the kernel with anything, they don't need a bug. > But, if the maintainer of the subsystem thinks this should not be > assigned a CVE because of this fix, we'll be glad to revoke it. > > Michael, still want this revoked? Yes please. cheers
Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
On Mon, May 20, 2024 at 05:35:32PM +0900, Geoff Levand wrote: > On 5/20/24 16:04, Michael Ellerman wrote: > > Greg Kroah-Hartman writes: > >> Description > >> === > >> > >> In the Linux kernel, the following vulnerability has been resolved: > >> > >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 > >> > >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian > >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way > >> that is incompatible with the current code for the PS3's LV1 hypervisor > >> calls. > >> > >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is > >> not set' > >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. > >> > >> Fixes run time errors like these: > >> > >> BUG: Kernel NULL pointer dereference at 0x > >> Faulting instruction address: 0xc0047cf0 > >> Oops: Kernel access of bad area, sig: 11 [#1] > >> Call Trace: > >> [c23039e0] [c100ebfc] ps3_create_spu+0xc4/0x2b0 > >> (unreliable) > >> [c2303ab0] [c100d4c4] create_spu+0xcc/0x3c4 > >> [c2303b40] [c100eae4] ps3_enumerate_spus+0xa4/0xf8 > >> > >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. > > > > IMHO this doesn't warrant a CVE. The crash mentioned above happens at > > boot, so the system is not vulnerable it's just broken :) > > As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't > boot, so there is no chance of a vulnerability. The definition of "vulnerability" from CVE.org is: An instance of one or more weaknesses in a Product that can be exploited, causing a negative impact to confidentiality, integrity, or availability; a set of conditions or behaviors that allows the violation of an explicit or implicit security policy. Having a system that does not boot is a "negative impact to availability", which is why this was selected for a CVE. I.e. if a new kernel update has this problem in it, it would not allow the system to boot correctly. But, if the maintainer of the subsystem thinks this should not be assigned a CVE because of this fix, we'll be glad to revoke it. Michael, still want this revoked? thanks, greg k-h
Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
On 5/20/24 16:04, Michael Ellerman wrote: > Greg Kroah-Hartman writes: >> Description >> === >> >> In the Linux kernel, the following vulnerability has been resolved: >> >> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 >> >> Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian >> builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way >> that is incompatible with the current code for the PS3's LV1 hypervisor >> calls. >> >> This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not >> set' >> to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. >> >> Fixes run time errors like these: >> >> BUG: Kernel NULL pointer dereference at 0x >> Faulting instruction address: 0xc0047cf0 >> Oops: Kernel access of bad area, sig: 11 [#1] >> Call Trace: >> [c23039e0] [c100ebfc] ps3_create_spu+0xc4/0x2b0 >> (unreliable) >> [c2303ab0] [c100d4c4] create_spu+0xcc/0x3c4 >> [c2303b40] [c100eae4] ps3_enumerate_spus+0xa4/0xf8 >> >> The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. > > IMHO this doesn't warrant a CVE. The crash mentioned above happens at > boot, so the system is not vulnerable it's just broken :) As Greg says, with PPC64_BIG_ENDIAN_ELF_ABI_V2 enabled the system won't boot, so there is no chance of a vulnerability. -Geoff
Re: CVE-2023-52665: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
Greg Kroah-Hartman writes: > Description > === > > In the Linux kernel, the following vulnerability has been resolved: > > powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 > > Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian > builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way > that is incompatible with the current code for the PS3's LV1 hypervisor > calls. > > This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not > set' > to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used. > > Fixes run time errors like these: > > BUG: Kernel NULL pointer dereference at 0x > Faulting instruction address: 0xc0047cf0 > Oops: Kernel access of bad area, sig: 11 [#1] > Call Trace: > [c23039e0] [c100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable) > [c2303ab0] [c100d4c4] create_spu+0xcc/0x3c4 > [c2303b40] [c100eae4] ps3_enumerate_spus+0xa4/0xf8 > > The Linux kernel CVE team has assigned CVE-2023-52665 to this issue. IMHO this doesn't warrant a CVE. The crash mentioned above happens at boot, so the system is not vulnerable it's just broken :) cheers