[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZeBWcDEECqbDMqsb@duo.ucw.cz>
Date: Thu, 29 Feb 2024 11:03:28 +0100
From: Pavel Machek <pavel@....cz>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Michal Hocko <mhocko@...e.com>, Kees Cook <keescook@...omium.org>,
cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of
drmem array
On Thu 2024-02-29 09:35:28, Greg Kroah-Hartman wrote:
> On Thu, Feb 29, 2024 at 09:22:51AM +0100, Michal Hocko wrote:
> > On Wed 28-02-24 09:12:15, Kees Cook wrote:
> > > On Wed, Feb 28, 2024 at 01:04:14PM +0100, Michal Hocko wrote:
> > > > On Tue 27-02-24 10:35:40, Kees Cook wrote:
> > > > > On Mon, Feb 26, 2024 at 04:25:09PM +0100, Michal Hocko wrote:
> > > > [...]
> > > > > > Does that mean that any potentially incorrect input provided by an admin is
> > > > > > considered CVE now?
> > > > >
> > > > > Yes. Have you seen what USER_NS does? There isn't a way to know how
> > > > > deployments are using Linux, and this is clearly a "weakness" as defined
> > > > > by CVE. It is better to be over zealous than miss things.
> > > >
> > > > If we are over zealous to the point when almost any fix is marked CVE
> > > > then the special marking simply stops making any sense IMHO.
> > >
> > > Perhaps, but the volume of fixes is high, and I think it's better to
> > > over estimate than under estimate -- the work needed to actually
> > > evaluate all these changes is huge: it's better to take everything from
> > > -stable.
> >
> > This is simply not feasible for many downstream kernels and reasons have
> > been discussed many times.
>
> How does taking 10 patches differ from taking 200 patches? Your
> testing/infrastructure issues should be the same, right?
It is more work to review 200 patches than to review 10. As you would
know if you actually reviewed -stable patches or at least AUTOSEL
ones.
Pavel
--
People of Russia, stop Putin before his war on Ukraine escalates.
Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)
Powered by blists - more mailing lists