On 14/07/2020 09:20, speck for Greg KH wrote: > On Tue, Jul 14, 2020 at 10:14:09AM +0200, speck for Greg KH wrote: >> On Tue, Jul 14, 2020 at 09:03:41AM +0100, speck for Andrew Cooper wrote: >>> On 14/07/2020 06:57, speck for Greg KH wrote: >>>> Also, why is this being sent to speck? What is wrong with the normal >>>> development process? >>> This has a CVE attached to it, and an embargo in November (both of which >>> ought to be more clear in the email and/or commit message IMO). >> That was totally not obvious, how were we supposed to guess that? Clearly need to improve our divination skills... (It is part of the bundle of issues for the next IPU.) >>> Researchers have demonstrated a power analysis side-channel to recover >>> keys from the AES-NI instructions, usable by unprivileged userspace >>> given these world-usable perms. >> Ok, then why send this to us now, why not just submit this to upstream >> at the proper time when the embargo expires? Why do we now need to sit >> on this for the next 4 fricken months? > And why sit on this at all anyway? The companion CVE, for a malicious kernel attacking SGX with this mechanism, needs a microcode change, which is why they are bundled together. ~Andrew