From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-pg0-f66.google.com ([74.125.83.66]:38022 "EHLO
        mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752510AbeEOUm3 (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 15 May 2018 16:42:29 -0400
Received: by mail-pg0-f66.google.com with SMTP id n9-v6so549029pgq.5
        for <stable@vger.kernel.org>; Tue, 15 May 2018 13:42:29 -0700 (PDT)
Subject: Re: ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
To: "Schmauss, Erik" <erik.schmauss@intel.com>,
        Greg KH <gregkh@linuxfoundation.org>
Cc: "Moore, Robert" <robert.moore@intel.com>,
        stable <stable@vger.kernel.org>,
        Seunghun Han <kkamagui@gmail.com>,
        "Wysocki, Rafael J" <rafael.j.wysocki@intel.com>,
        kernel-team <kernel-team@android.com>
References: <7ee79f5f-22dd-e637-1414-76e3d0715c4a@android.com>
 <20180510065519.GC25873@kroah.com>
 <CF6A88132359CE47947DB4C6E1709ED539DB20B0@ORSMSX110.amr.corp.intel.com>
 <20180511052355.GA2902@kroah.com>
 <CF6A88132359CE47947DB4C6E1709ED539DDF3E8@ORSMSX110.amr.corp.intel.com>
From: Mark Salyzyn <salyzyn@android.com>
Message-ID: <2f9345ae-9b20-0a8f-f63c-36967a684e30@android.com>
Date: Tue, 15 May 2018 13:42:26 -0700
MIME-Version: 1.0
In-Reply-To: <CF6A88132359CE47947DB4C6E1709ED539DDF3E8@ORSMSX110.amr.corp.intel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 05/15/2018 10:36 AM, Schmauss, Erik wrote:
>>>> But I'm going to push back on this.  The kernel security team said
>>>> something like "this is crazy, if you control ACPI tables you have
>>>> bigger problems" when this bug was reported and told the developer
>>>> to just submit this as a normal code cleanup.
>>>>
>>>> Granting this a CVE was, in my opinion, a total mistake as well.
>>>> This doesn't fix any "real" problem that anyone can hit in the wild
>>>> from what I can tell.  And again, if you can modify ACPI tables,
>>>> there are much bigger problems you can cause on the hardware.
>>> Agreed. Could we somehow close this CVE?
>> Please do, you can submit a request for it to be rejected on the main CVE site
>> somewhere.  I've done it once in the past.
> Ok. I'll do this.

Thanks!

Please do the same for CVE-2017-13694 (not in Linus' tree) as well as 
this one CVE-2017-13695 (in Linus' tree) as they are both associated 
with crafted ACPI tables.

I am rescinding my request to have these in stable for security concerns.

> If the AML is correct, it's fine. Almost all OEMs use ASL compilers like iASL to ensure
> correctness of ASL/AML.
That probably is enough to push back on stable, really an academic 
defence in depth measure.
>
> This patch might be nice to have for when users wish to alter their ACPI tables by hand
> and those altered ACPI tables cause this memory leak. If you wish to account for
> memory leaks that result from these hand-crafted AML files, then you should add this
> patch. Otherwise, it's not necessary.
Linus' tree has this, should deal with those advanced developers/users 
that wish to alter their ACPI tables by hand? The leak is probably a 
smaller issue than what can happen if someone decides to adjust them by 
hand ;-}


-- Mark