historical-speck.lore.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH] Raffle 0
Date: Tue, 14 Jul 2020 10:44:07 +0200	[thread overview]
Message-ID: <20200714084407.GB1168379@kroah.com> (raw)
In-Reply-To: <a9d62b17-ef88-cb9b-6e97-be65478b94b7@citrix.com>

On Tue, Jul 14, 2020 at 09:36:47AM +0100, speck for Andrew Cooper wrote:
> On 14/07/2020 09:20, speck for Greg KH wrote:
> > On Tue, Jul 14, 2020 at 10:14:09AM +0200, speck for Greg KH wrote:
> >> On Tue, Jul 14, 2020 at 09:03:41AM +0100, speck for Andrew Cooper wrote:
> >>> On 14/07/2020 06:57, speck for Greg KH wrote:
> >>>> Also, why is this being sent to speck?  What is wrong with the normal
> >>>> development process?
> >>> This has a CVE attached to it, and an embargo in November (both of which
> >>> ought to be more clear in the email and/or commit message IMO).
> >> That was totally not obvious, how were we supposed to guess that?
> Clearly need to improve our divination skills...
> (It is part of the bundle of issues for the next IPU.)

I don't know what "IPU" means :(

> >>> Researchers have demonstrated a power analysis side-channel to recover
> >>> keys from the AES-NI instructions, usable by unprivileged userspace
> >>> given these world-usable perms.
> >> Ok, then why send this to us now, why not just submit this to upstream
> >> at the proper time when the embargo expires?  Why do we now need to sit
> >> on this for the next 4 fricken months?
> > And why sit on this at all anyway?
> The companion CVE, for a malicious kernel attacking SGX with this
> mechanism, needs a microcode change, which is why they are bundled together.

But again, that's independant of this sysfs file permissions, right?
Why can't you just fix this now, so when the other mess is finally
public you don't have to worry about it.

Much like I did for the random number stuff, we fixed the kernel up to
not depend on it way before Intel came up with BIOS fixes and the other
stuff.  Get ahead of the issue if at all possible.


greg k-h

  reply	other threads:[~2020-07-14  8:44 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <5f0cf7c5.1c69fb81.99805.3f5fSMTPIN_ADDED_BROKEN@mx.google.com>
2020-07-14  5:57 ` Greg KH
2020-07-14  8:03   ` Andrew Cooper
2020-07-14  8:14     ` Greg KH
2020-07-14  8:20       ` Greg KH
2020-07-14  8:36         ` Andrew Cooper
2020-07-14  8:44           ` Greg KH [this message]
2020-07-14 11:00     ` [MODERATED] Do we need this list anymore? (was Re: [PATCH] Raffle 0) Greg KH
2020-07-14 15:34       ` Thomas Gleixner
2020-07-14 22:47         ` [MODERATED] " Gomez Iglesias, Antonio
2020-07-15 13:16           ` Thomas Gleixner
2020-07-14  5:58 ` [MODERATED] Re: [PATCH] Raffle 0 Greg KH
2020-07-14  6:01 ` Greg KH
2020-07-14 22:39   ` Pawan Gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200714084407.GB1168379@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=speck@linutronix.de \
    --subject='[MODERATED] Re: [PATCH] Raffle 0' \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).