Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code

From: Michal Hocko
Date: Tue May 28 2024 - 04:52:06 EST

Next message: Chen-Yu Tsai: "[PATCH v2] scripts/make_fit: Drop fdt image entry compatible string"
Previous message: Michael Riesch: "Re: [PATCH] drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu 23-05-24 14:14:57, Nikolay Borisov wrote:
[...]
> I'd like to dispute this CVE since it doesn't constitute a security related
> bug. Sure, it might crash a SEV guest during boot but it doesn't constitute
> a security issue per-se.

Let me add analysis by Joerg here:
: This is not a security issue. The patch works around clangs compiler behavior
: where it inserts absolute references to kernel addresses. This breaks kernel
: boot because at the time this code runs the kernel still runs direct-mapped and
: needs to rely on RIP-relative addressing only.
:
: Any breakage there would be detected at early boot of the kernel by a fatal
: crash, which can not be exploited. Also, our kernels are not compiled with
: clang, so from that perspective this is also not an issue for us either.

So this is a functional fix for clang builds.
--
Michal Hocko
SUSE Labs

Next message: Chen-Yu Tsai: "[PATCH v2] scripts/make_fit: Drop fdt image entry compatible string"
Previous message: Michael Riesch: "Re: [PATCH] drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-35802: x86/sev: Fix position dependent variable references in startup code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]