On Wed, 2020-11-11 at 13:18 +0000, masashi.kudo@... wrote:

Hi,

The other day, I inquired about CVE-2019-0145, CVE-2019-0147, and CVE-2019-0148 in the following email.

The kernel team discussed for weeks how to deal with them.
As a result of these discussions, we concluded to ignore them until Intel fixes issues, because:
- The descriptions of patches are not clear, and we cannot figure out what is right
- The patches we identified do not really look like fixing too serious stuff.

They all seemed to involve communication with the owner of a PCIe
Virtual Function (VF). A VF might be assigned to a VM or privileged
process. In Civil Infrastructure systems those should already be
trusted and so the issues don't matter that much.

So far, we had the following AI, but we close this based on the above situation.

2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - Kernel Team

[...]

Well, I found it quite easy to backport the applicable parts of the
fixes. I already sent them along with some other fixes for the 4.14
and 4.9 branches, and could still do so for 4.4.

Ben.

--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom