lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200304152816.GA3619@suse.de>
Date:   Wed, 4 Mar 2020 16:28:16 +0100
From:   Joerg Roedel <jroedel@...e.de>
To:     Marc Zyngier <maz@...nel.org>
Cc:     linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Eric Auger <eric.auger@...hat.com>,
        Robin Murphy <robin.murphy@....com>,
        Will Deacon <will@...nel.org>, stable@...r.kernel.org
Subject: Re: [PATCH v2] iommu/dma: Fix MSI reservation allocation

On Wed, Mar 04, 2020 at 11:11:17AM +0000, Marc Zyngier wrote:
> The way cookie_init_hw_msi_region() allocates the iommu_dma_msi_page
> structures doesn't match the way iommu_put_dma_cookie() frees them.
> 
> The former performs a single allocation of all the required structures,
> while the latter tries to free them one at a time. It doesn't quite
> work for the main use case (the GICv3 ITS where the range is 64kB)
> when the base granule size is 4kB.
> 
> This leads to a nice slab corruption on teardown, which is easily
> observable by simply creating a VF on a SRIOV-capable device, and
> tearing it down immediately (no need to even make use of it).
> Fortunately, this only affects systems where the ITS isn't translated
> by the SMMU, which are both rare and non-standard.
> 
> Fix it by allocating iommu_dma_msi_page structures one at a time.
> 
> Fixes: 7c1b058c8b5a3 ("iommu/dma: Handle IOMMU API reserved regions")
> Signed-off-by: Marc Zyngier <maz@...nel.org>
> Reviewed-by: Eric Auger <eric.auger@...hat.com>
> Cc: Robin Murphy <robin.murphy@....com>
> Cc: Joerg Roedel <jroedel@...e.de>
> Cc: Will Deacon <will@...nel.org>
> Cc: stable@...r.kernel.org

Applied for v5.6, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ