lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZC7Kb3WmjvooWtLE@nvidia.com>
Date:   Thu, 6 Apr 2023 10:34:39 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     iommu@...ts.linux.dev, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, Kevin Tian <kevin.tian@...el.com>
Subject: [GIT PULL] Please pull IOMMUFD subsystem changes

Hi Linus,

Three bug fixes that a syzkaller instance found in iommufd. We added
some selftest coverage for this, but it will come in the merge window
as it depends on some other selftest changes.

I'm pretty happy with this as it shows the selftest setup is allowing
syzkaller into code paths that would normally be only reached by
in-kernel VFIO mdev drivers. These are bugs that the normal vGVT and
S390 vfio-mdev test suites didn't find.

Thanks,
Jason

The following changes since commit 7e364e56293bb98cae1b55fd835f5991c4e96e7d:

  Linux 6.3-rc5 (2023-04-02 14:29:29 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd.git tags/for-linus-iommufd

for you to fetch changes up to 13a0d1ae7ee6b438f5537711a8c60cba00554943:

  iommufd: Do not corrupt the pfn list when doing batch carry (2023-04-04 09:10:55 -0300)

----------------------------------------------------------------
iommufd for 6.3 rc

Three bugs found by syzkaller:

 - An invalid VA range can be be put in a pages and eventually trigger
   WARN_ON, reject it early

 - Use of the wrong start index value when doing the complex batch carry
   scheme

 - Wrong store ordering resulting in corrupting data used in a later
   calculation that corrupted the batch structure during carry

----------------------------------------------------------------
Jason Gunthorpe (3):
      iommufd: Check for uptr overflow
      iommufd: Fix unpinning of pages when an access is present
      iommufd: Do not corrupt the pfn list when doing batch carry

 drivers/iommu/iommufd/pages.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ