| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250116203034.2ec75969.pasic@linux.ibm.com>
Date: Thu, 16 Jan 2025 20:30:34 +0100
From: Halil Pasic <pasic@...ux.ibm.com>
To: Anthony Krowiak <akrowiak@...ux.ibm.com>
Cc: Alex Williamson <alex.williamson@...hat.com>,
Rorie Reyes
<rreyes@...ux.ibm.com>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org, hca@...ux.ibm.com,
borntraeger@...ibm.com, agordeev@...ux.ibm.com, gor@...ux.ibm.com,
jjherne@...ux.ibm.com, Halil Pasic <pasic@...ux.ibm.com>
Subject: Re: [PATCH v1] s390/vfio-ap: Signal eventfd when guest AP
configuration is changed
On Thu, 16 Jan 2025 10:38:41 -0500
Anthony Krowiak <akrowiak@...ux.ibm.com> wrote:
> > Alex, does the above answer your question on what guards against UAF (the
> > short answer is: matrix_dev->mdevs_lock)?
>
> I agree that the matrix_dev->mdevs_lock does prevent changes to
> matrix_mdev->cfg_chg_trigger while it is being accessed by the
> vfio_ap device driver. My confusion arises from my interpretation of
> Alex's question; it seemed to me that he was talking its use outside
> of the vfio_ap driver and how to guard against that.
BTW the key for understanding how we are protected form something
like userspace closing he eventfd is that eventfd_ctx_fdget()
takes a reference to the internal eventfd context, which makes
sure userspace can not shoot us in the foot and the context
remains to be safe to use until we have done our put. Generally
userspace is responsible for not shooting itself in the foot,
so how QEMU uses its end is mostly QEMUs problem in my understanding.
Regards,
Halil
Powered by blists - more mailing lists