| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4860bb2d-30ec-4fad-a2b2-752c3412771e@linux.ibm.com>
Date: Fri, 17 Jan 2025 07:50:10 -0500
From: Anthony Krowiak <akrowiak@...ux.ibm.com>
To: Halil Pasic <pasic@...ux.ibm.com>,
Alex Williamson <alex.williamson@...hat.com>
Cc: Rorie Reyes <rreyes@...ux.ibm.com>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org, hca@...ux.ibm.com,
borntraeger@...ibm.com, agordeev@...ux.ibm.com, gor@...ux.ibm.com,
jjherne@...ux.ibm.com
Subject: Re: [PATCH v1] s390/vfio-ap: Signal eventfd when guest AP
configuration is changed
On 1/16/25 2:18 PM, Halil Pasic wrote:
> On Thu, 16 Jan 2025 11:52:28 -0500
> Alex Williamson <alex.williamson@...hat.com> wrote:
>
>>>> Alex, does the above answer your question on what guards against UAF (the
>>>> short answer is: matrix_dev->mdevs_lock)?
>> Yes, that answers my question, thanks for untangling it. We might
>> consider a lockdep_assert_held() in the new
>> signal_guest_ap_cfg_changed() since it does get called from a variety
>> of paths and we need that lock to prevent the UAF.
> Yes I second that! I was thinking about it myself yesterday. And there
> are also a couple of other functions that expect to be called with
> certain locks held. I would love to see lockdep_assert_held() there
> as well.
>
> Since I went through that code last night I could spin a patch that
> catches some of these at least. But if I don't within two weeks, I
> won't be grumpy if somebody else picks that up.
Sure, sounds like a good idea. Don't worry about it, I can take care of
it. Thanks.
>
> Regards,
> Halil
Powered by blists - more mailing lists