| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250117143856.GD5556@nvidia.com> Date: Fri, 17 Jan 2025 10:38:56 -0400 From: Jason Gunthorpe <jgg@...dia.com> To: "Tian, Kevin" <kevin.tian@...el.com> Cc: Nicolin Chen <nicolinc@...dia.com>, "joro@...tes.org" <joro@...tes.org>, "will@...nel.org" <will@...nel.org>, "robin.murphy@....com" <robin.murphy@....com>, "baolu.lu@...ux.intel.com" <baolu.lu@...ux.intel.com>, "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH rc v3] iommufd/fault: Use a separate spinlock to protect fault->deliver list On Fri, Jan 17, 2025 at 06:20:15AM +0000, Tian, Kevin wrote: > > From: Nicolin Chen <nicolinc@...dia.com> > > Sent: Friday, January 17, 2025 10:05 AM > > > > mutex_lock(&fault->mutex); > > Nit. The scope of above can be reduced too, by guarding only the > lines for fault->response. Hmm, I think you have found a flaw unfortunately.. iommufd_auto_response_faults() is called async to all of this if a device is removed. It should clean out that device from all the fault machinery. With the new locking we don't hold the mutex across the list manipulation in read so there is a window where a fault can be on the stack in iommufd_fault_fops_read() but not in the fault->response or the deliver list. Thus it will be missed during cleanup. I think because of the cleanup we have to continue to hold the mutex across all of fops_read and this patch is just adding an additional spinlock around the deliver list to isolate it from the copy_to_user(). Is that right Nicolin? Jason
Powered by blists - more mailing lists