| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ldtzhcjv.ffs@tglx> Date: Fri, 21 Feb 2025 10:28:20 +0100 From: Thomas Gleixner <tglx@...utronix.de> To: Nicolin Chen <nicolinc@...dia.com>, jgg@...dia.com, kevin.tian@...el.com, maz@...nel.org Cc: joro@...tes.org, will@...nel.org, robin.murphy@....com, shuah@...nel.org, iommu@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kselftest@...r.kernel.org, eric.auger@...hat.com, baolu.lu@...ux.intel.com, yi.l.liu@...el.com, yury.norov@...il.com, jacob.pan@...ux.microsoft.com, patches@...ts.linux.dev Subject: Re: [PATCH v2 1/7] genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie On Wed, Feb 19 2025 at 17:31, Nicolin Chen wrote: > Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA > address is already known during iommu_dma_prepare_msi() and cannot change. > Thus, it can simply be stored as an integer in the MSI descriptor. > > A following patch will fix the other UAF in iommu_get_domain_for_dev(), by > using the IOMMU group mutex. "A following patch" has no meaning once the current one is applied. Simply say: The other UAF in iommu_get_domain_for_dev() will be addressed seperately, by .... > Signed-off-by: Jason Gunthorpe <jgg@...dia.com> > Signed-off-by: Nicolin Chen <nicolinc@...dia.com> With that fixed: Reviewed-by: Thomas Gleixner <tglx@...utronix.de>
Powered by blists - more mailing lists