| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42c500b8-6ffb-4793-85c0-d3fbae0116f1@intel.com> Date: Wed, 9 Jul 2025 11:22:34 -0700 From: Dave Hansen <dave.hansen@...el.com> To: jacob.pan@...ux.microsoft.com, Jason Gunthorpe <jgg@...dia.com> Cc: Lu Baolu <baolu.lu@...ux.intel.com>, Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>, Kevin Tian <kevin.tian@...el.com>, Jann Horn <jannh@...gle.com>, Vasant Hegde <vasant.hegde@....com>, Alistair Popple <apopple@...dia.com>, Peter Zijlstra <peterz@...radead.org>, Uladzislau Rezki <urezki@...il.com>, Jean-Philippe Brucker <jean-philippe@...aro.org>, Andy Lutomirski <luto@...nel.org>, iommu@...ts.linux.dev, security@...nel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH 1/1] iommu/sva: Invalidate KVA range on kernel TLB flush On 7/9/25 11:15, Jacob Pan wrote: >>> Is there a use case where a SVA user can access kernel memory in the >>> first place? >> No. It should be fully blocked. >> > Then I don't understand what is the "vulnerability condition" being > addressed here. We are talking about KVA range here. SVA users can't access kernel memory, but they can compel walks of kernel page tables, which the IOMMU caches. The trouble starts if the kernel happens to free that page table page and the IOMMU is using the cache after the page is freed. That was covered in the changelog, but I guess it could be made a bit more succinct.
Powered by blists - more mailing lists