lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <175327211759.77634.8242308703852038544.b4-ty@kernel.org>
Date: Wed, 23 Jul 2025 13:52:52 +0100
From: Will Deacon <will@...nel.org>
To: Joerg Roedel <joro@...tes.org>,
	Robin Murphy <robin.murphy@....com>,
	Kevin Tian <kevin.tian@...el.com>,
	Ethan Milon <ethan.milon@...den.com>,
	Jason Gunthorpe <jgg@...pe.ca>,
	Lu Baolu <baolu.lu@...ux.intel.com>
Cc: catalin.marinas@....com,
	kernel-team@...roid.com,
	Will Deacon <will@...nel.org>,
	iommu@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] iommu/vt-d: Fix UAF on sva unbind with pending IOPFs

On Wed, 23 Jul 2025 15:20:45 +0800, Lu Baolu wrote:
> Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach
> path") disables IOPF on device by removing the device from its IOMMU's
> IOPF queue when the last IOPF-capable domain is detached from the device.
> Unfortunately, it did this in a wrong place where there are still pending
> IOPFs. As a result, a use-after-free error is potentially triggered and
> eventually a kernel panic with a kernel trace similar to the following:
> 
> [...]

Applied to iommu (intel/vt-d), thanks!

[1/1] iommu/vt-d: Fix UAF on sva unbind with pending IOPFs
      https://git.kernel.org/iommu/c/f0b9d31c6edd

Cheers,
-- 
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ