lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251022120146.d683b5f1e2e4ca324a92aa8f@linux-foundation.org>
Date: Wed, 22 Oct 2025 12:01:46 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Lu Baolu <baolu.lu@...ux.intel.com>
Cc: Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>, Robin
 Murphy <robin.murphy@....com>, Kevin Tian <kevin.tian@...el.com>, Jason
 Gunthorpe <jgg@...dia.com>, Jann Horn <jannh@...gle.com>, Vasant Hegde
 <vasant.hegde@....com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar
 <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
 <dave.hansen@...el.com>, Alistair Popple <apopple@...dia.com>, Peter
 Zijlstra <peterz@...radead.org>, Uladzislau Rezki <urezki@...il.com>,
 Jean-Philippe Brucker <jean-philippe@...aro.org>, Andy Lutomirski
 <luto@...nel.org>, Yi Lai <yi1.lai@...el.com>, David Hildenbrand
 <david@...hat.com>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
 "Liam R . Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka
 <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>, Michal Hocko
 <mhocko@...nel.org>, Matthew Wilcox <willy@...radead.org>, Vinicius Costa
 Gomes <vinicius.gomes@...el.com>, iommu@...ts.linux.dev,
 security@...nel.org, x86@...nel.org, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 0/8] Fix stale IOTLB entries for kernel address space

On Wed, 22 Oct 2025 16:26:26 +0800 Lu Baolu <baolu.lu@...ux.intel.com> wrote:

> This proposes a fix for a security vulnerability related to IOMMU Shared
> Virtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel
> page table entries. When a kernel page table page is freed and
> reallocated for another purpose, the IOMMU might still hold stale,
> incorrect entries. This can be exploited to cause a use-after-free or
> write-after-free condition, potentially leading to privilege escalation
> or data corruption.
> 
> This solution introduces a deferred freeing mechanism for kernel page
> table pages, which provides a safe window to notify the IOMMU to
> invalidate its caches before the page is reused.

Thanks, I'll add this to mm.git for some testing.  I'll suppress the
usual email flood when doing this.

The x86 maintainers may choose to merge this series in which case I
shall drop the mm.git copy.

As presented and merged, the [1/8] (which has cc:stable) won't hit
mainline until the next merge window.  So it won't be offered to
-stable maintainers until that time.  If you believe [1/8] should be
mainlined in the 6.18-rcX timeframe then please let me know and I'll
extract that patch from the series and shall stage it separately,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ