[PATCH v2 1/7] genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
Thomas Gleixner
tglx at linutronix.de
Fri Feb 21 01:28:20 PST 2025
On Wed, Feb 19 2025 at 17:31, Nicolin Chen wrote:
> Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA
> address is already known during iommu_dma_prepare_msi() and cannot change.
> Thus, it can simply be stored as an integer in the MSI descriptor.
>
> A following patch will fix the other UAF in iommu_get_domain_for_dev(), by
> using the IOMMU group mutex.
"A following patch" has no meaning once the current one is
applied. Simply say:
The other UAF in iommu_get_domain_for_dev() will be addressed
seperately, by ....
> Signed-off-by: Jason Gunthorpe <jgg at nvidia.com>
> Signed-off-by: Nicolin Chen <nicolinc at nvidia.com>
With that fixed:
Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
More information about the linux-arm-kernel
mailing list