[PATCH v2 1/7] genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
Jason Gunthorpe
jgg at nvidia.com
Fri Feb 21 06:05:57 PST 2025
On Fri, Feb 21, 2025 at 10:28:20AM +0100, Thomas Gleixner wrote:
> On Wed, Feb 19 2025 at 17:31, Nicolin Chen wrote:
> > Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA
> > address is already known during iommu_dma_prepare_msi() and cannot change.
> > Thus, it can simply be stored as an integer in the MSI descriptor.
> >
> > A following patch will fix the other UAF in iommu_get_domain_for_dev(), by
> > using the IOMMU group mutex.
>
> "A following patch" has no meaning once the current one is
> applied. Simply say:
>
> The other UAF in iommu_get_domain_for_dev() will be addressed
> seperately, by ....
I used this paragraph:
The other UAF related to iommu_get_domain_for_dev() will be addressed in
patch "iommu: Make iommu_dma_prepare_msi() into a generic operation" by
using the IOMMU group mutex.
Thanks,
Jason
More information about the linux-arm-kernel
mailing list