[PATCH v3 2/2] iommu/arm-smmu-v3: Replace vsmmu_size/type with get_viommu_size
Nicolin Chen
nicolinc at nvidia.com
Fri Jul 25 09:24:23 PDT 2025
On Fri, Jul 25, 2025 at 09:18:35AM +0000, Mostafa Saleh wrote:
> > > > > On Wed, Jul 23, 2025 at 01:37:53PM +0000, Pranjal Shrivastava wrote:
> > > > > > On Mon, Jul 21, 2025 at 01:04:44PM -0700, Nicolin Chen wrote:
> > > Had the
> > > vintf_size rejected it, we wouldn't be calling the init op.
> >
> > A data corruption could happen any time, not related to the
> > init op. A concurrent buggy thread can overwrite the vIOMMU
> > object when a write access to its adjacent memory overflows.
>
> Can you please elaborate on that, as memory corruption can happen
> any time event after the next check and there is no way to defend
> against that?
That narrative is under a condition (in the context) "when there
is a kernel bug corrupting data" :)
E.g. some new lines of code allocates a wrong size of memory and
writes above the size. If that memory is near this vIOMMU object
it might overwrite to this vIOMMU object that this function gets.
This certainly won't happen if everything is sane.
Nicolin
More information about the linux-arm-kernel
mailing list