Re: [PATCH v1] s390/vfio-ap: Signal eventfd when guest AP configuration is changed

[Anthony Krowiak]

On 1/16/25 2:30 PM, Halil Pasic wrote:
> On Thu, 16 Jan 2025 10:38:41 -0500
> Anthony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
>
> > > Alex, does the above answer your question on what guards against UAF (the
> > > short answer is: matrix_dev->mdevs_lock)?
> > I agree that the matrix_dev->mdevs_lock does prevent changes to
> > matrix_mdev->cfg_chg_trigger while it is being accessed by the
> > vfio_ap device driver. My confusion arises from my interpretation of
> > Alex's question; it seemed to me that he was talking its use outside
> > of the vfio_ap driver and how to guard against that.
> BTW the key for understanding how we are protected form something
> like userspace closing he eventfd is that eventfd_ctx_fdget()
> takes a reference to the internal eventfd context,  which makes
> sure userspace can not shoot us in the foot and the context
> remains to be safe to use until we have done our put. Generally
> userspace is responsible for not shooting itself in the foot,
> so how QEMU uses its end is mostly QEMUs problem in my understanding.

I started digging through that code to try to find the reference to the
eventfd and whether/how it is protected, but got lost in the
twists and turns. Thanks for the info.

> Regards,
> Halil