Re: [PATCH v2 1/7] genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie

From: Jason Gunthorpe
Date: Fri Feb 21 2025 - 08:41:24 EST


On Fri, Feb 21, 2025 at 12:10:46PM +0100, Joerg Roedel wrote:
> Hi Nicolin,
>
> On Fri, Feb 21, 2025 at 10:28:20AM +0100, Thomas Gleixner wrote:
> > On Wed, Feb 19 2025 at 17:31, Nicolin Chen wrote:
> > > Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA
> > > address is already known during iommu_dma_prepare_msi() and cannot change.
> > > Thus, it can simply be stored as an integer in the MSI descriptor.
> > >
> > > A following patch will fix the other UAF in iommu_get_domain_for_dev(), by
> > > using the IOMMU group mutex.
> >
> > "A following patch" has no meaning once the current one is
> > applied. Simply say:
> >
> > The other UAF in iommu_get_domain_for_dev() will be addressed
> > seperately, by ....
> >
> > > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> > > Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
> >
> > With that fixed:
> >
> > Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
>
> Can you please send a v3 with updated commit message and all the
> review/acked tags added? I will pick it up then.

Can I send you a PR instead? I'd like it on a branch so we can work on
the iommufd specific bits that where in v1.

Jason