On Fri, Feb 21, 2025 at 10:28:20AM +0100, Thomas Gleixner wrote:
On Wed, Feb 19 2025 at 17:31, Nicolin Chen wrote:
Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA address is already known during iommu_dma_prepare_msi() and cannot change. Thus, it can simply be stored as an integer in the MSI descriptor.
A following patch will fix the other UAF in iommu_get_domain_for_dev(), by using the IOMMU group mutex.
"A following patch" has no meaning once the current one is applied. Simply say:
The other UAF in iommu_get_domain_for_dev() will be addressed seperately, by ....
I used this paragraph:
The other UAF related to iommu_get_domain_for_dev() will be addressed in patch "iommu: Make iommu_dma_prepare_msi() into a generic operation" by using the IOMMU group mutex.
Thanks, Jason