On Tue, Oct 06, 2015 at 05:49:21PM +0300, Vlad Zolotarov wrote: > >and read/write the config space. > >This means that a single userspace bug is enough to corrupt kernel > >memory. > > Could u, pls., provide and example of this simple bug? Because it's > absolutely not obvious...
Stick a value that happens to match a kernel address in Msg Addr field in an unmasked MSI-X entry. -- MST
