On 10/06/15 18:00, Michael S. Tsirkin wrote: > On Tue, Oct 06, 2015 at 05:49:21PM +0300, Vlad Zolotarov wrote: >>> and read/write the config space. >>> This means that a single userspace bug is enough to corrupt kernel >>> memory. >> Could u, pls., provide and example of this simple bug? Because it's >> absolutely not obvious... > Stick a value that happens to match a kernel address in Msg Addr field > in an unmasked MSI-X entry.
This patch neither configures MSI-X entries in the user space nor provides additional means to do so therefore this "sticking" would be a matter of some extra code that is absolutely unrelated to this patch. So, this example seems absolutely irrelevant to this particular discussion. thanks, vlad >
