9 Jul
2025
9 Jul
'25
6:22 p.m.
On 7/9/25 11:15, Jacob Pan wrote:
Is there a use case where a SVA user can access kernel memory in the first place?
No. It should be fully blocked.
Then I don't understand what is the "vulnerability condition" being addressed here. We are talking about KVA range here.
SVA users can't access kernel memory, but they can compel walks of kernel page tables, which the IOMMU caches. The trouble starts if the kernel happens to free that page table page and the IOMMU is using the cache after the page is freed.
That was covered in the changelog, but I guess it could be made a bit more succinct.