On Thu, 16 Jan 2025 11:52:28 -0500 Alex Williamson <alex.williamson@xxxxxxxxxx> wrote: > > > Alex, does the above answer your question on what guards against UAF (the > > > short answer is: matrix_dev->mdevs_lock)? > > Yes, that answers my question, thanks for untangling it. We might > consider a lockdep_assert_held() in the new > signal_guest_ap_cfg_changed() since it does get called from a variety > of paths and we need that lock to prevent the UAF. Yes I second that! I was thinking about it myself yesterday. And there are also a couple of other functions that expect to be called with certain locks held. I would love to see lockdep_assert_held() there as well. Since I went through that code last night I could spin a patch that catches some of these at least. But if I don't within two weeks, I won't be grumpy if somebody else picks that up. Regards, Halil
