On 2025/2/20 22:10, Jason Gunthorpe wrote: > On Thu, Feb 20, 2025 at 11:48:49AM +0800, Junxian Huang wrote: > >> Driver notifies HW about the memory release with mailbox. The procedure >> of a mailbox is: >> a) driver posts the mailbox to FW >> b) FW writes the mailbox data into HW >> >> In this scenario, step a) will fail due to the FW reset, HW won't get >> notified and thus may lead to UAF. > > That's just wrong, a FW reset must fully stop and sanitize the HW as > well. You can't have HW running rouge with no way for FW to control it > anymore. > I agree, but there is a small time gap between the start of FW reset and the stop of HW. Please see my earlier reply today. Thanks, Junxian > Jason
