On Wed, Feb 26, 2025 at 05:46:12PM +0800, Junxian Huang wrote: > > > On 2025/2/20 22:10, Jason Gunthorpe wrote: > > On Thu, Feb 20, 2025 at 11:48:49AM +0800, Junxian Huang wrote: > > > >> Driver notifies HW about the memory release with mailbox. The procedure > >> of a mailbox is: > >> a) driver posts the mailbox to FW > >> b) FW writes the mailbox data into HW > >> > >> In this scenario, step a) will fail due to the FW reset, HW won't get > >> notified and thus may lead to UAF. > > > > That's just wrong, a FW reset must fully stop and sanitize the HW as > > well. You can't have HW running rouge with no way for FW to control it > > anymore. > > > > I agree, but there is a small time gap between the start of FW reset > and the stop of HW. Please see my earlier reply today. So stop HW before continuing FW reset. Thanks > > Thanks, > Junxian > > > Jason
