On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote: > > One thing I stand corrected on: assigning a PF that does DMA with VFIO > *might* be secure, and sometimes, maybe often, is. > There's just no way to make sure. > This is unlike uio_pci_generic where it would always be insecure. You need to be root to access a UIO device, and if you're root, you can compromise a system in many ways. Before UIO, people used /dev/mem for similar purposes, and UIO is certainly a seccurity improvement over that. But of course, UIO presents security risks. Like many other things below /dev, you need to know what you're doing, and who gets access to /dev/uioX. Thanks, Hans -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
