On Sun, Jun 10, 2012 at 09:11:30PM +0200, Hans J. Koch wrote: > On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote: > > > > One thing I stand corrected on: assigning a PF that does DMA with VFIO > > *might* be secure, and sometimes, maybe often, is. > > There's just no way to make sure. > > This is unlike uio_pci_generic where it would always be insecure. > > You need to be root to access a UIO device, and if you're root, you can > compromise a system in many ways. Before UIO, people used /dev/mem for > similar purposes, and UIO is certainly a seccurity improvement over that. > > But of course, UIO presents security risks. Like many other things below > /dev, you need to know what you're doing, and who gets access to /dev/uioX. > > Thanks, > Hans Sorry I might not have explained myself clearly. uio_pci_generic would be insecure if used with a device doing DMA. I am not speaking about UIO in general at all. -- MST -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
