On Sun, Jun 10, 2012 at 10:16:54PM +0300, Michael S. Tsirkin wrote: > On Sun, Jun 10, 2012 at 09:11:30PM +0200, Hans J. Koch wrote: > > On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote: > > > > > > One thing I stand corrected on: assigning a PF that does DMA with VFIO > > > *might* be secure, and sometimes, maybe often, is. > > > There's just no way to make sure. > > > This is unlike uio_pci_generic where it would always be insecure. > > > > You need to be root to access a UIO device, and if you're root, you can > > compromise a system in many ways. Before UIO, people used /dev/mem for > > similar purposes, and UIO is certainly a seccurity improvement over that. > > > > But of course, UIO presents security risks. Like many other things below > > /dev, you need to know what you're doing, and who gets access to /dev/uioX. > > > > Thanks, > > Hans > > Sorry I might not have explained myself clearly. uio_pci_generic would > be insecure if used with a device doing DMA. I am not speaking > about UIO in general at all. Oh, I do. There are many more risks than just DMA. I come from the embedded systems world, and there it is not uncommon that some strange device can simply turn the power off of some of your chips or even the whole system if programmed properly. And there are a lot of things that might be fine from the kernel's point of view, but render the system unusable from a user's point of view. UIO is a very thin layer on top of strange hardware. It just fills a gap for a certain class of devices that don't fit in anywhere else. Although I'm glad if somebody posts his UIO driver, I'm even more glad if another subsystem (IIO, VFIO) can be found for the damn chip ;-) Thanks, Hans -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html