On Wed, 2013-10-02 at 17:37 +0300, Gleb Natapov wrote: > On Wed, Oct 02, 2013 at 04:33:18PM +0200, Paolo Bonzini wrote: > > Il 02/10/2013 16:08, Alexander Graf ha scritto: > > > > The hwrng is accessible by host userspace via /dev/mem. > > > > > > A guest should live on the same permission level as a user space > > > application. If you run QEMU as UID 1000 without access to /dev/mem, why > > > should the guest suddenly be able to directly access a memory location > > > (MMIO) it couldn't access directly through a normal user space interface. > > > > > > It's basically a layering violation. > > > > With Michael's earlier patch in this series, the hwrng is accessible by > > host userspace via /dev/hwrng, no? > > > Access to which can be controlled by its permission. Permission of > /dev/kvm may be different. If we route hypercall via userspace and > configure qemu to get entropy from /dev/hwrng everything will fall > nicely together (except performance). Yes, except abysmall performance and a lot more code for something completely and utterly pointless .... nice. Ben. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
