On Tue, Nov 22, 2011 at 07:52:45PM +0100, Hans J. Koch wrote: > On Tue, Nov 22, 2011 at 08:40:40PM +0200, Michael S. Tsirkin wrote: > > On Tue, Nov 22, 2011 at 06:54:02PM +0100, Hans J. Koch wrote: > > > On Tue, Nov 22, 2011 at 07:37:23PM +0200, Michael S. Tsirkin wrote: > > > [...] > > > > > Or am I better off with a UIO solution? > > > > > > > > You should probably write a proper kernel driver, not a UIO one. > > > > your kernel driver would have to prevent the device fom DMA into memory > > > > outside the allocated range, even if userspace is malicious. > > > > That's why UIO is generally not recommended for PCI devices that do DMA. > > > > > > When UIO was designed, the main goal was the ability to handle interrupts > > > from userspace. There was no requirement for DMA. In fact, in five years I > > > didn't get one real world device on my desk that needed it. That doesn't > > > mean there are no such devices. Adding DMA support to the UIO core was > > > discussed several times but noone ever did it. Ideas are still welcome... > > > > > > If parts of the driver should be in userspace, you should really try > > > to extend the UIO core instead of re-implementing UIO functionality in > > > a "proper kernel driver". > > > > > > Thanks, > > > Hans > > > > Right, I really meant put all of the driver in the kernel. > > If parts are in userspace, and device can do DMA, > > you are faced with the problem as userspace suddenly > > can access arbitrary memory through the device. > > That's nothing UIO specific. You have the same problem with /dev/mem > or graphic cards. If you're root, you can do lots of things that can > compromise security or crash your system. > > Thanks, > Hans With an appropriate security policy, you might not be able to, or your attempt to do so might be logged. Even without, people can use permissions to give non-root access to devices. One doesn't normally expect chown mst /dev/foobar to give mst full root on a box. -- MST -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
