[dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance

Michael S. Tsirkin mst at redhat.com
Wed Sep 30 22:40:16 CEST 2015

Previous message: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Next message: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote:
> As it happens, you're removing the functionality from the users who have no
> other option.  They can't use vfio because it doesn't work on virtualized
> setups.

...

> Root can already do anything.

I think there's a contradiction between the two claims above.

>  So what security issue is there?

A buggy userspace can and will corrupt kernel memory.

...

> And for what, to prevent
> root from touching memory via dma that they can access in a million other
> ways?

So one can be reasonably sure a kernel oops is not a result of a
userspace bug.

-- 
MST

Previous message: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Next message: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list