[dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Michael S. Tsirkin
mst at redhat.com
Wed Sep 30 22:40:16 CEST 2015
On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote:
> As it happens, you're removing the functionality from the users who have no
> other option. They can't use vfio because it doesn't work on virtualized
> setups.
...
> Root can already do anything.
I think there's a contradiction between the two claims above.
> So what security issue is there?
A buggy userspace can and will corrupt kernel memory.
...
> And for what, to prevent
> root from touching memory via dma that they can access in a million other
> ways?
So one can be reasonably sure a kernel oops is not a result of a
userspace bug.
--
MST
More information about the dev
mailing list