From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <mst@redhat.com> Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 26F3136E for <dev@dpdk.org>; Wed, 30 Sep 2015 22:40:21 +0200 (CEST) Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 5EDE19249A; Wed, 30 Sep 2015 20:40:20 +0000 (UTC) Received: from redhat.com (ovpn-116-83.ams2.redhat.com [10.36.116.83]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id t8UKeHL5017240; Wed, 30 Sep 2015 16:40:18 -0400 Date: Wed, 30 Sep 2015 23:40:16 +0300 From: "Michael S. Tsirkin" <mst@redhat.com> To: Avi Kivity <avi@scylladb.com> Message-ID: <20150930204016.GA29975@redhat.com> References: <20150930143927-mutt-send-email-mst@redhat.com> <560BCD2F.5060505@cloudius-systems.com> <20150930150115-mutt-send-email-mst@redhat.com> <560BD284.7040505@cloudius-systems.com> <20150930151632-mutt-send-email-mst@redhat.com> <560BDE24.8000308@scylladb.com> <20150930165359-mutt-send-email-mst@redhat.com> <560BF782.4070308@scylladb.com> <20150930175848-mutt-send-email-mst@redhat.com> <560C0171.7080507@scylladb.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <560C0171.7080507@scylladb.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 Cc: "dev@dpdk.org" <dev@dpdk.org> Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> X-List-Received-Date: Wed, 30 Sep 2015 20:40:21 -0000 On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote: > As it happens, you're removing the functionality from the users who have no > other option. They can't use vfio because it doesn't work on virtualized > setups. ... > Root can already do anything. I think there's a contradiction between the two claims above. > So what security issue is there? A buggy userspace can and will corrupt kernel memory. ... > And for what, to prevent > root from touching memory via dma that they can access in a million other > ways? So one can be reasonably sure a kernel oops is not a result of a userspace bug. -- MST