From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mst@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id D7F608E61
 for <dev@dpdk.org>; Thu,  1 Oct 2015 11:29:15 +0200 (CEST)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
 (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
 by mx1.redhat.com (Postfix) with ESMTPS id 2AE32461C3;
 Thu,  1 Oct 2015 09:29:15 +0000 (UTC)
Received: from redhat.com (ovpn-116-83.ams2.redhat.com [10.36.116.83])
 by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 t919TBqk010116; Thu, 1 Oct 2015 05:29:12 -0400
Date: Thu, 1 Oct 2015 12:29:11 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Avi Kivity <avi@scylladb.com>
Message-ID: <20151001121638-mutt-send-email-mst@redhat.com>
References: <20150930151632-mutt-send-email-mst@redhat.com>
 <560BDE24.8000308@scylladb.com>
 <20150930165359-mutt-send-email-mst@redhat.com>
 <560BF782.4070308@scylladb.com>
 <20150930175848-mutt-send-email-mst@redhat.com>
 <560C0171.7080507@scylladb.com> <20150930204016.GA29975@redhat.com>
 <20151001113828-mutt-send-email-mst@redhat.com>
 <560CF44A.60102@scylladb.com> <560CF9C5.8050901@scylladb.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <560CF9C5.8050901@scylladb.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to
 uio_pci_generic on Amazon instance
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 09:29:16 -0000

On Thu, Oct 01, 2015 at 12:15:49PM +0300, Avi Kivity wrote:
>     What userspace can't be allowed to do:
> 
>             access BAR
>             write rings
> 
> 
> 
> 
> It can access the BAR by mmap()ing the resourceN files under sysfs.  You're not
> denying userspace the ability to oops the kernel, just the ability to do useful
> things with hardware.


This interface has to stay there to support existing applications.  A
variety of measures (selinux, secureboot) can be used to make sure
modern ones to not get to touch it. Most distributions enable
some or all of these by default.

And it doesn't mean modern drivers can do this kind of thing.

Look, without an IOMMU, sysfs can not be used securely:
you need some other interface. This is what this driver is missing.

-- 
MST