From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id D7F608E61 for ; Thu, 1 Oct 2015 11:29:15 +0200 (CEST) Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 2AE32461C3; Thu, 1 Oct 2015 09:29:15 +0000 (UTC) Received: from redhat.com (ovpn-116-83.ams2.redhat.com [10.36.116.83]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t919TBqk010116; Thu, 1 Oct 2015 05:29:12 -0400 Date: Thu, 1 Oct 2015 12:29:11 +0300 From: "Michael S. Tsirkin" To: Avi Kivity Message-ID: <20151001121638-mutt-send-email-mst@redhat.com> References: <20150930151632-mutt-send-email-mst@redhat.com> <560BDE24.8000308@scylladb.com> <20150930165359-mutt-send-email-mst@redhat.com> <560BF782.4070308@scylladb.com> <20150930175848-mutt-send-email-mst@redhat.com> <560C0171.7080507@scylladb.com> <20150930204016.GA29975@redhat.com> <20151001113828-mutt-send-email-mst@redhat.com> <560CF44A.60102@scylladb.com> <560CF9C5.8050901@scylladb.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <560CF9C5.8050901@scylladb.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2015 09:29:16 -0000 On Thu, Oct 01, 2015 at 12:15:49PM +0300, Avi Kivity wrote: > What userspace can't be allowed to do: > > access BAR > write rings > > > > > It can access the BAR by mmap()ing the resourceN files under sysfs.  You're not > denying userspace the ability to oops the kernel, just the ability to do useful > things with hardware. This interface has to stay there to support existing applications. A variety of measures (selinux, secureboot) can be used to make sure modern ones to not get to touch it. Most distributions enable some or all of these by default. And it doesn't mean modern drivers can do this kind of thing. Look, without an IOMMU, sysfs can not be used securely: you need some other interface. This is what this driver is missing. -- MST