From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mst@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 01F705921
 for <dev@dpdk.org>; Tue,  6 Oct 2015 16:07:23 +0200 (CEST)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
 (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
 by mx1.redhat.com (Postfix) with ESMTPS id 1CA8D344F71;
 Tue,  6 Oct 2015 14:07:23 +0000 (UTC)
Received: from redhat.com (ovpn-116-38.ams2.redhat.com [10.36.116.38])
 by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id
 t96E7ITD010626; Tue, 6 Oct 2015 10:07:19 -0400
Date: Tue, 6 Oct 2015 17:07:17 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Avi Kivity <avi@scylladb.com>
Message-ID: <20151006170037-mutt-send-email-mst@redhat.com>
References: <1443652138-31782-1-git-send-email-stephen@networkplumber.org>
 <1443652138-31782-3-git-send-email-stephen@networkplumber.org>
 <20151001104505-mutt-send-email-mst@redhat.com>
 <20151005215455.GA7608@redhat.com>
 <CAOYyTHZHdS4Hr7Qq5FOdDMtooAKiAb26efAJ=NaxyMVqkYqiHQ@mail.gmail.com>
 <20151006013000-mutt-send-email-mst@redhat.com>
 <20151006083356.3da3defa@uryu.home.lan>
 <5613BB7D.3060202@scylladb.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5613BB7D.3060202@scylladb.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Cc: dev@dpdk.org, hjk@hansjkoch.de, gregkh@linux-foundation.org,
 linux-kernel@vger.kernel.org
Subject: Re: [dpdk-dev] [PATCH 2/2] uio: new driver to support PCI MSI-X
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 14:07:24 -0000

On Tue, Oct 06, 2015 at 03:15:57PM +0300, Avi Kivity wrote:
> btw, (2) doesn't really add any insecurity.  The user could already poke at
> the msix tables (as well as perform DMA); they just couldn't get a useful
> interrupt out of them.

Poking at msix tables won't cause memory corruption unless msix and bus
mastering is enabled.  It's true root can enable msix and bus mastering
through sysfs - but that's easy to block or detect. Even if you don't
buy a security story, it seems less likely to trigger as a result
of a userspace bug.

-- 
MST