Re: [PATCH] uio_pci_generic does not export memory resources

From: Hans J. Koch
Date: Sun Jun 10 2012 - 15:11:40 EST

Next message: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Previous message: William Blair: "[PATCH] Staging: keucr: init: fixed a brace coding style issue"
In reply to: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Next in thread: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote:
>
> One thing I stand corrected on: assigning a PF that does DMA with VFIO
> *might* be secure, and sometimes, maybe often, is.
> There's just no way to make sure.
> This is unlike uio_pci_generic where it would always be insecure.

You need to be root to access a UIO device, and if you're root, you can
compromise a system in many ways. Before UIO, people used /dev/mem for
similar purposes, and UIO is certainly a seccurity improvement over that.

But of course, UIO presents security risks. Like many other things below
/dev, you need to know what you're doing, and who gets access to /dev/uioX.

Thanks,
Hans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Previous message: William Blair: "[PATCH] Staging: keucr: init: fixed a brace coding style issue"
In reply to: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Next in thread: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]