Re: [dpdk-dev] [PATCH 2/2] uio: new driver to support PCI MSI-X
From: Avi Kivity
Date: Tue Oct 06 2015 - 11:41:38 EST
On 10/06/2015 05:07 PM, Michael S. Tsirkin wrote:
On Tue, Oct 06, 2015 at 03:15:57PM +0300, Avi Kivity wrote:
btw, (2) doesn't really add any insecurity. The user could already poke at
the msix tables (as well as perform DMA); they just couldn't get a useful
interrupt out of them.
Poking at msix tables won't cause memory corruption unless msix and bus
mastering is enabled.
It's a given that bus mastering is enabled. It's true that msix is
unlikely to be enabled, unless msix support is added.
It's true root can enable msix and bus mastering
through sysfs - but that's easy to block or detect. Even if you don't
buy a security story, it seems less likely to trigger as a result
of a userspace bug.
If you're doing DMA, that's the least of your worries.
Still, zero-mapping the msix space seems reasonable, and can protect
userspace from silly stuff. It can't be considered to have anything to
do with security though, as long as users can simply DMA to every bit of
RAM in the system they want to.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/