From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@scylladb.com>
Subject: Re: Having troubles binding an SR-IOV VF to
 uio_pci_generic on Amazon instance
Date: Thu, 1 Oct 2015 00:00:25 +0300
Message-ID: <560C4D69.5010403@scylladb.com>
References: <20150930143927-mutt-send-email-mst@redhat.com>
 <560BCD2F.5060505@cloudius-systems.com>
 <20150930150115-mutt-send-email-mst@redhat.com>
 <560BD284.7040505@cloudius-systems.com>
 <20150930151632-mutt-send-email-mst@redhat.com>
 <560BDE24.8000308@scylladb.com>
 <20150930165359-mutt-send-email-mst@redhat.com>
 <560BF782.4070308@scylladb.com>
 <20150930175848-mutt-send-email-mst@redhat.com>
 <560C0171.7080507@scylladb.com> <20150930204016.GA29975@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "dev@dpdk.org" <dev@dpdk.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com
 [209.85.212.175]) by dpdk.org (Postfix) with ESMTP id 130578E7B
 for <dev@dpdk.org>; Wed, 30 Sep 2015 23:00:29 +0200 (CEST)
Received: by wicfx3 with SMTP id fx3so1208006wic.0
 for <dev@dpdk.org>; Wed, 30 Sep 2015 14:00:28 -0700 (PDT)
In-Reply-To: <20150930204016.GA29975@redhat.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 09/30/2015 11:40 PM, Michael S. Tsirkin wrote:
> On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote:
>> As it happens, you're removing the functionality from the users who have no
>> other option.  They can't use vfio because it doesn't work on virtualized
>> setups.
> ...
>
>> Root can already do anything.
> I think there's a contradiction between the two claims above.

Yes, root can replace the current kernel with a patched kernel.  In that 
sense, root can do anything, and the kernel is complete.  Now let's stop 
playing word games.

>>   So what security issue is there?
> A buggy userspace can and will corrupt kernel memory.
>
> ...
>
>> And for what, to prevent
>> root from touching memory via dma that they can access in a million other
>> ways?
> So one can be reasonably sure a kernel oops is not a result of a
> userspace bug.
>

That's not security.  It's a legitimate concern though, one that is 
addressed by tainting the kernel.