From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@scylladb.com>
Subject: Re: Having troubles binding an SR-IOV VF to
 uio_pci_generic on Amazon instance
Date: Thu, 1 Oct 2015 12:15:49 +0300
Message-ID: <560CF9C5.8050901@scylladb.com>
References: <560BCD2F.5060505@cloudius-systems.com>
 <20150930150115-mutt-send-email-mst@redhat.com>
 <560BD284.7040505@cloudius-systems.com>
 <20150930151632-mutt-send-email-mst@redhat.com>
 <560BDE24.8000308@scylladb.com>
 <20150930165359-mutt-send-email-mst@redhat.com>
 <560BF782.4070308@scylladb.com>
 <20150930175848-mutt-send-email-mst@redhat.com>
 <560C0171.7080507@scylladb.com> <20150930204016.GA29975@redhat.com>
 <20151001113828-mutt-send-email-mst@redhat.com> <560CF44A.60102@scylladb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "dev@dpdk.org" <dev@dpdk.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com
 [209.85.212.179]) by dpdk.org (Postfix) with ESMTP id 269F78E67
 for <dev@dpdk.org>; Thu,  1 Oct 2015 11:15:52 +0200 (CEST)
Received: by wicfx3 with SMTP id fx3so23164628wic.1
 for <dev@dpdk.org>; Thu, 01 Oct 2015 02:15:52 -0700 (PDT)
In-Reply-To: <560CF44A.60102@scylladb.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>



On 10/01/2015 11:52 AM, Avi Kivity wrote:
>
>
> On 10/01/2015 11:44 AM, Michael S. Tsirkin wrote:
>> On Wed, Sep 30, 2015 at 11:40:16PM +0300, Michael S. Tsirkin wrote:
>>>> And for what, to prevent
>>>> root from touching memory via dma that they can access in a million other
>>>> ways?
>>> So one can be reasonably sure a kernel oops is not a result of a
>>> userspace bug.
>> Actually, I thought about this overnight, and  it should be possible to
>> drive it securely from userspace, without hypervisor changes.
>
> Also without the performance that was the whole reason from doing it 
> in userspace in the first place.
>
> I still don't understand your objection to the patch:
>
>> MSI messages are memory writes so any generic device capable
>> of MSI is capable of corrupting kernel memory.
>> This means that a bug in userspace will lead to kernel memory corruption
>> and crashes.  This is something distributions can't support.
>

And this:

> What userspace can't be allowed to do:
>
> 	access BAR
> 	write rings
>

It can access the BAR by mmap()ing the resourceN files under sysfs. 
You're not denying userspace the ability to oops the kernel, just the 
ability to do useful things with hardware.