From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753165AbbJFPlf (ORCPT ); Tue, 6 Oct 2015 11:41:35 -0400 Received: from mail-wi0-f176.google.com ([209.85.212.176]:37332 "EHLO mail-wi0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752196AbbJFPle (ORCPT ); Tue, 6 Oct 2015 11:41:34 -0400 Subject: Re: [dpdk-dev] [PATCH 2/2] uio: new driver to support PCI MSI-X To: "Michael S. Tsirkin" References: <1443652138-31782-1-git-send-email-stephen@networkplumber.org> <1443652138-31782-3-git-send-email-stephen@networkplumber.org> <20151001104505-mutt-send-email-mst@redhat.com> <20151005215455.GA7608@redhat.com> <20151006013000-mutt-send-email-mst@redhat.com> <20151006083356.3da3defa@uryu.home.lan> <5613BB7D.3060202@scylladb.com> <20151006170037-mutt-send-email-mst@redhat.com> Cc: Stephen Hemminger , dev@dpdk.org, hjk@hansjkoch.de, gregkh@linux-foundation.org, linux-kernel@vger.kernel.org From: Avi Kivity Message-ID: <5613EBAA.7030802@scylladb.com> Date: Tue, 6 Oct 2015 18:41:30 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151006170037-mutt-send-email-mst@redhat.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/06/2015 05:07 PM, Michael S. Tsirkin wrote: > On Tue, Oct 06, 2015 at 03:15:57PM +0300, Avi Kivity wrote: >> btw, (2) doesn't really add any insecurity. The user could already poke at >> the msix tables (as well as perform DMA); they just couldn't get a useful >> interrupt out of them. > Poking at msix tables won't cause memory corruption unless msix and bus > mastering is enabled. It's a given that bus mastering is enabled. It's true that msix is unlikely to be enabled, unless msix support is added. > It's true root can enable msix and bus mastering > through sysfs - but that's easy to block or detect. Even if you don't > buy a security story, it seems less likely to trigger as a result > of a userspace bug. If you're doing DMA, that's the least of your worries. Still, zero-mapping the msix space seems reasonable, and can protect userspace from silly stuff. It can't be considered to have anything to do with security though, as long as users can simply DMA to every bit of RAM in the system they want to.