On 10/01/2015 11:44 AM, Michael S. Tsirkin wrote: > On Wed, Sep 30, 2015 at 11:40:16PM +0300, Michael S. Tsirkin wrote: >>> And for what, to prevent >>> root from touching memory via dma that they can access in a million other >>> ways? >> So one can be reasonably sure a kernel oops is not a result of a >> userspace bug. > Actually, I thought about this overnight, and it should be possible to > drive it securely from userspace, without hypervisor changes.
Also without the performance that was the whole reason from doing it in userspace in the first place. I still don't understand your objection to the patch: > MSI messages are memory writes so any generic device capable > of MSI is capable of corrupting kernel memory. > This means that a bug in userspace will lead to kernel memory corruption > and crashes. This is something distributions can't support. If a distribution feels it can't support this configuration, it can disable the uio_pci_generic driver, or refuse to support tainted kernels. If it feels it can (and many distributions are starting to support dpdk), then you're just denying it the ability to serve its users. > See > > https://mid.gmane.org/20151001104505-mutt-send-email-mst at redhat.com > > >
