On 10/01/2015 11:52 AM, Avi Kivity wrote: > > > On 10/01/2015 11:44 AM, Michael S. Tsirkin wrote: >> On Wed, Sep 30, 2015 at 11:40:16PM +0300, Michael S. Tsirkin wrote: >>>> And for what, to prevent >>>> root from touching memory via dma that they can access in a million other >>>> ways? >>> So one can be reasonably sure a kernel oops is not a result of a >>> userspace bug. >> Actually, I thought about this overnight, and it should be possible to >> drive it securely from userspace, without hypervisor changes. > > Also without the performance that was the whole reason from doing it > in userspace in the first place. > > I still don't understand your objection to the patch: > >> MSI messages are memory writes so any generic device capable >> of MSI is capable of corrupting kernel memory. >> This means that a bug in userspace will lead to kernel memory corruption >> and crashes. This is something distributions can't support. >
And this: > What userspace can't be allowed to do: > > access BAR > write rings > It can access the BAR by mmap()ing the resourceN files under sysfs. You're not denying userspace the ability to oops the kernel, just the ability to do useful things with hardware.
