On Tue, 29 Sep 2015 23:54:54 +0300 "Michael S. Tsirkin" <mst at redhat.com> wrote:
> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote: > > The security breach motivation u brought in "[RFC PATCH] uio: > > uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak > > since one u let the userland access to the bar it may do any funny thing > > using the DMA engine of the device. This kind of stuff should be prevented > > using the iommu and if it's enabled then any funny tricks using MSI/MSI-X > > configuration will be prevented too. > > > > I'm about to send the patch to main Linux mailing list. Let's continue this > > discussion there. > > > > Basically UIO shouldn't be used with devices capable of DMA. > Use VFIO for that (yes, this implies an emulated or PV IOMMU). > I don't think this can change. Given there is no PV IOMMU and even if there was it would be too slow for DPDK use, I can't accept that.
