On 09/30/2015 11:40 PM, Michael S. Tsirkin wrote: > On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote: >> As it happens, you're removing the functionality from the users who have no >> other option. They can't use vfio because it doesn't work on virtualized >> setups. > ... > >> Root can already do anything. > I think there's a contradiction between the two claims above.
Yes, root can replace the current kernel with a patched kernel. In that sense, root can do anything, and the kernel is complete. Now let's stop playing word games. >> So what security issue is there? > A buggy userspace can and will corrupt kernel memory. > > ... > >> And for what, to prevent >> root from touching memory via dma that they can access in a million other >> ways? > So one can be reasonably sure a kernel oops is not a result of a > userspace bug. > That's not security. It's a legitimate concern though, one that is addressed by tainting the kernel.
