Re: [PATCH] uio_pci_generic does not export memory resources

From: Hans J. Koch
Date: Sun Jun 10 2012 - 16:20:58 EST

Next message: Frederic Weisbecker: "Re: [PATCH] rcu: Allow calls to rcu_exit_user_irq from nesting irqs"
Previous message: Dave Jones: "Re: oomkillers gone wild."
In reply to: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Next in thread: Hans J. Koch: "Re: [PATCH] uio_pci_generic does not export memory resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 10, 2012 at 10:16:54PM +0300, Michael S. Tsirkin wrote:
> On Sun, Jun 10, 2012 at 09:11:30PM +0200, Hans J. Koch wrote:
> > On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote:
> > >
> > > One thing I stand corrected on: assigning a PF that does DMA with VFIO
> > > *might* be secure, and sometimes, maybe often, is.
> > > There's just no way to make sure.
> > > This is unlike uio_pci_generic where it would always be insecure.
> >
> > You need to be root to access a UIO device, and if you're root, you can
> > compromise a system in many ways. Before UIO, people used /dev/mem for
> > similar purposes, and UIO is certainly a seccurity improvement over that.
> >
> > But of course, UIO presents security risks. Like many other things below
> > /dev, you need to know what you're doing, and who gets access to /dev/uioX.
> >
> > Thanks,
> > Hans
>
> Sorry I might not have explained myself clearly. uio_pci_generic would
> be insecure if used with a device doing DMA. I am not speaking
> about UIO in general at all.

Oh, I do. There are many more risks than just DMA. I come from the embedded
systems world, and there it is not uncommon that some strange device can
simply turn the power off of some of your chips or even the whole system
if programmed properly. And there are a lot of things that might be fine
from the kernel's point of view, but render the system unusable from a
user's point of view.

UIO is a very thin layer on top of strange hardware. It just fills a gap
for a certain class of devices that don't fit in anywhere else. Although I'm
glad if somebody posts his UIO driver, I'm even more glad if another
subsystem (IIO, VFIO) can be found for the damn chip ;-)

Thanks,
Hans

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frederic Weisbecker: "Re: [PATCH] rcu: Allow calls to rcu_exit_user_irq from nesting irqs"
Previous message: Dave Jones: "Re: oomkillers gone wild."
In reply to: Michael S. Tsirkin: "Re: [PATCH] uio_pci_generic does not export memory resources"
Next in thread: Hans J. Koch: "Re: [PATCH] uio_pci_generic does not export memory resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]