| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120610201957.GD2629@local> Date: Sun, 10 Jun 2012 22:19:57 +0200 From: "Hans J. Koch" <hjk@...sjkoch.de> To: "Michael S. Tsirkin" <mst@...hat.com> Cc: "Hans J. Koch" <hjk@...sjkoch.de>, Alex Williamson <alex.williamson@...hat.com>, Andreas Hartmann <andihartmann@...19freenet.de>, Dominic Eschweiler <eschweiler@...s.uni-frankfurt.de>, Jan Kiszka <jan.kiszka@...mens.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] uio_pci_generic does not export memory resources On Sun, Jun 10, 2012 at 10:16:54PM +0300, Michael S. Tsirkin wrote: > On Sun, Jun 10, 2012 at 09:11:30PM +0200, Hans J. Koch wrote: > > On Sun, Jun 10, 2012 at 10:00:36PM +0300, Michael S. Tsirkin wrote: > > > > > > One thing I stand corrected on: assigning a PF that does DMA with VFIO > > > *might* be secure, and sometimes, maybe often, is. > > > There's just no way to make sure. > > > This is unlike uio_pci_generic where it would always be insecure. > > > > You need to be root to access a UIO device, and if you're root, you can > > compromise a system in many ways. Before UIO, people used /dev/mem for > > similar purposes, and UIO is certainly a seccurity improvement over that. > > > > But of course, UIO presents security risks. Like many other things below > > /dev, you need to know what you're doing, and who gets access to /dev/uioX. > > > > Thanks, > > Hans > > Sorry I might not have explained myself clearly. uio_pci_generic would > be insecure if used with a device doing DMA. I am not speaking > about UIO in general at all. Oh, I do. There are many more risks than just DMA. I come from the embedded systems world, and there it is not uncommon that some strange device can simply turn the power off of some of your chips or even the whole system if programmed properly. And there are a lot of things that might be fine from the kernel's point of view, but render the system unusable from a user's point of view. UIO is a very thin layer on top of strange hardware. It just fills a gap for a certain class of devices that don't fit in anywhere else. Although I'm glad if somebody posts his UIO driver, I'm even more glad if another subsystem (IIO, VFIO) can be found for the damn chip ;-) Thanks, Hans -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists