On Wed, Sep 30, 2015 at 06:36:17PM +0300, Avi Kivity wrote: > As it happens, you're removing the functionality from the users who have no > other option. They can't use vfio because it doesn't work on virtualized > setups.
... > Root can already do anything. I think there's a contradiction between the two claims above. > So what security issue is there? A buggy userspace can and will corrupt kernel memory. ... > And for what, to prevent > root from touching memory via dma that they can access in a million other > ways? So one can be reasonably sure a kernel oops is not a result of a userspace bug. -- MST
