From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 57DD8A2EDB for ; Fri, 6 Sep 2019 11:45:09 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 3508C1F296; Fri, 6 Sep 2019 11:45:08 +0200 (CEST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by dpdk.org (Postfix) with ESMTP id 466C81F279 for ; Fri, 6 Sep 2019 11:45:06 +0200 (CEST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 9E0F222237; Fri, 6 Sep 2019 05:45:05 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Fri, 06 Sep 2019 05:45:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=mesmtp; bh=siuFWsX1c0Ji2yHT5iasaL109AHlRZj3uXCYLvEN9CA=; b=XxgjqL+w/qP4 wcuFaswsTSa3+UgKd9tSvN6aJDfZ7cdt3wFfe2gaRRAz5qj7arZ8wrdRQcNCfeWX odVMWsD8Saoep5MHkocMEGQGLY5KVE+OJFpLSo8WqaiO5vqGzttjCJqUZDmSe02q 1MHWQfQLSY08b+FMZg6qmnC9WvZdzbc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=siuFWsX1c0Ji2yHT5iasaL109AHlRZj3uXCYLvEN9 CA=; b=XSWqyd42qEqg+KuLS0sDxyggVRsJ5qzE3/REy4EKALQWFweu+aQd52mQb OGHQmFOEYyd9BwU3SlZSpE9nKbeJshmKV1p7Hk1B04sHvXe+6gCOB1U1xESg6WWe auOm3TYbU3vKRfVw9/Do4M7Iim4/Sg5q+mxkBddjqqICE78Ur2J+PP/ayMOyObab k/k05MV56pE2EofAKX98oRVk2qd9EuVnJJi9hM1bVx/fgxojx/78/IQ25MPS/TOH gdY5oGpvyvoL1DTefaWhwVUDhnWBOl7Aeil4ptEq3YedANfGYqvsyIiDyA3hZQEV WIUyaPpAXzjTGgc7mX01GAhQKI7HA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudejledgtdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkjghfggfgtgesthfure dttddtvdenucfhrhhomhepvfhhohhmrghsucfoohhnjhgrlhhonhcuoehthhhomhgrshes mhhonhhjrghlohhnrdhnvghtqeenucfkphepjeejrddufeegrddvtdefrddukeegnecurf grrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonhhjrghlohhnrdhnvghtnecu vehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id DD901D60066; Fri, 6 Sep 2019 05:45:04 -0400 (EDT) From: Thomas Monjalon To: vattunuru@marvell.com Cc: dev@dpdk.org, jerinj@marvell.com Date: Fri, 06 Sep 2019 11:45:03 +0200 Message-ID: <1612178.XsdEgM4R2a@xps> In-Reply-To: <20190906091230.13923-1-vattunuru@marvell.com> References: <20190906091230.13923-1-vattunuru@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [PATCH v1 1/1] kernel/linux: introduce vfio_pf kernel module X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 06/09/2019 11:12, vattunuru@marvell.com: > From: Vamsi Attunuru > > The DPDK use case such as VF representer or OVS offload etc > would call for PF and VF PCIe devices to bind vfio-pci > module to enable IOMMU protection. > > In addition to vSwitch use case, unlike, other PCI class of > devices, Network class of PCIe devices would have additional > responsibility on the PF devices such as promiscuous mode support > etc. > > The above use cases demand VFIO needs bound to PF and its > VF devices. This is use case is not supported in Linux kernel, > due to a security issue where it is possible to have > DoS in case if VF attached to guest over vfio-pci and netdev > kernel driver runs on it and which something VF representer > would like to enable it. > > Since we can not differentiate, the vfio-pci bounded VF devices > runs DPDK application or netdev driver in guest, we can not > introduce any scheme to fix DoS case and therefore not have > proper support of this in the upstream kernel. > > The igb_uio enables such PF and VF binding support for > non-iommu devices to make VF representer or OVS offload > run on non-iommu devices with DoS vulnerability for netdev driver > as VF. > > This kernel module, facilitate to enable SRIOV on PF devices, > therefore, to run both PF and VF devices in VFIO mode knowing > its impacts like igb_uio driver functions of non-iommu devices. > > Signed-off-by: Vamsi Attunuru > Signed-off-by: Jerin Jacob Sorry I fail to properly understand the explanation above. Please try to split in shorter sentences. About the request to add an out-of-tree Linux kernel driver, I guess Jerin is well aware that we don't want such anymore.