From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B5289A2F6B for ; Tue, 8 Oct 2019 17:12:55 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id F31C51C07E; Tue, 8 Oct 2019 17:12:54 +0200 (CEST) Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by dpdk.org (Postfix) with ESMTP id 3BFA11BFDA for ; Tue, 8 Oct 2019 17:12:53 +0200 (CEST) Received: by mail-pl1-f193.google.com with SMTP id f21so8565933plj.10 for ; Tue, 08 Oct 2019 08:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=d6gIw314Kwvz781w7dXQ/tkfepRM6a/RvcQhJOh0P38=; b=C/bgz59ptnP93sFp2aL0adQ5HD/0v1fuJFZHY5eenv8VA8W35nqi1bnbkmSzN4sNpf R33nuK5SPYKzx/1ZSpA5VYMU259p1+5OHKuyfus/j3+BGEzZRJeLq9C+gH7WKo42/VY1 vQTsoJqakC5rg5fiGNM26ESx/fJZ+wEy12Sdcg71ZWHB2haqNC4LknMo9LhCngHBcJ8X Eg+qyGdnAqcnGvKbiF+vQdKz+WXaLZyd1bj+uK0c7B/pRxPjeiiraqIRpcg4BudPJkCk jckXbY4/GrcybMdgHKUsmnb9wqeWxzK3cFg0xgnbAWy9ZbUmM3Vgqp4mBYxWSf4GFvUS D82g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=d6gIw314Kwvz781w7dXQ/tkfepRM6a/RvcQhJOh0P38=; b=pQDwZl8NrYzCwnHUGIFOcD1AKTF91ssS5F/DkJWyCol1uFc98iTTpW0mEaEd+7sQPs ifVXi6TNu/aN8Q/ma0vIhLysPRSqDfdunicdPi6Tved0XelJEcOcIZCAi0uVLn/f8JNb nYlTbYbkfW4lX6ZA4mg9orVyqG+WvRkbeskgZdB4wcCxnvpFNx1NKyR+p31jGF0gDM/M IwezoL6D7j7ZvVjpA7cUMGpXF5SPVpimdQ6Do4StoChbWIaBlgOqQFwXDySVAlWhae6F /v6kaOLi3jEOHh774jGriIMykdiqlpMuK7QzaBdWu28mhAiOUOC+DPBhm7ajWwKk93Eh NU6g== X-Gm-Message-State: APjAAAXDdks9uqyvDdFQ92qRX/xSnlVMWsZOfTZsMfbbbXJWftA/CXxE BZZMPm01Tm9bDY1DUD6jh+2+lQ== X-Google-Smtp-Source: APXvYqy3ZC095dyfNH0aIA0OkWIdgyIJekL7yaHj/xdP8JfNE4PKNBV5v7mTG1vQHgitUIujCBlqMQ== X-Received: by 2002:a17:902:ab89:: with SMTP id f9mr35365414plr.295.1570547572190; Tue, 08 Oct 2019 08:12:52 -0700 (PDT) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id h66sm2687791pjb.0.2019.10.08.08.12.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:12:51 -0700 (PDT) Date: Tue, 8 Oct 2019 08:12:44 -0700 From: Stephen Hemminger To: Cc: , , Message-ID: <20191008081244.425551a0@hermes.lan> In-Reply-To: <20190906091230.13923-1-vattunuru@marvell.com> References: <20190906091230.13923-1-vattunuru@marvell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v1 1/1] kernel/linux: introduce vfio_pf kernel module X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Fri, 6 Sep 2019 14:42:30 +0530 wrote: > From: Vamsi Attunuru > > The DPDK use case such as VF representer or OVS offload etc > would call for PF and VF PCIe devices to bind vfio-pci > module to enable IOMMU protection. > > In addition to vSwitch use case, unlike, other PCI class of > devices, Network class of PCIe devices would have additional > responsibility on the PF devices such as promiscuous mode support > etc. > > The above use cases demand VFIO needs bound to PF and its > VF devices. This is use case is not supported in Linux kernel, > due to a security issue where it is possible to have > DoS in case if VF attached to guest over vfio-pci and netdev > kernel driver runs on it and which something VF representer > would like to enable it. > > Since we can not differentiate, the vfio-pci bounded VF devices > runs DPDK application or netdev driver in guest, we can not > introduce any scheme to fix DoS case and therefore not have > proper support of this in the upstream kernel. > > The igb_uio enables such PF and VF binding support for > non-iommu devices to make VF representer or OVS offload > run on non-iommu devices with DoS vulnerability for netdev driver > as VF. > > This kernel module, facilitate to enable SRIOV on PF devices, > therefore, to run both PF and VF devices in VFIO mode knowing > its impacts like igb_uio driver functions of non-iommu devices. > > Signed-off-by: Vamsi Attunuru > Signed-off-by: Jerin Jacob NAK Having kernel drivers not in upstream kernel is a long term maintenance and security risk. Please work with upstream kernel developers to get this merged there.