DPDK patches and discussions
 help / color / mirror / Atom feed
From: Stephen Hemminger <stephen@networkplumber.org>
To: Ferruh Yigit <ferruh.yigit@intel.com>
Cc: Elad Nachman <eladv6@gmail.com>,
	dev@dpdk.org, stable@dpdk.org, Igor Ryzhov <iryzhov@nfware.com>,
	Eric Christian <erclists@gmail.com>
Subject: Re: [dpdk-dev] [PATCH] kni: restrict bifurcated device support
Date: Fri, 8 Oct 2021 19:03:35 -0700
Message-ID: <20211008190335.1fdc8f4a@hermes.local> (raw)
In-Reply-To: <20211008235830.127167-1-ferruh.yigit@intel.com>

On Sat,  9 Oct 2021 00:58:30 +0100
Ferruh Yigit <ferruh.yigit@intel.com> wrote:

> To enable bifurcated device support, rtnl_lock is released before calling
> userspace callbacks and asynchronous requests are enabled.
> But these changes caused more issues, like bug #809, #816. To reduce the
> scope of the problems, the bifurcated device support related changes are
> only enabled when it is requested explicitly with new 'enable_bifurcated'
> module parameter.
> And bifurcated device support is disabled by default.
> So the bifurcated device related problems are isolated and they can be
> fixed without impacting all use cases.
> Bugzilla ID: 816
> Fixes: 631217c76135 ("kni: fix kernel deadlock with bifurcated device")
> Cc: stable@dpdk.org
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

Calling userspace with semaphore held is still risky and buggy.
There is no guarantee that the userspace DPDK application will be well behaved.
And if it is not, the spinning holding RTNL would break any other network management
functions in the kernel.

These are the kind of problems that make me think it there should be a
big "DO NOT USE THIS" onto KNI. Maybe make it print a big nasty message
(see kernel VFIO without IOMMU description) or mark kernel as tainted??

See: https://fedoraproject.org/wiki/KernelStagingPolicy

Something like:

diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c
index 611719b5ee27..d47fc6133cbe 100644
--- a/kernel/linux/kni/kni_net.c
+++ b/kernel/linux/kni/kni_net.c
@@ -838,6 +838,14 @@ kni_net_init(struct net_device *dev)
 	dev->header_ops      = &kni_net_header_ops;
 	dev->ethtool_ops     = &kni_net_ethtool_ops;
 	dev->watchdog_timeo = WD_TIMEOUT;
+	/*
+	 * KNI is unsafe since it requires calling userspace to do
+	 * control operations. And the overall quality according to
+	 * kernel standards is the same as devices in staging.
+	 */
+	netdev_warn(dev, "Adding kernel taint for KNI because it is not safe\n");

  reply	other threads:[~2021-10-09  2:03 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-08 23:58 Ferruh Yigit
2021-10-09  2:03 ` Stephen Hemminger [this message]
2021-11-23  9:54   ` Ferruh Yigit
2021-11-23 16:22     ` Stephen Hemminger
2021-11-23 16:51       ` Ferruh Yigit
2021-11-23 19:10         ` Stephen Hemminger
2021-11-17 16:42 ` Igor Ryzhov
2021-11-23 16:46 ` [PATCH v2] " Ferruh Yigit
2021-11-24 13:51   ` Thomas Monjalon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211008190335.1fdc8f4a@hermes.local \
    --to=stephen@networkplumber.org \
    --cc=dev@dpdk.org \
    --cc=eladv6@gmail.com \
    --cc=erclists@gmail.com \
    --cc=ferruh.yigit@intel.com \
    --cc=iryzhov@nfware.com \
    --cc=stable@dpdk.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git