From: "Wang, Haiyue" <haiyue.wang@intel.com>
To: Andrew Rybchenko <arybchenko@solarflare.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"Burakov, Anatoly" <anatoly.burakov@intel.com>,
"thomas@monjalon.net" <thomas@monjalon.net>,
"jerinj@marvell.com" <jerinj@marvell.com>,
"david.marchand@redhat.com" <david.marchand@redhat.com>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>
Subject: Re: [dpdk-dev] [PATCH v13 2/2] eal: support for VFIO-PCI VF token
Date: Wed, 6 May 2020 17:06:21 +0000 [thread overview]
Message-ID: <296b4d28271c47f1add6224b82a8cf72@intel.com> (raw)
In-Reply-To: <c36a3047-3a7d-03d5-70c5-645ebf32aafa@solarflare.com>
+Alex
> -----Original Message-----
> From: Andrew Rybchenko <arybchenko@solarflare.com>
> Sent: Thursday, May 7, 2020 00:59
> To: Wang, Haiyue <haiyue.wang@intel.com>; dev@dpdk.org; Burakov, Anatoly <anatoly.burakov@intel.com>;
> thomas@monjalon.net; jerinj@marvell.com; david.marchand@redhat.com
> Subject: Re: [dpdk-dev] [PATCH v13 2/2] eal: support for VFIO-PCI VF token
>
> On 5/6/20 7:56 PM, Wang, Haiyue wrote:
> >> -----Original Message-----
> >> From: Andrew Rybchenko <arybchenko@solarflare.com>
> >> Sent: Thursday, May 7, 2020 00:51
> >> To: Wang, Haiyue <haiyue.wang@intel.com>; dev@dpdk.org; Burakov, Anatoly
> <anatoly.burakov@intel.com>;
> >> thomas@monjalon.net; jerinj@marvell.com; david.marchand@redhat.com
> >> Subject: Re: [dpdk-dev] [PATCH v13 2/2] eal: support for VFIO-PCI VF token
> >>
> >> On 5/6/20 2:35 PM, Haiyue Wang wrote:
> >>> The kernel module vfio-pci introduces the VF token to enable SR-IOV
> >>> support since 5.7.
> >>>
> >>> The VF token can be set by a vfio-pci based PF driver and must be known
> >>> by the vfio-pci based VF driver in order to gain access to the device.
> >>>
> >>> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
> >>> Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
> >>
> >> Sorry, lost from my view new versions of the patch series.
> >>
> >> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> >>
> >>> diff --git a/doc/guides/linux_gsg/linux_drivers.rst b/doc/guides/linux_gsg/linux_drivers.rst
> >>> index 238f3e900..910397243 100644
> >>> --- a/doc/guides/linux_gsg/linux_drivers.rst
> >>> +++ b/doc/guides/linux_gsg/linux_drivers.rst
> >>> @@ -72,11 +72,44 @@ Note that in order to use VFIO, your kernel must support it.
> >>> VFIO kernel modules have been included in the Linux kernel since version 3.6.0 and are usually
> >> present by default,
> >>> however please consult your distributions documentation to make sure that is the case.
> >>>
> >>> +The ``vfio-pci`` module since Linux version 5.7 supports the creation of virtual
> >>> +functions. After the PF is bound to vfio-pci module, the user can create the VFs
> >>> +by sysfs interface, and these VFs are bound to vfio-pci module automatically.
> >>> +
> >>> +When the PF is bound to vfio-pci, it has initial VF token generated by random. For
> >>> +security reason, this token is write only, the user can't read it from the kernel
> >>> +directly. For accessing the VF, the user needs to start the PF with token parameter
> >>> +to setup a VF token (uuid format), then the VF can be accessed with this new known
> >>> +VF token.
> >>
> >> If token is write-only in kernel sysfs, shouldn't we make it
> >> invisible in ps output? I.e. substitute with something like
> >> xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
> >> It is a bit easier with the new design. Just a thought.
> >>
> >
> > In fact, no sysfs for VF token, just write-only IOCTL. ;-)
>
> OK, got it. The question remains anyway. Should it be treated
> as a secret with at least minimal security precaution?
>
Sounds yes, and also it looks like be more friendly for user to check whether
this PF/VF have a VF token required or not by cat /sys/...
@Alex may consider this design.
next prev parent reply other threads:[~2020-05-06 17:06 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 4:33 [dpdk-dev] [RFC v1 1/1] vfio: set vf token and gain vf device access vattunuru
2020-04-01 3:14 ` Varghese, Vipin
2020-04-10 7:10 ` Vamsi Krishna Attunuru
2020-04-02 12:43 ` Wang, Haiyue
2020-04-10 7:28 ` Vamsi Krishna Attunuru
2020-04-10 7:43 ` Wang, Haiyue
2020-04-10 7:32 ` [dpdk-dev] [RFC v2] eal: add VFIO-PCI SR-IOV support Haiyue Wang
2020-04-10 13:02 ` [dpdk-dev] [EXT] " Vamsi Krishna Attunuru
2020-04-13 2:31 ` [dpdk-dev] [PATCH v1] " Haiyue Wang
2020-04-13 4:45 ` [dpdk-dev] [PATCH v2] " Haiyue Wang
2020-04-13 6:42 ` [dpdk-dev] [PATCH v3] " Haiyue Wang
2020-04-13 8:29 ` [dpdk-dev] [PATCH v4] " Haiyue Wang
2020-04-13 12:18 ` Thomas Monjalon
2020-04-13 17:01 ` Wang, Haiyue
2020-04-13 15:37 ` Andrew Rybchenko
2020-04-13 16:45 ` Wang, Haiyue
2020-04-14 3:06 ` [dpdk-dev] [PATCH v5 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-04-14 3:06 ` [dpdk-dev] [PATCH v5 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-14 3:06 ` [dpdk-dev] [PATCH v5 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-14 3:21 ` [dpdk-dev] [PATCH v6 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-04-14 3:21 ` [dpdk-dev] [PATCH v6 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-14 3:21 ` [dpdk-dev] [PATCH v6 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-14 13:18 ` [dpdk-dev] [EXT] [PATCH v6 0/2] support for VFIO-PCI VF token interface Vamsi Krishna Attunuru
2020-04-18 9:22 ` [dpdk-dev] " David Marchand
2020-04-18 9:38 ` Wang, Haiyue
2020-04-18 9:50 ` Thomas Monjalon
2020-04-18 9:58 ` Wang, Haiyue
2020-04-18 11:16 ` [dpdk-dev] [PATCH v7 " Haiyue Wang
2020-04-18 11:16 ` [dpdk-dev] [PATCH v7 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-18 11:16 ` [dpdk-dev] [PATCH v7 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-18 13:26 ` Thomas Monjalon
2020-04-18 17:37 ` Wang, Haiyue
2020-04-18 17:30 ` [dpdk-dev] [PATCH v8 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-04-18 17:30 ` [dpdk-dev] [PATCH v8 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-18 17:30 ` [dpdk-dev] [PATCH v8 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-20 17:12 ` Thomas Monjalon
2020-04-20 16:53 ` [dpdk-dev] [PATCH v8 0/2] support for VFIO-PCI VF token interface David Marchand
2020-04-20 17:02 ` Wang, Haiyue
2020-04-20 17:13 ` Thomas Monjalon
2020-04-20 17:37 ` Wang, Haiyue
2020-04-20 17:42 ` Thomas Monjalon
2020-04-21 1:38 ` Wang, Haiyue
2020-04-21 2:12 ` Thomas Monjalon
2020-04-21 2:52 ` Wang, Haiyue
2020-04-21 8:47 ` Thomas Monjalon
2020-04-21 17:35 ` Wang, Haiyue
2020-04-22 5:08 ` [dpdk-dev] [PATCH v9 " Haiyue Wang
2020-04-22 5:08 ` [dpdk-dev] [PATCH v9 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-22 5:08 ` [dpdk-dev] [PATCH v9 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-22 8:23 ` Thomas Monjalon
2020-04-22 14:02 ` Wang, Haiyue
2020-04-26 1:55 ` [dpdk-dev] [PATCH v10 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-04-26 1:55 ` [dpdk-dev] [PATCH v10 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-04-26 1:55 ` [dpdk-dev] [PATCH v10 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-04-27 11:18 ` Burakov, Anatoly
2020-05-06 16:40 ` Andrew Rybchenko
2020-05-05 7:46 ` [dpdk-dev] [PATCH v11 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-05-05 7:46 ` [dpdk-dev] [PATCH v11 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-05-05 7:46 ` [dpdk-dev] [PATCH v11 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-05-05 10:34 ` [dpdk-dev] [PATCH v12 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-05-05 10:34 ` [dpdk-dev] [PATCH v12 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-05-05 10:34 ` [dpdk-dev] [PATCH v12 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-05-06 10:27 ` Burakov, Anatoly
2020-05-06 11:35 ` Wang, Haiyue
2020-05-06 11:39 ` Burakov, Anatoly
2020-05-06 11:44 ` Wang, Haiyue
2020-05-06 11:35 ` [dpdk-dev] [PATCH v13 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-05-06 11:35 ` [dpdk-dev] [PATCH v13 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-05-06 11:35 ` [dpdk-dev] [PATCH v13 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-05-06 16:51 ` Andrew Rybchenko
2020-05-06 16:56 ` Wang, Haiyue
2020-05-06 16:58 ` Andrew Rybchenko
2020-05-06 17:06 ` Wang, Haiyue [this message]
2020-05-28 1:22 ` [dpdk-dev] [PATCH v14 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-05-28 1:22 ` [dpdk-dev] [PATCH v14 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-05-28 1:22 ` [dpdk-dev] [PATCH v14 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-05-29 1:26 ` Ye Xiaolong
2020-05-29 1:38 ` Wang, Haiyue
2020-05-29 1:37 ` [dpdk-dev] [PATCH v15 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-05-29 1:37 ` [dpdk-dev] [PATCH v15 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-05-29 1:37 ` [dpdk-dev] [PATCH v15 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-06-17 6:33 ` [dpdk-dev] [PATCH v16 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-06-17 6:33 ` [dpdk-dev] [PATCH v16 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-06-17 6:33 ` [dpdk-dev] [PATCH v16 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-06-22 20:39 ` Harman Kalra
2020-06-25 7:33 ` David Marchand
2020-06-25 10:49 ` Wang, Haiyue
2020-07-03 14:57 ` [dpdk-dev] [PATCH v17 0/2] support for VFIO-PCI VF token interface Haiyue Wang
2020-07-03 14:57 ` [dpdk-dev] [PATCH v17 1/2] eal: add uuid dependent header files explicitly Haiyue Wang
2020-07-06 14:32 ` David Marchand
2020-07-03 14:57 ` [dpdk-dev] [PATCH v17 2/2] eal: support for VFIO-PCI VF token Haiyue Wang
2020-07-07 12:05 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=296b4d28271c47f1add6224b82a8cf72@intel.com \
--to=haiyue.wang@intel.com \
--cc=alex.williamson@redhat.com \
--cc=anatoly.burakov@intel.com \
--cc=arybchenko@solarflare.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).