From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2890BA00BE; Fri, 1 Nov 2019 10:56:19 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9FDF01DFE9; Fri, 1 Nov 2019 10:56:18 +0100 (CET) Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by dpdk.org (Postfix) with ESMTP id E14601DFE4 for ; Fri, 1 Nov 2019 10:56:17 +0100 (CET) X-Originating-IP: 90.177.210.238 Received: from [192.168.1.110] (238.210.broadband10.iol.cz [90.177.210.238]) (Authenticated sender: i.maximets@ovn.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 31F4F1C0004; Fri, 1 Nov 2019 09:56:15 +0000 (UTC) To: Ilya Maximets , Thomas Monjalon , Jerin Jacob Cc: dev@dpdk.org, Shahaf Shuler , Stephen Hemminger , Andrew Rybchenko , Ferruh Yigit References: <4165509.5enYigmRGf@xps> <1727016.NX2bq4Vah3@xps> <53d2b0ea-1e1e-813c-1361-264e1118680c@ovn.org> From: Ilya Maximets Message-ID: <30f761f1-a62f-ced5-c505-781c480628e5@ovn.org> Date: Fri, 1 Nov 2019 10:56:15 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <53d2b0ea-1e1e-813c-1361-264e1118680c@ovn.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 01.11.2019 10:06, Ilya Maximets wrote: > On 01.11.2019 1:24, Thomas Monjalon wrote: >> 30/10/2019 10:24, Jerin Jacob: >>> On Wed, Oct 30, 2019 at 12:52 PM Shahaf Shuler wrote: >>>> Wednesday, October 30, 2019 6:09 AM, Jerin Jacob: >>>>> Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from >>>>> host >>>>> >>>>> On Wed, Oct 30, 2019 at 12:21 AM Thomas Monjalon >>>>> wrote: >>>>>> >>>>>> In a virtual environment, the network controller may have to configure >>>>>> some SR-IOV VF parameters for security reasons. >>>>> >>>>> Just to understand, Could you explain more details/examples for security >>>>> reasons? >>>>> >>>>>> >>>>>> When the PF (host port) is driven by DPDK (OVS-DPDK case), we face two >>>>>> different cases: >>>>>>      - driver is bifurcated (Mellanox case), >>>>>>        so the VF can be configured via the kernel. >>>>>>      - driver is on top of UIO or VFIO, so DPDK API is required, >>>>> >>>>> Not true. Both UIO and VFIO are NOT allowed to create SRIOV VF from the >>>>> PF device. >>>>> It is only allowed through igb-uio out of tree driver without iommu support. >>>> >>>> Per my understanding Thomas proposal is not to create the VFs >>>> from the PF device. it is to configure their network attributes >>>> from the PF after they have been created. >>> >>> Yes. My question is without creating the VF, How do you control them? >> >> We can create the VF via the kernel PF driver, before binding the PF to VFIO. > > AFAIK, this is not possible. VFs are gone as soon as you're unbinding kernel > PF driver.  And after binding of vfio-pci you can no longer create VFs. > > I tried to check some representor functionality about 2 months ago and didn't > find a way to enable VFs on Intel NICs if PF is under control of vfio-pci. Likely it was i40e driver from the kernel side. I see from the lkml thread that some drivers might not clear sriov on exit (ixgbe), but that wasn't my case and it's actually a controversial feature in general.