From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D08D9A00BE; Wed, 30 Oct 2019 09:56:22 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 441111BEA8; Wed, 30 Oct 2019 09:56:21 +0100 (CET) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by dpdk.org (Postfix) with ESMTP id 92FFB1BEA6 for ; Wed, 30 Oct 2019 09:56:19 +0100 (CET) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 6227C428; Wed, 30 Oct 2019 04:56:16 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Wed, 30 Oct 2019 04:56:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=mesmtp; bh=nZ4NuPD56SRMWf3OCWMMohjxMeJb06LckhjTFzrDrpU=; b=Nci50X1y+qHB MZF/4bPE7ycc2NP3z+yVDaPDoK8KsFvVcSIoY4X7MZL0pF769u58fxijOtSWSZ/H V7mCKgXaFAnYIi5/ShV5i8LEJoqkrUjRT5yBW2bGQBOh2i4P/85DsUaeg15eDfDW r79JU58mIYmPrOvZwHZ9GNQzJY0AX24= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=nZ4NuPD56SRMWf3OCWMMohjxMeJb06LckhjTFzrDr pU=; b=sfA9Y0ajT76OGf41pjp4kfCXNBPEnKZcD3KTIYPGPNyJyNarwoVuUXzKz KZJfQmpd+ifqxCbIkm59K8eM7GiulnRhgLjNoFh/7Nc7yX6n/f7qsnAawDGyp8F9 qJQyu+kz03ClZ2ZjM5SLpFeNXGpNtmJ4ovmTt3NFhNgX+gAjuxwCeniVbEwDB4W9 /jmQHw9tn5VAShWcOEozHyrvJbxqs8XxUB0H9dUxwWWl9m4/pCuGUQXGbYI2IQlO WRdIvp0D6DlrqxYVSf14klri5uMFByCHObBqLrahvfxRL2JJd+0t/9lYsP4WSFp7 vh1ea8luPAKUDvONsL05EBDsio+aQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddtvddguddvjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvffufffkjghfggfgtgesthfuredttddtvdenucfhrhhomhepvfhhohhm rghsucfoohhnjhgrlhhonhcuoehthhhomhgrshesmhhonhhjrghlohhnrdhnvghtqeenuc ffohhmrghinhepkhgvrhhnvghlrdhorhhgpdguphgukhdrohhrghenucfkphepjeejrddu feegrddvtdefrddukeegnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmh honhhjrghlohhnrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id 93D0A306005F; Wed, 30 Oct 2019 04:56:14 -0400 (EDT) From: Thomas Monjalon To: Jerin Jacob Cc: Stephen Hemminger , Andrew Rybchenko , Ferruh Yigit , dpdk-dev Date: Wed, 30 Oct 2019 09:56:11 +0100 Message-ID: <4976847.S65dXbhd2F@xps> In-Reply-To: References: <4165509.5enYigmRGf@xps> <20191029185051.32203-1-thomas@monjalon.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 30/10/2019 05:08, Jerin Jacob: > On Wed, Oct 30, 2019 at 12:21 AM Thomas Monjalon wrote: > > > > In a virtual environment, the network controller may have to configure > > some SR-IOV VF parameters for security reasons. > > Just to understand, Could you explain more details/examples for > security reasons? Examples are setting the MAC address or the promiscuous mode. These settings should be decided by the hypervisor, and not freely set by the VM. > > When the PF (host port) is driven by DPDK (OVS-DPDK case), > > we face two different cases: > > - driver is bifurcated (Mellanox case), > > so the VF can be configured via the kernel. > > - driver is on top of UIO or VFIO, so DPDK API is required, > > Not true. Both UIO and VFIO are NOT allowed to create SRIOV VF from > the PF device. > It is only allowed through igb-uio out of tree driver without iommu support. Not sure I said the contrary. igb_uio and vfio_pf are 2 implementations of UIO and VFIO. > > and PMD-specific APIs were used. > > This new generic API will avoid vendors fragmentation. > > The API is good. But I have concerns about the vendor implementation > of this API. > It can support only vendors with bifurcated driver(Mellanox case). > or using igb_uio(non iommu case) but not the devices with VFIO(Which > is the first-class citizen). Why not? (see above) The API is agnostic to the kernel driver in use. > All the control plane control stuff to replace Linux with "port > representor" logic > will be of the mercy of an "out of tree" driver either with igb_uio > or http://patches.dpdk.org/patch/58810/ > > I am _not against_ on DPDK supports port representor or controlling > netdev VF traffic, > but if we have taken that path then DPDK should have the > infrastructure to support for > all driver models like VFIO(Addressed in [1]) > > I would have this question when DPDK starts supporting port > representor(but I was not > aware that kernel security issue on netdev ports controlled by DPDK in > non-bifurcated driver case > and concise effort block such scheme by kernel [2]) > > > [1] > http://patches.dpdk.org/patch/58810/ > [2] > https://patchwork.kernel.org/patch/10522381/ I feel you are using this thread to promote your vfio_pf implementation. But this API and the kernel module are orthogonals. Please can we focus on the DPDK API in this thread, and talk about VFIO implementation in the other thread?