From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0D400A00BE; Fri, 1 Nov 2019 10:06:49 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 97F2B1DFE6; Fri, 1 Nov 2019 10:06:48 +0100 (CET) Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by dpdk.org (Postfix) with ESMTP id E592B1DFE5 for ; Fri, 1 Nov 2019 10:06:47 +0100 (CET) X-Originating-IP: 90.177.210.238 Received: from [192.168.1.110] (238.210.broadband10.iol.cz [90.177.210.238]) (Authenticated sender: i.maximets@ovn.org) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 409BF1BF208; Fri, 1 Nov 2019 09:06:45 +0000 (UTC) To: Thomas Monjalon , Jerin Jacob Cc: dev@dpdk.org, Shahaf Shuler , Stephen Hemminger , Andrew Rybchenko , Ferruh Yigit References: <4165509.5enYigmRGf@xps> <1727016.NX2bq4Vah3@xps> From: Ilya Maximets Message-ID: <53d2b0ea-1e1e-813c-1361-264e1118680c@ovn.org> Date: Fri, 1 Nov 2019 10:06:45 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <1727016.NX2bq4Vah3@xps> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 01.11.2019 1:24, Thomas Monjalon wrote: > 30/10/2019 10:24, Jerin Jacob: >> On Wed, Oct 30, 2019 at 12:52 PM Shahaf Shuler wrote: >>> Wednesday, October 30, 2019 6:09 AM, Jerin Jacob: >>>> Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from >>>> host >>>> >>>> On Wed, Oct 30, 2019 at 12:21 AM Thomas Monjalon >>>> wrote: >>>>> >>>>> In a virtual environment, the network controller may have to configure >>>>> some SR-IOV VF parameters for security reasons. >>>> >>>> Just to understand, Could you explain more details/examples for security >>>> reasons? >>>> >>>>> >>>>> When the PF (host port) is driven by DPDK (OVS-DPDK case), we face two >>>>> different cases: >>>>> - driver is bifurcated (Mellanox case), >>>>> so the VF can be configured via the kernel. >>>>> - driver is on top of UIO or VFIO, so DPDK API is required, >>>> >>>> Not true. Both UIO and VFIO are NOT allowed to create SRIOV VF from the >>>> PF device. >>>> It is only allowed through igb-uio out of tree driver without iommu support. >>> >>> Per my understanding Thomas proposal is not to create the VFs >>> from the PF device. it is to configure their network attributes >>> from the PF after they have been created. >> >> Yes. My question is without creating the VF, How do you control them? > > We can create the VF via the kernel PF driver, before binding the PF to VFIO. AFAIK, this is not possible. VFs are gone as soon as you're unbinding kernel PF driver. And after binding of vfio-pci you can no longer create VFs. I tried to check some representor functionality about 2 months ago and didn't find a way to enable VFs on Intel NICs if PF is under control of vfio-pci. Best regards, Ilya Maximets.