From: "Xia, Chenbo" <chenbo.xia@intel.com>
To: Vijay Kumar Srivastava <vsrivast@xilinx.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "maxime.coquelin@redhat.com" <maxime.coquelin@redhat.com>,
"andrew.rybchenko@oktetlabs.ru" <andrew.rybchenko@oktetlabs.ru>,
"Harpreet Singh Anand" <hanand@xilinx.com>,
Praveen Kumar Jain <praveenj@xilinx.com>
Subject: Re: [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization
Date: Mon, 6 Sep 2021 03:02:16 +0000 [thread overview]
Message-ID: <MN2PR11MB4063E5A48FE41FCE96EE10AB9CD29@MN2PR11MB4063.namprd11.prod.outlook.com> (raw)
In-Reply-To: <SJ0PR02MB73271AA7A901587FF5862CDCB9CF9@SJ0PR02MB7327.namprd02.prod.outlook.com>
Hi,
> -----Original Message-----
> From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
> Sent: Friday, September 3, 2021 9:20 PM
> To: Xia, Chenbo <chenbo.xia@intel.com>; dev@dpdk.org
> Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru; Harpreet Singh
> Anand <hanand@xilinx.com>; Praveen Kumar Jain <praveenj@xilinx.com>
> Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device initialization
>
>
> Hi Chenbo,
>
> >-----Original Message-----
> >From: Xia, Chenbo <chenbo.xia@intel.com>
> >Sent: Monday, August 30, 2021 4:22 PM
> >To: Vijay Kumar Srivastava <vsrivast@xilinx.com>; dev@dpdk.org
> >Cc: maxime.coquelin@redhat.com; andrew.rybchenko@oktetlabs.ru; Vijay
> >Kumar Srivastava <vsrivast@xilinx.com>
> >Subject: RE: [PATCH 02/10] vdpa/sfc: add support for device initialization
> >
> >Hi Vijay,
> >
> >> -----Original Message-----
> >> From: Vijay Srivastava <vijay.srivastava@xilinx.com>
> >> Sent: Wednesday, July 7, 2021 12:44 AM
> >> To: dev@dpdk.org
> >> Cc: maxime.coquelin@redhat.com; Xia, Chenbo <chenbo.xia@intel.com>;
> >> andrew.rybchenko@oktetlabs.ru; Vijay Kumar Srivastava
> >> <vsrivast@xilinx.com>
> >> Subject: [PATCH 02/10] vdpa/sfc: add support for device initialization
> >>
> >> From: Vijay Kumar Srivastava <vsrivast@xilinx.com>
> >>
> >> Add HW initialization and vDPA device registration support.
> >>
> >> Signed-off-by: Vijay Kumar Srivastava <vsrivast@xilinx.com>
> >> ---
>
> [snip]
>
> >> +sfc_vdpa_dma_alloc(struct sfc_vdpa_adapter *sva, const char *name,
> >> + size_t len, efsys_mem_t *esmp)
> >> +{
> >> + void *mcdi_buf;
> >> + uint64_t mcdi_iova;
> >> + size_t mcdi_buff_size;
> >> + int ret;
> >> +
> >> + mcdi_buff_size = RTE_ALIGN_CEIL(len, PAGE_SIZE);
> >> +
> >> + sfc_vdpa_log_init(sva, "name=%s, len=%zu", name, len);
> >> +
> >> + mcdi_buf = rte_zmalloc(name, mcdi_buff_size, PAGE_SIZE);
> >> + if (mcdi_buf == NULL) {
> >> + sfc_vdpa_err(sva, "cannot reserve memory for %s: len=%#x:
> >%s",
> >> + name, (unsigned int)len, rte_strerror(rte_errno));
> >> + return -ENOMEM;
> >> + }
> >> +
> >> + /* IOVA address for MCDI would be re-calculated if mapping
> >
> >What is MCDI?
>
> MCDI is a control interface between driver and firmware.
> It is used by the host drivers to configure the adapter and retrieve status.
Cool, thanks for explanation.
>
> >> + * using default IOVA would fail.
> >> + * TODO: Earlier there was no way to get valid IOVA range.
> >> + * Recently a patch has been submitted to get the IOVA range
> >> + * using ioctl. VFIO_IOMMU_GET_INFO. This patch is available
> >> + * in the kernel version >= 5.4. Support to get the default
> >> + * IOVA address for MCDI buffer using available IOVA range
> >> + * would be added later. Meanwhile default IOVA for MCDI buffer
> >> + * is kept at high mem at 2TB. In case of overlap new available
> >> + * addresses would be searched and same would be used.
> >> + */
> >> + mcdi_iova = SFC_VDPA_DEFAULT_MCDI_IOVA;
> >> +
> >> + do {
> >> + ret = rte_vfio_container_dma_map(sva->vfio_container_fd,
> >> + (uint64_t)mcdi_buf,
> >mcdi_iova,
> >> + mcdi_buff_size);
> >> + if (ret == 0)
> >> + break;
> >> +
> >> + mcdi_iova = mcdi_iova >> 1;
> >> + if (mcdi_iova < mcdi_buff_size) {
> >> + sfc_vdpa_err(sva,
> >> + "DMA mapping failed for MCDI : %s",
> >> + rte_strerror(rte_errno));
> >> + return ret;
> >> + }
> >> +
> >> + } while (ret < 0);
> >
> >Is this DMA region for some hardware-specific control msg?
> >
> >And how do you make sure this IOVA space you defined in this driver will not
> >conflict with the IOVA space that vdpa device consumer (Most likely QEMU)
> >defines (If QEMU, IOVA = guest physical address)
>
> Currently IOVA for MCDI buffer is kept at very high mem at 2TB.
OK. That sounds a work-around to me but we can't make assumption of consumer not
using that address range. And there is a security issue here, please see below
comment.
>
> To handle IOVA overlap detection scenario a patch is in progress which will be
> submitted soon.
> In that patch, upon IOVA overlap detection new available IOVA would be
> calculated and MCDI buffer would be remapped to new IOVA.
Let's say there is a malicious guest who knows your initial IOVA range that is set
up by your driver (even if it does not know, it can use tests to know. So use static
IOVA range in host is more dangerous). It can use that address in any DMA-able queue
and make DMA into the vdpa app. I think it could cause some security issue as you
let guest easily writing host memory.
For now I don't see a perfect solution except PASID(Process Address Space ID). IIRC,
We could let QEMU have a primary PASID and vdpa app have a secondary PASID so that
VM can't perform DMA to vdpa app. But since it needs HW support and related support
in vfio is not mature, I don't think we are able to use that solution now.
Any solution you can think of for your HW?
Thanks,
Chenbo
>
> [snip]
>
> Thanks,
> Vijay
next prev parent reply other threads:[~2021-09-06 3:02 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 16:44 [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 01/10] " Vijay Srivastava
2021-08-11 2:26 ` Xia, Chenbo
2021-08-13 8:38 ` Andrew Rybchenko
2021-08-13 9:23 ` Xia, Chenbo
2021-08-13 9:31 ` Andrew Rybchenko
2021-08-16 1:35 ` Xia, Chenbo
2021-08-13 15:34 ` Stephen Hemminger
2021-08-13 15:36 ` Stephen Hemminger
2021-10-29 11:32 ` Vijay Kumar Srivastava
2021-08-13 15:36 ` Stephen Hemminger
2021-10-28 18:13 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-08-30 9:16 ` Maxime Coquelin
2021-08-30 10:52 ` Xia, Chenbo
2021-09-03 13:19 ` Vijay Kumar Srivastava
2021-09-06 3:02 ` Xia, Chenbo [this message]
2021-10-01 17:31 ` Vijay Kumar Srivastava
2021-10-09 3:06 ` Xia, Chenbo
2021-10-18 10:06 ` Vijay Kumar Srivastava
2021-10-19 2:16 ` Xia, Chenbo
2021-10-25 6:11 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-08-30 9:34 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-08-30 9:35 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-08-30 9:39 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-08-30 11:35 ` Maxime Coquelin
2021-09-03 13:22 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-08-30 13:22 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-08-30 13:47 ` Maxime Coquelin
2021-09-03 13:20 ` Vijay Kumar Srivastava
2021-07-06 16:44 ` [dpdk-dev] [PATCH 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-08-30 13:58 ` Maxime Coquelin
2021-07-06 16:44 ` [dpdk-dev] [PATCH 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-07-07 8:30 ` [dpdk-dev] [PATCH 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-07-07 11:09 ` Andrew Rybchenko
2021-10-27 13:18 ` Maxime Coquelin
2021-10-27 15:04 ` Andrew Rybchenko
2021-10-27 19:56 ` Maxime Coquelin
2021-10-28 18:01 ` Vijay Kumar Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 " Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 01/10] " Vijay Srivastava
2021-10-28 8:21 ` Xia, Chenbo
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-10-28 7:54 ` [dpdk-dev] [PATCH v2 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-10-28 8:08 ` [dpdk-dev] [PATCH v2 00/10] vdpa/sfc: introduce Xilinx vDPA driver Xia, Chenbo
2021-10-28 8:11 ` Maxime Coquelin
2021-10-28 14:35 ` Maxime Coquelin
2021-10-28 18:03 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 " Vijay Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 01/10] " Vijay Srivastava
2021-10-29 20:07 ` Mattias Rönnblom
2021-11-01 8:13 ` Vijay Kumar Srivastava
2021-11-01 8:30 ` Xia, Chenbo
2021-11-01 8:59 ` Andrew Rybchenko
2021-11-01 9:10 ` Xia, Chenbo
2021-11-01 9:53 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-10-29 20:21 ` Mattias Rönnblom
2021-11-01 8:09 ` Andrew Rybchenko
2021-11-01 11:48 ` Xia, Chenbo
2021-11-02 4:38 ` Vijay Kumar Srivastava
2021-11-02 5:16 ` Xia, Chenbo
2021-11-02 9:50 ` Vijay Kumar Srivastava
2021-11-02 7:42 ` Vijay Kumar Srivastava
2021-11-02 7:50 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-02 7:09 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-02 7:10 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-02 7:35 ` Xia, Chenbo
2021-11-02 9:47 ` Vijay Kumar Srivastava
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-10-29 14:46 ` [dpdk-dev] [PATCH v3 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-02 8:18 ` Xia, Chenbo
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 01/10] " Vijay Srivastava
2021-11-04 9:28 ` Maxime Coquelin
2021-11-05 9:01 ` Ferruh Yigit
2021-11-05 9:03 ` Maxime Coquelin
2021-11-05 9:09 ` Ferruh Yigit
2021-11-05 9:13 ` Ferruh Yigit
2021-11-05 9:28 ` Andrew Rybchenko
2021-11-05 9:40 ` Ferruh Yigit
2021-11-08 9:34 ` Hemant Agrawal
2021-11-05 9:42 ` Ferruh Yigit
2021-11-05 10:07 ` Ferruh Yigit
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 02/10] vdpa/sfc: add support for device initialization Vijay Srivastava
2021-11-04 9:54 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 03/10] vdpa/sfc: add support to get device and protocol features Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 04/10] vdpa/sfc: get device supported max queue count Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 05/10] vdpa/sfc: add support to get VFIO device fd Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 06/10] vdpa/sfc: add support for dev conf and dev close ops Vijay Srivastava
2021-11-04 10:15 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 07/10] vdpa/sfc: add support to get queue notify area info Vijay Srivastava
2021-11-04 10:50 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 08/10] vdpa/sfc: add support for MAC filter config Vijay Srivastava
2021-11-04 10:58 ` Maxime Coquelin
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 09/10] vdpa/sfc: add support to set vring state Vijay Srivastava
2021-11-03 13:57 ` [dpdk-dev] [PATCH v4 10/10] vdpa/sfc: set a multicast filter during vDPA init Vijay Srivastava
2021-11-04 11:12 ` Maxime Coquelin
2021-11-04 13:07 ` [dpdk-dev] [PATCH v4 00/10] vdpa/sfc: introduce Xilinx vDPA driver Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR11MB4063E5A48FE41FCE96EE10AB9CD29@MN2PR11MB4063.namprd11.prod.outlook.com \
--to=chenbo.xia@intel.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=dev@dpdk.org \
--cc=hanand@xilinx.com \
--cc=maxime.coquelin@redhat.com \
--cc=praveenj@xilinx.com \
--cc=vsrivast@xilinx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).